7210 matches found
CVE-2006-7072
Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...
CVE-2007-1136
index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous...
Directory traversal
Directory traversal vulnerability in index.php in xtcommerce allows remote attackers to read arbitrary files via a .. dot dot in the template parameter...
CVE-2007-1126
CVE-2007-1126 affects xtcommerce via a directory-traversal flaw in index.php where the template parameter can be manipulated with .. to read arbitrary files. The root cause is improper sanitization of the template parameter, enabling unauthorized file access. Documentation lists the vulnerability...
CVE-2007-1108
The CVE-2007-1108 entry describes a PHP remote file inclusion vulnerability in the index.php of Christian Schneider CS-Gallery 2.0 and earlier. The issue allows remote attackers to execute arbitrary PHP code by supplying a URL in the album parameter during a securealbum todo action. Affected soft...
CVE-2007-1101
Multiple cross-site scripting XSS vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the 1 message "comment" or 2 name field, or the 3 q parameter in a search action in index.php...
CS-Gallery 2.0 (index.php album) Remote File Include Exploit
Exploit for unknown platform in category web applications ============================================================ CS-Gallery 2.0 index.php album Remote File Include Exploit ============================================================ ?php //File Inclusion Exploit for CSGallery = 2.0 //|...
flashgame154-rfi.txt
-------------------------------------------------------- Author : JuMp-Er Date : feb, 21th 2007 Level : Dangerous contact: : aH-crewathotmaildotcom -------------------------------------------------------- Software description -------------------------------------------------------- App...
PhotoStand 1.2 - 'index.php' Cross-Site Scripting
source: https://www.securityfocus.com/bid/22707/info PhotoStand is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...
FlashGameScript 1.5.4 (index.php func) Remote File Include Vulnerability
No description provided by source. / | \ / / \ \/ / / / / \ Y / // \| | / / / /\| / \ | \ /\/ / / / / -------------------------------------------------------- Author &...
FlashGameScript 1.5.4 (index.php func) Remote File Include Vulnerability
Exploit for unknown platform in category web applications ======================================================================== FlashGameScript 1.5.4 index.php func Remote File Include Vulnerability ======================================================================== / | \ \ \ / \ / \ / ...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...
CVE-2007-1050
Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...
CVE-2007-1052
CVE-2007-1052 affects PBLang (PBL) up to version 4.60 (and earlier); a PHP remote file inclusion vulnerability exists in index.php via the dbpath parameter that can allow remote code execution. The description notes this is a different vector than CVE-2006-5062 and includes a dispute context for ...
CVE-2007-1055
CVE-2007-1055 is an XSS vulnerability in MediaWiki’s AJAX features (index.php) affecting MediaWiki 1.9.x before 1.9.0rc2 and 1.8.2 and earlier. The issue allows remote attackers to inject arbitrary script/HTML via the rs parameter. It is noted as possibly a duplicate of CVE-2007-0177. The connect...
EUVD-2007-1047
Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...
CVE-2007-1054
Cross-site scripting XSS vulnerability in the AJAX features in index.php in MediaWiki 1.6.x through 1.9.2, when $wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 encoded value of the rs parameter, which is processed by Internet Explorer...
CVE-2007-1050
Multiple cross-site scripting XSS vulnerabilities in index.php in AbleDesign MyCalendar allow remote attackers to inject arbitrary web script or HTML via 1 the go parameter, 2 the keyword parameter in the search menu go=search, or 3 the username or 4 the password in a go=Login action...
CVE-2007-1050
CVE-2007-1050 describes multiple cross-site scripting (XSS) vulnerabilities in index.php of AbleDesign MyCalendar. The issue allows remote attackers to inject arbitrary web script or HTML via the following input points: (1) the go parameter, (2) the keyword parameter in the search menu (go=search...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter...