7210 matches found
CVE-2005-3592
The CVE-2005-3592 entry documents a path disclosure vulnerability in CuteNews 1.4.0 and earlier. An attacker can trigger an error message (for example by supplying multiple ../ sequences in the archive parameter) to obtain the installation path of the application. This is a information-disclosure...
CVE-2005-3558
CVE-2005-3558 affects OSTE 1.0, with a PHP file inclusion vulnerability in index.php. The issue allows remote attackers to execute arbitrary code via the (1) page and (2) site parameters. The description indicates that the vulnerability stems from PHP file inclusion, leading to potential code exe...
PEEL 2.x sql injection
PEEL 2.x sql injection Author: r0t hackers.by.lv Date: 14. nov 2005 software: PEEL 2.x vendor: http://peel.fr/ Tested on 2.6 and 2.7 version Vulnerability Description: contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script...
CVE-2005-3512
Cross-site scripting XSS vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action...
CVE-2005-3512
Vulnerability: CVE-2005-3512 affects VUBB alpha rc1 (index.php) where the t parameter in the newreply action is vulnerable to reflected XSS. Root cause is improper handling of the t parameter in the newreply flow, enabling injection of arbitrary script/HTML. Impact per provided details is partial...
CVE-2005-3514
Chipmunk Forum XSS vulnerability CVE-2005-3514 affects the Chipmunk Forum script (Chipmunk Forum
CVE-2005-3513
The CVE refers to VUBB alpha rc1 where index.php exposes the installation path via a viewforum action when the f parameter is set to a single quote ('). This is a remote, unauthenticated disclosure vulnerability in the VUBB application. Affected component: VUBB alpha rc1, specifically the viewfor...
CVE-2005-3513
index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote '...
CVE-2005-3512
Cross-site scripting XSS vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action...
PT-2005-4313 · Chipmunk Scripts · Chipmunk Scripts Guestbook
Name of the Vulnerable Software and Affected Versions: Chipmunk Scripts Guestbook affected versions not specified Description: The issue allows remote attackers to obtain the installation path of the script by causing an error message to be displayed. This can be achieved through a URL that...
CVE-2005-3478
CVE-2005-3478 is a SQL injection flaw in PHPCafe.net Tutorials Manager 1.0 Beta 2, exploitable via the id parameter in index.php. The vulnerability enables remote SQL command execution. CVSS v2 metrics from NVD indicate a base score of 7.5 (HIGH) with network attack vector, low attack complexity,...
CVE-2005-3478
SQL injection vulnerability in index.php in PHPCafe.net Tutorials Manager 1.0 Beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter...
CuteNews index.php XSS
The version of CuteNews installed on the remote host is vulnerable to a cross-site-scripting XSS attack. SPDX-FileCopyrightText: 2004 David Maciejak Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...
Mambo Site Server index.php mos_change_template XSS
An attacker may use the installed version of Mambo Site Server to perform a cross site scripting attack on this host. OpenVAS Vulnerability Test $Id: mamboxss3.nasl 9087 2018-03-12 17:24:24Z cfischer $ Description: Mambo Site Server index.php moschangetemplate XSS Authors: David Maciejak Updated:...
CVE-2005-3432
The CVE-2005-3432 issue affects MiniGal 2 (MG2) 0.5.1, where a remote attacker can cause listing of password-protected images by sending a request to index.php with list = * and page = all. The public sources describe the vulnerability as an information-disclosure flaw allowing access to protecte...
CVE-2005-3432
MiniGal 2 MG2 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to wildcard and the page parameter set to all...
Invision Gallery 2.0.3 - 'index.php' SQL Injection
source: https://www.securityfocus.com/bid/15240/info Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...
Invision Gallery 2.0.3 - index.php SQL Injection
Invision Gallery 2.0.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/15240/info Invision Gallery is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
CVE-2005-3365
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via 1 the name parameter in register.php, 2 the email parameter in lostpassword.php, 3 the year parameter in calendar.php, and the 4...
CVE-2005-3365
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via 1 the name parameter in register.php, 2 the email parameter in lostpassword.php, 3 the year parameter in calendar.php, and the 4...