290 matches found
CVE-2006-3020
Multiple cross-site scripting XSS vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 image and 2 PublisedDate parameters...
CVE-2006-3020
Multiple cross-site scripting XSS vulnerabilities in FullPhoto.asp in WS-Album 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 image and 2 PublisedDate parameters...
CVE-2006-2262
Cross-site scripting XSS vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in singapore 0.9.7 allows remote attackers to inject arbitrary web script or HTML via the image parameter...
CVE-2005-1930
Directory traversal vulnerability in the Crystal Report component rptserver.asp in Trend Micro ServerProtect Management Console 5.58, as used in Control Manager 2.5 and 3.0 and Damage Cleanup Server 1.1, and possibly earlier versions, allows remote attackers to read arbitrary files via the IMAGE...
CVE-2004-2266
CVE-2004-2266 affects Ansel 2.1 and earlier. The issue is a SQL injection vulnerability that allows remote attackers to modify SQL statements via the image parameter. According to the provided data, the NVD CVSS v2.0 base score is 7.5 (HIGH) with network attack vector, low attack complexity, no a...
CVE-2004-2266
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter...
CVE-2005-1896
Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 allows remote attackers to read arbitrary images or obtain the installation path via the image parameter...
CVE-2005-1403
Multiple cross-site scripting XSS vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the 1 image parameter to closeup.php, the 2 currentIsExpanded or 3 searchFor parameters to index.php, 4 the currentNumber parameter to...
CVE-2004-2266
SQL injection vulnerability in Ansel 2.1 and earlier allows remote attackers to modify SQL statements via the image parameter...