7208 matches found
CVE-2004-0737
CVE-2004-0737 concerns Php-Nuke’s Search module (index.php). The advisory notes multiple cross-site scripting vulnerabilities exploitable through 11 parameters (sid, max, sel1–sel5, match, mod1–mod3), allowing remote injection of arbitrary script/HTML. The root cause implied is insufficient input...
Invision Power Services Invision Gallery 1.0.1 - Multiple SQL Injections
source: https://www.securityfocus.com/bid/9944/info It has been reported that Invision Gallery may be prone to multiple sql injection vulnerabilities, allowing an attacker to influence SQL query logic. The issues exist due to insufficient sanitization of user-supplied data via the 'img', 'cat',...
Invision Power Top Site List 1.0/1.1 - 'id' SQL Injection
source: https://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. The issue exists due t...
CVE-2004-0302
CVE-2004-0302 describes a directory traversal vulnerability in OWLS 1.0, where remote attackers could read arbitrary files by manipulating the .. (dot dot) in parameters of index.php (file), glossary.php (editfile), or newmultiplechoice.php (editfile). The issue is documented across multiple sour...
CVE-2004-0302
Directory traversal vulnerability in OWLS 1.0 allows remote attackers to read arbitrary files via a .. dot dot in the 1 file parameter in index.php, 2 editfile in glossary.php, or 3 editfile in newmultiplechoice.php...
CVE-2004-1826
SQL injection vulnerability in index.php in Mambo Open Source 4.5 stable 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter...
Mambo Open Source 4.5 - index.php SQL Injection
Mambo Open Source 4.5 - index.php SQL Injection source: https://www.securityfocus.com/bid/9891/info It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. As...
Mambo Open Source 4.5 - index.php Multiple Cross-Site Scripting Vulnerabilities
Mambo Open Source 4.5 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properl...
Mambo Open Source 4.5 - index.php?mos_change_template Cross-Site Scripting
Mambo Open Source 4.5 - index.php?moschangetemplate Cross-Site Scripting source: https://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly...
Mambo Open Source 4.5 - 'index.php' Multiple Cross-Site Scripting Vulnerabilities
source: https://www.securityfocus.com/bid/9890/info It has been reported that the Mambo 'index.php' script is prone to a cross-site scripting vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. This issue could permit a remote attacker to...
Kietu 23 - index.php Remote File Inclusion
Kietu 23 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/9499/info A flaw exists in the Kietu 'index.php' script that may permit remote attackers to include malicious remote files. Remote users may influence the include path for the 'config.php' configuration file, whi...
CVE-2004-0067
CVE-2004-0067 describes multiple cross-site scripting (XSS) vulnerabilities in phpGedView prior to 2.65. The issue allows remote attackers to inject arbitrary HTML or JavaScript through numerous PHP/WEB pages (e.g., descendancy.php, index.php, individual.php, login.php, relationship.php, source.p...
CVE-2003-1231
Cross-site scripting XSS vulnerability in index.php in ECW-Shop 5.5 allows remote attackers to inject arbitrary web script or HTML via the cat parameter...
PHP-Nuke 6.x - Category SQL Injection
PHP-Nuke 6.x - Category SQL Injection source: https://www.securityfocus.com/bid/9630/info It has been reported that PHPNuke may prone to a SQL injection vulnerability, due to insufficient sanitization user-supplied input. The problem is reported to exist in the $category variable contained within...
Gallery 1.4 - index.php Remote File Inclusion
Gallery 1.4 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includ...
Gallery 1.4 - 'index.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/8814/info It has been reported that Gallery is prone to a remote file include vulnerability in the index.php script file. The problem occurs due to the program failing to verify the location in which it includes the util.php script, when handling specific...
Invision Power Board (IP.Board) 1.x - 'index.php' showtopic Cross-Site Scripting
source: https://www.securityfocus.com/bid/8575/info Invision Power Board is prone to a cross-site scripting vulnerability. It has been reported that a remote attacker may construct a malicious link to the index.php script and supply arbitrary HTML code as a value for the 'showtopic' URI parameter...
PHPOutSourcing Zorum 3.x - Cross-Site Scripting
PHPOutSourcing Zorum 3.x - Cross-Site Scripting source: https://www.securityfocus.com/bid/8388/info A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of...
PHPOutSourcing Zorum 3.x - Cross-Site Scripting
source: https://www.securityfocus.com/bid/8388/info A cross-site scripting vulnerability has been reported in the index.php script of PHPOutSourcing Zorum. Because of this, an attacker may be able to execute HTML and script code in the browsers of target users in the security context of the site...
EZ Publish 2.2 - index.php IMG Tag Cross-Site Scripting
EZ Publish 2.2 - index.php IMG Tag Cross-Site Scripting source: https://www.securityfocus.com/bid/7616/info A cross-site scripting vulnerability has been reported for eZ publish. Specifically, eZ publish does not sufficiently sanitize user-supplied input supplied to the 'index.php' script. This m...