CVE-2006-2091

admin.php in Virtual War VWar 1.5 and versions before 1.2 allows remote attackers to obtain sensitive information via an invalid vwarroot parameter, which reveals the path in an error message...

CVE-2006-2096

plug.php in Land Down Under LDU 802 and earlier allows remote attackers to obtain sensitive information via an invalid 1 month or 2 year parameter, which reveals the path in an error message...

Design/Logic Flaw

Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message...

Sql injection

SQL injection vulnerability in page.php in SLsite 1.0 allows remote attackers to execute arbitrary SQL commands via the idpage parameter. NOTE: this issue could be used to produce resultant XSS from an error message...

CVE-2006-2013

SQL injection vulnerability in page.php in SLsite 1.0 allows remote attackers to execute arbitrary SQL commands via the idpage parameter. NOTE: this issue could be used to produce resultant XSS from an error message...

CVE-2006-2013

SQL injection vulnerability in page.php in SLsite 1.0 allows remote attackers to execute arbitrary SQL commands via the idpage parameter. NOTE: this issue could be used to produce resultant XSS from an error message...

Design/Logic Flaw

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message...

CVE-2006-1956

The comrss option rss.php in 1 Mambo and 2 Joomla! allows remote attackers to obtain sensitive information via an invalid feed parameter, which reveals the path in an error message...

Design/Logic Flaw

index.php in Lifetype 1.0.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which reveals the path in an error message...

Directory traversal

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message...

CVE-2006-1823

Directory traversal vulnerability in FarsiNews 2.5.3 Pro and earlier allows remote attackers to obtain the installation path via ".." sequences in the archive parameter to index.php, which leaks the full pathname in an error message...

Cross site scripting

Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name...

CVE-2006-1761

CVE-2006-1761 describes a cross-site scripting vulnerability in blur6ex 0.3.452, where the error message in index.php is not sanitised, allowing remote attackers to inject arbitrary web script or HTML via the errormsg parameter. The issue is explicitly tied to the errormsg field (the shard parame...

CVE-2006-1761

Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in the shard parameter is not XSS and has been assigned a separate name...

CVE-2006-1681

Cross-site scripting XSS vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated...

Cherokee web server crossite scripting

Crossite scripting on error message...

Design/Logic Flaw

LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucidphplib/translator.php, which reveals the path in an error message...

CVE-2006-1635

LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucidphplib/translator.php, which reveals the path in an error message...

CVE-2006-1635

LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucidphplib/translator.php, which reveals the path in an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...