3701 matches found
CVE-2006-1234
SQL injection vulnerability in index.php in DSCounter 1.2, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field HTTPXFORWARDEDFOR environment variable in an HTTP header...
CVE-2006-1234
SQL injection vulnerability in index.php in DSCounter 1.2, with magicquotesgpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field HTTPXFORWARDEDFOR environment variable in an HTTP header...
linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+
Exploit for linux/x86 platform in category shellcode ===================================================== linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ ===================================================== / linux/x86 HTTP/1.x GET, Downloads and JMP - 68 bytes+ This shellcode allows you ...
Cross site scripting
Cross-site scripting XSS vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For XFORWARDEDFOR HTTP header, which is not properly handled when adding a comment to an album...
CVE-2006-1127
Cross-site scripting XSS vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For XFORWARDEDFOR HTTP header, which is not properly handled when adding a comment to an album...
Design/Logic Flaw
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For XFORWARDEDFOR HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTEADDR...
CVE-2006-1126
Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For XFORWARDEDFOR HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTEADDR...
CVE-2006-1127
CVE-2006-1127 describes a cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2. A remote attacker can inject arbitrary script/HTML through the X-Forwarded-For header when adding a comment to an album. Reported sources (e.g., Exploit-DB/Nessus entries) corroborate multiple Gallery 2 v...
Sql injection
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...
CVE-2006-1084
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...
CVE-2006-1012
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...
Sql injection
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...
CVE-2006-1012
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...
WordPress <= 1.5.2 - SQL injection
Because of this vulnerability, attackers can execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Solution Update the WordPress to the latest available version at least 1.5.3...
Gallery < 2.0.3 GalleryUtilities.class X_FORWARDED_FOR HTTP Header XSS
Binary data 3457.prm...
Gallery < 2.0.3 IP Spoofing
The version of Gallery hosted on the remote web server allows an attacker to spoof the IP address with a bogus 'XFORWARDEDFOR' HTTP header. In addition, an authenticated attacker can reportedly leverage this flaw to launch cross-site scripting attacks by adding comments to a photo. The applicatio...
Cross site scripting
Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...
CVE-2006-0896
Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...
CVE-2006-0896
Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...
CVE-2006-0864
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...