Design/Logic Flaw

Jetty 8.1.0.RC2 and earlier computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service CPU consumption by sending many crafted parameters...

CVE-2008-5729

CVE-2008-5729 describes multiple cross-site scripting (XSS) vulnerabilities in AIST NetCat 3.12 and earlier. The issues allow remote attackers to inject arbitrary web script or HTML via three vectors: (1) the form and (2) the control parameters to FCKeditor/neditor.php, and (3) the path parameter...

PT-2007-5296 · Phphostbot · Phphostbot

Name of the Vulnerable Software and Affected Versions: PhpHostBot affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the login form parameter in the library/authorize.php file. Recommendations: At the moment, there is no...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...

CVE-2007-2578

Unspecified vulnerability in search/list/actionsearch/index.php in ACP3 4.0 beta 3 allows remote attackers to have unknown impact, relating to "Cookie Manipulation", via the formsearchterm parameter...

CVE-2006-3526

Multiple cross-site scripting XSS vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 name and 2 form parameters...