AutoIndex PHP Script index.php search Parameter XSS

The remote host is running AutoIndex, a free PHP script for indexing files in a directory. The installed version of AutoIndex fails to properly sanitize user-supplied input to the 'search' parameter of the 'index.php' script. By leveraging this flaw, an attacker may be able to cause arbitrary HTM...

CVE-2005-2422

Cross-site scripting XSS vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter...

CVE-2005-2421

Technical details about CVE-2005-2421 are not publicly available in the provided connected documents. Monitor for updates to identify affected products, root cause, impact, and fixes.

PHPList admin/index.php id Parameter SQL Injection

Binary data 3152.prm...

CVE-2005-2392

Cross-site scripting XSS vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function...

CVE-2005-2393

Cross-site scripting XSS vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via 1 the lastusername parameter to index.php or 2 selectedsearcharch parameter to search.php...

CVE-2005-2392

CMSimple is affected by a cross-site scripting (XSS) vulnerability in index.php via the search parameter in the search function. The issue affects CMSimple 2.4 and earlier, arising from failure to sanitize user-supplied input in the search field. Public references in the provided documents confir...

CVE-2004-2222

Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter...

CVE-2004-2222

The CVE-2004-2222 entry describes a directory-traversal vulnerability in FsPHPGallery prior to version 1.2, where an attacker can use the dir parameter in index.php to list arbitrary directories. Affected software: FsPHPGallery before 1.2. Cause: improper handling of the dir parameter leading to ...

CVE-2001-1526

Cross-site scripting XSS vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter...

CVE-2002-1996

Cross-site scripting XSS vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name parameter in modules.php and 2 catid parameter in index.php...

CVE-2005-2197

SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php...

CVE-2004-2180

WowBB Forum 1.61 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow attackers to inject arbitrary script/HTML via numerous vectors: country (view_user.php), show (view_forum.php), letter (view_user.php), highlight (view_topic.php), show (inde...

CVE-2004-2195

Zanfi CMS Lite 1.1 is affected by a PHP remote file inclusion in index.php via the inc parameter, leading to arbitrary PHP code execution. The issue is a file inclusion vulnerability in Zanfi CMS Lite’s index.php that allows an attacker to have the remote script include and run attacker-controlle...

CVE-2005-2166

CVE-2005-2166 targets Plague News System (version 0.6 and earlier). The vulnerability is a SQL injection in index.php via the cid parameter, enabling remote attackers to execute arbitrary SQL commands. Connected PT-2005-3098 notes affected versions and confirms no publicly known fix in newer vers...

CVE-2005-2166

SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...

CVE-2005-2138

CVE-2005-2138 describes a Cross-site Scripting (XSS) vulnerability in the Comdev eCommerce 3.0 and 3.1 product line, specifically in index.php. The flaw allows remote attackers to inject arbitrary web script or HTML by injecting Javascript into the onMouseOver event of an anchor tag in a review m...

Plague News System 0.7 - CID Cross-Site Scripting

Plague News System 0.7 - CID Cross-Site Scripting source: https://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An...

CVE-2002-1884

index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin"...

CVE-2005-2053

Just another flat file JAF CMS before 3.0 Final allows remote attackers to obtain sensitive information via 1 an asterisk in the id parameter, 2 a blank id parameter, or 3 an asterisk in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that th...