Lucene search
K

1489 matches found

CVE
CVE
added 2006/09/23 10:0 a.m.48 views

CVE-2006-4957

CVE-2006-4957 corresponds to a SQL injection in MyReview 1.9.4. The GetMember function in functions.php fails to sanitize the email parameter used by Admin.php, enabling remote attackers to execute arbitrary SQL. Exploitation details are supported by multiple sources (NVD/Nessus references). The ...

7.5CVSS8.4AI score0.01086EPSS
Exploits1References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/09/19 12:0 a.m.22 views

MyReview Admin.php email Parameter SQL Injection

The remote host is running MyReview, an open source paper submission and review web application. The version of MyReview installed on the remote host fails to properly sanitize input to the 'email' parameter before using it in the 'GetMember' function in a database query. Regardless of PHP's...

7.5CVSS5.6AI score0.01086EPSS
Exploits1References1
NVD
NVD
added 2006/09/07 12:4 a.m.17 views

CVE-2006-4606

Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the 1 idtemas parameter in busquedatema.php, the 2 cadena parameter in busqueda.php, the 3 idautor parameter in autor.php, the 4 email parameter in lista.php, an...

7.5CVSS8.5AI score0.02374EPSS
Exploits0References15
Cvelist
Cvelist
added 2006/09/07 12:0 a.m.24 views

CVE-2006-4606

Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the 1 idtemas parameter in busquedatema.php, the 2 cadena parameter in busqueda.php, the 3 idautor parameter in autor.php, the 4 email parameter in lista.php, an...

8.5AI score0.02374EPSS
Exploits0References15
Cvelist
Cvelist
added 2006/09/07 12:0 a.m.25 views

CVE-2006-4608

Multiple cross-site scripting XSS vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 cadena parameter in busqueda.php and the 2 email parameter in lista.php...

5.8AI score0.04862EPSS
Exploits1References8
Cvelist
Cvelist
added 2006/09/01 11:0 p.m.25 views

CVE-2006-4528

Multiple cross-site scripting XSS vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 recherche parameter in recherchemembre.php and the 2 email parameter in test.php...

5.8AI score0.01313EPSS
Exploits0References7
CVE
CVE
added 2006/09/01 11:0 p.m.47 views

CVE-2006-4528

Multiple cross-site scripting (XSS) vulnerabilities affect membrepass 1.5, allowing remote attackers to inject arbitrary script or HTML via the (1) recherche parameter in recherchermembre.php and the (2) email parameter in test.php. The NVD entry confirms these XSS flaws and lists CVE-2006-4528 a...

4.3CVSS6AI score0.01313EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2006/08/23 1:0 a.m.13 views

CVE-2006-4295

Cross-site scripting XSS vulnerability in ascan6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter...

5.7AI score0.01689EPSS
Exploits1References4
CVE
CVE
added 2006/07/10 8:0 p.m.50 views

CVE-2006-3482

The CVE-2006-3482 entry details a cross-site scripting (XSS) vulnerability in PHPMailList’s maillist.php file, affecting PHPMailList 1.8.0 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the email parameter, indicating a client-side impact on web applicati...

2.6CVSS6AI score0.01269EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2006/07/10 8:0 p.m.15 views

CVE-2006-3482

Cross-site scripting XSS vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter...

5.7AI score0.01269EPSS
Exploits0References6
NVD
NVD
added 2006/06/28 10:5 p.m.17 views

CVE-2006-3279

Cross-site scripting XSS vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the 1 Sex parameter in index.php, 2 ProfileType parameter in joinform.php, and 3 Email parameter in forgot.php...

4.3CVSS5.7AI score0.01317EPSS
Exploits0References7
NVD
NVD
added 2006/06/19 10:2 a.m.11 views

CVE-2006-3013

Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...

5.1CVSS8.1AI score0.02052EPSS
Exploits2References9
Packet Storm
Packet Storm
added 2006/06/12 12:0 a.m.34 views

GUESTEX-exec.pl.txt

Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it's 'email' parameter. $form'email' is used when openni...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/06/08 12:0 a.m.17 views

Guestex Guestbook 1.00 - email Remote Code Execution

Guestex Guestbook 1.00 - email Remote Code Execution Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it'...

8.1AI score
Exploits0
seebug.org
seebug.org
added 2006/06/08 12:0 a.m.19 views

Guestex Guestbook 1.00 (email) Remote Code Execution Exploit

No description provided by source. Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it's 'email' paramete...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/06/08 12:0 a.m.43 views

Guestex Guestbook 1.00 - 'email' Remote Code Execution

Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it's 'email' parameter. $form'email' is used when openni...

7.4AI score
Exploits0
NVD
NVD
added 2006/06/02 10:18 a.m.14 views

CVE-2006-2772

Cross-site scripting XSS vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...

6.8CVSS5.6AI score0.01439EPSS
Exploits1References4
Prion
Prion
added 2006/05/26 1:6 a.m.13 views

Information disclosure

artmedic newsletter 4.1.2 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletterlog.php. NOTE: the provenance of this information is unknown; the details are obtained sole...

5.1CVSS7.9AI score0.01092EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2006/05/24 11:2 p.m.13 views

CVE-2006-2572

Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...

2.6CVSS5.7AI score0.01366EPSS
Exploits0References8
Prion
Prion
added 2006/05/24 11:2 p.m.16 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...

2.6CVSS6.2AI score0.01366EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder