Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via 1 ftp/index.php, 2 viewer.php, 3 functions/other.php, 4 include/leftmenu.class.php, and 5 plugins/stats/statsview.php...

CVE-2008-1487

Multiple cross-site scripting XSS vulnerabilities in LinPHA before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via 1 ftp/index.php, 2 viewer.php, 3 functions/other.php, 4 include/leftmenu.class.php, and 5 plugins/stats/statsview.php...

CVE-2008-0645

Multiple PHP remote file inclusion vulnerabilities in Portail Web Php 2.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter to 1 config/conf-activation.php, 2 menu/item.php, and 3 modules/confmodules.php in admin/system/; and 4 system/login.php. NOTE: th...

BookmarkX script 2007 - topicid SQL Injection

BookmarkX script 2007 - topicid SQL Injection BookmarkX scriptPowered by GengoliaWebStudioSQL Injection AUTHOR : S@BUN HOME : http://www.hackturkiye.com/ DorKs 1 : "2007 BookmarkX script" DORKS 2 : Powered by GengoliaWebStudio DORK 3 : allinurl :"index.php?menu=showtopic" EXPLOIT :...

CVE-2008-0545

CVE-2008-0545 describes multiple directory traversal vulnerabilities in Bubbling Library 1.32. The issue allows remote attackers to include and execute arbitrary local files via a .. in the uri parameter passed to dispatcher/framework/ templates (yui-menu.tpl.php, simple.tpl.php, advanced.tpl.php...

CVE-2007-4862

Cross-site scripting XSS vulnerability in admin/menu.php in SAXON 5.4 allows remote attackers to inject arbitrary web script or HTML via the confignewsurl parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...

CVE-2007-5577

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...

CVE-2007-5577

CVE-2007-5577 affects Joomla! (pre-1.0.13, aka Sunglow). The vulnerability allows remote XSS via the Section Manager’s Title/Section Name fields and multiple fields in New Menu Item, enabling injection of arbitrary script/HTML. Affected component/versions are stated; impact is client-side script ...

CVE-2007-5577

Multiple cross-site scripting XSS vulnerabilities in Joomla! before 1.0.13 aka Sunglow allow remote attackers to inject arbitrary web script or HTML via the 1 Title or 2 Section Name form fields in the Section Manager component, or 3 multiple unspecified fields in New Menu Item...

XPCNativeWraper pollution using Script object — Mozilla

Mozilla security researcher mozbugra4 reported that it was possible to use the Script object to modify XPCNativeWrappers in such a way that subsequent access by the browser chrome--such as by right-clicking to open a context menu--can cause attacker-supplied javascript to run with the same...

php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================ php wcms XT 0.0.7 Multiple Remote File Inclusion Vulnerabilities ================================================================ ?????????? ??????????????? ?????????????????...

[Aria-security] itcms 0.2 Cross-site Scripting (XSS)

Aria-Security Tilte: itcms 0.2 Cross-site Scripting XSS www.Aria-security.Com For English www.Aria-Security.net For Persian Author: YouYou Software: itcms Site Script:http://sourceforge.net/projects/itcms/ proof Of Concept : local/path/lang-en.php?wndtitle=Xss-script...

CVE-2007-4063

Multiple cross-site request forgery CSRF vulnerabilities in Drupal 5.x before 5.2 allow remote attackers to 1 delete comments, 2 delete content revisions, and 3 disable menu items as privileged users, related to improper use of HTTP GET and the Forms API...

drupal -- Cross site request forgeries

The Drupal Project reports: Several parts in Drupal core are not protected against cross site request forgeries due to inproper use of the Forms API, or by taking action solely on GET requests. Malicious users are able to delete comments and content revisions and disable menu items by enticing a...

[Full-disclosure] Papoo CMS 3.6 - SQL Injection

Papoo Content Management System Backend SQL Injection Jun 24 2007 Product Papoo Content Management System Vulnerable Versions Papoo 3.6 and maybe prior Vendor Status The Vendor was notified and the issue was fixed. A patch is available at http://www.papoo.de/index/menuid/204/reporeid/215 Details...

CVE-2007-3242

The Menu Manager Mod for 1 web-app.net WebAPP aka WebAPP NE 0.9.9.3.3 through 0.9.9.8, and 2 web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu...

CVE-2007-3242

The CVE-2007-3242 entry concerns the Menu Manager Mod for WebAPP WebAPP NE (versions 0.9.9.3.3–0.9.9.8) and WebAPP.org WebAPP before 0.9.9.6. The vulnerability allows remote authenticated users to execute arbitrary commands by injecting shell metacharacters into the titles of items in a personal ...

CVE-2007-3242

The Menu Manager Mod for 1 web-app.net WebAPP aka WebAPP NE 0.9.9.3.3 through 0.9.9.8, and 2 web-app.org WebAPP before 0.9.9.6, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the titles of items in a personal menu...

webapp-exec.txt

There is a system access vulnerability in the Menu Manager Mod for WebAPP. This mod is available at http://www.2xlnt.com/webapp/development/app.cgi?action=downloadinfo&cat=webappmods&id=3 . System commands can be entered in user's personal menus. Any system command works there and allows reading ...