Lucene search
K

7210 matches found

Cvelist
Cvelist
added 2007/02/27 6:0 p.m.24 views

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

5.7AI score0.02221EPSS
Exploits1References9
Cvelist
Cvelist
added 2007/02/27 6:0 p.m.20 views

CVE-2007-1136

index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...

7.9AI score0.02195EPSS
Exploits0References5
Prion
Prion
added 2007/02/27 2:28 a.m.16 views

Directory traversal

Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. dot dot in the template parameter...

5CVSS7.1AI score0.05467EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/02/27 2:0 a.m.53 views

CVE-2007-1126

CVE-2007-1126 affects xtcommerce via a directory-traversal flaw in index.php where the template parameter can be manipulated with .. to read arbitrary files. The root cause is improper sanitization of the template parameter, enabling unauthorized file access. Documentation lists the vulnerability...

5CVSS6.6AI score0.05467EPSS
Exploits0References7Affected Software1
CVE
CVE
added 2007/02/26 5:0 p.m.54 views

CVE-2007-1108

The CVE-2007-1108 entry describes a PHP remote file inclusion vulnerability in the index.php of Christian Schneider CS-Gallery 2.0 and earlier. The issue allows remote attackers to execute arbitrary PHP code by supplying a URL in the album parameter during a securealbum todo action. Affected soft...

6.8CVSS7.6AI score0.02758EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2007/02/26 5:0 p.m.24 views

CVE-2007-1101

Multiple cross-site scripting XSS vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 message "comment" or 2 name field, or the 3 q parameter in a search action in index.php...

5.8AI score0.01922EPSS
Exploits0References8
0day.today
0day.today
added 2007/02/24 12:0 a.m.35 views

CS-Gallery 2.0 (index.php album) Remote File Include Exploit

Exploit for unknown platform in category web applications ============================================================ CS-Gallery 2.0 index.php album Remote File Include Exploit ============================================================ ?php //File Inclusion Exploit for CSGallery = 2.0 //|...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2007/02/24 12:0 a.m.35 views

flashgame154-rfi.txt

-------------------------------------------------------- Author : JuMp-Er Date : feb, 21th 2007 Level : Dangerous contact: : aH-crewathotmaildotcom -------------------------------------------------------- Software description -------------------------------------------------------- App...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2007/02/24 12:0 a.m.30 views

PhotoStand 1.2 - 'index.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/22707/info PhotoStand is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2007/02/23 12:0 a.m.30 views

FlashGameScript 1.5.4 (index.php func) Remote File Include Vulnerability

No description provided by source. / | \ / / \ \/ / / / / \ Y / // \| | / / / /\| / \ | \ /\/ / / / / -------------------------------------------------------- Author &...

7.1AI score
Exploits0
0day.today
0day.today
added 2007/02/22 12:0 a.m.18 views

FlashGameScript 1.5.4 (index.php func) Remote File Include Vulnerability

Exploit for unknown platform in category web applications ======================================================================== FlashGameScript 1.5.4 index.php func Remote File Include Vulnerability ======================================================================== / | \ \ \ / \ / \ / ...

7.1AI score
Exploits0
Prion
Prion
added 2007/02/21 11:28 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...

4.3CVSS6.2AI score0.04934EPSS
Exploits1References10
NVD
NVD
added 2007/02/21 11:28 p.m.13 views

CVE-2007-1050

Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...

4.3CVSS5.9AI score0.04934EPSS
Exploits1References10
CVE
CVE
added 2007/02/21 11:0 p.m.56 views

CVE-2007-1052

CVE-2007-1052 affects PBLang (PBL) up to version 4.60 (and earlier); a PHP remote file inclusion vulnerability exists in index.php via the dbpath parameter that can allow remote code execution. The description notes this is a different vector than CVE-2006-5062 and includes a dispute context for ...

10CVSS7.6AI score0.02164EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2007/02/21 11:0 p.m.60 views

CVE-2007-1055

CVE-2007-1055 is an XSS vulnerability in MediaWiki’s AJAX features (index.php) affecting MediaWiki 1.9.x before 1.9.0rc2 and 1.8.2 and earlier. The issue allows remote attackers to inject arbitrary script/HTML via the rs parameter. It is noted as possibly a duplicate of CVE-2007-0177. The connect...

6.8CVSS5.6AI score0.0207EPSS
Exploits1References6Affected Software1
EUVD
EUVD
added 2007/02/21 11:0 p.m.6 views

EUVD-2007-1047

Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...

4.3CVSS5.9AI score0.04934EPSS
Exploits1References10
Cvelist
Cvelist
added 2007/02/21 11:0 p.m.33 views

CVE-2007-1054

Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...

5.5AI score0.01944EPSS
Exploits1References10
Cvelist
Cvelist
added 2007/02/21 11:0 p.m.22 views

CVE-2007-1050

Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...

5.9AI score0.04934EPSS
Exploits1References10
CVE
CVE
added 2007/02/21 11:0 p.m.55 views

CVE-2007-1050

CVE-2007-1050 describes multiple cross-site scripting (XSS) vulnerabilities in index.php of AbleDesign MyCalendar. The issue allows remote attackers to inject arbitrary web script or HTML via the following input points: (1) the go parameter, (2) the keyword parameter in the search menu (go=search...

4.3CVSS5.9AI score0.04934EPSS
Exploits1References10Affected Software1
Prion
Prion
added 2007/02/21 11:28 a.m.11 views

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter...

6.8CVSS6.1AI score0.04841EPSS
Exploits1References8Affected Software1
Rows per page
Query Builder