Cross site scripting

Cross-site scripting XSS vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific...

CVE-2007-6135

Cross-site scripting XSS vulnerability in phpslideshow.php in PHPSlideShow 0.9.9.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the directory parameter. NOTE: this issue was originally reported for toonchapter8.php, but this is probably a site-specific...

CVE-2007-3229

index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message...

CVE-2007-1143

Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. dot dot in the dir parameter...

PT-2006-6188 · Softerra · Softerra Php Developer Library

Name of the Vulnerable Software and Affected Versions: Softerra PHP Developer Library versions 1.5.3 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary PHP code via the lib dir parameter. Recommendations: For Softerra PHP Developer Library versions...

PT-2006-5969 · Phpwebsite · Phpwebsite

Name of the Vulnerable Software and Affected Versions: phpWebSite version 0.10.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the PHPWS SOURCE DIR parameter in multiple PHP files, including init.php, users.php, Cookie.php, forms.php, Groups.php,...