1489 matches found
CVE-2006-4957
CVE-2006-4957 corresponds to a SQL injection in MyReview 1.9.4. The GetMember function in functions.php fails to sanitize the email parameter used by Admin.php, enabling remote attackers to execute arbitrary SQL. Exploitation details are supported by multiple sources (NVD/Nessus references). The ...
MyReview Admin.php email Parameter SQL Injection
The remote host is running MyReview, an open source paper submission and review web application. The version of MyReview installed on the remote host fails to properly sanitize input to the 'email' parameter before using it in the 'GetMember' function in a database query. Regardless of PHP's...
CVE-2006-4606
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the 1 idtemas parameter in busquedatema.php, the 2 cadena parameter in busqueda.php, the 3 idautor parameter in autor.php, the 4 email parameter in lista.php, an...
CVE-2006-4606
Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the 1 idtemas parameter in busquedatema.php, the 2 cadena parameter in busqueda.php, the 3 idautor parameter in autor.php, the 4 email parameter in lista.php, an...
CVE-2006-4608
Multiple cross-site scripting XSS vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 cadena parameter in busqueda.php and the 2 email parameter in lista.php...
CVE-2006-4528
Multiple cross-site scripting XSS vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 recherche parameter in recherchemembre.php and the 2 email parameter in test.php...
CVE-2006-4528
Multiple cross-site scripting (XSS) vulnerabilities affect membrepass 1.5, allowing remote attackers to inject arbitrary script or HTML via the (1) recherche parameter in recherchermembre.php and the (2) email parameter in test.php. The NVD entry confirms these XSS flaws and lists CVE-2006-4528 a...
CVE-2006-4295
Cross-site scripting XSS vulnerability in ascan6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter...
CVE-2006-3482
The CVE-2006-3482 entry details a cross-site scripting (XSS) vulnerability in PHPMailList’s maillist.php file, affecting PHPMailList 1.8.0 and earlier. The flaw allows remote attackers to inject arbitrary web script or HTML via the email parameter, indicating a client-side impact on web applicati...
CVE-2006-3482
Cross-site scripting XSS vulnerability in maillist.php in PHPMailList 1.8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter...
CVE-2006-3279
Cross-site scripting XSS vulnerability in aeDating 4.1 allows remote attackers to inject arbitrary web script or HTML via the 1 Sex parameter in index.php, 2 ProfileType parameter in joinform.php, and 3 Email parameter in forgot.php...
CVE-2006-3013
Interpretation conflict in resetpw.php in phpBannerExchange before 2.0 Update 6 allows remote attackers to execute arbitrary SQL commands via an email parameter containing a null %00 character after a valid e-mail address, which passes the validation check in the eregi PHP command. NOTE: it could...
GUESTEX-exec.pl.txt
Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it's 'email' parameter. $form'email' is used when openni...
Guestex Guestbook 1.00 - email Remote Code Execution
Guestex Guestbook 1.00 - email Remote Code Execution Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it'...
Guestex Guestbook 1.00 (email) Remote Code Execution Exploit
No description provided by source. Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it's 'email' paramete...
Guestex Guestbook 1.00 - 'email' Remote Code Execution
Creator: K-sPecial xzziroz.net of .aware awarenetwork.org Name: GUESTEX-exec.pl Date: 06/07/2006 Version: 1.00 1.00 06/07/2006 - GUESTEX-exec.pl created Description: GUESTEX guestbook is vulnerable to remote code execution in how it handles it's 'email' parameter. $form'email' is used when openni...
CVE-2006-2772
Cross-site scripting XSS vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 email, and 3 headline parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third...
Information disclosure
artmedic newsletter 4.1.2 and possibly other versions, when registerglobals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletterlog.php. NOTE: the provenance of this information is unknown; the details are obtained sole...
CVE-2006-2572
Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 name, 2 homepage, 3 email, and 4 address parameters...