780 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...
CVE-2011-1671
Cross-site scripting XSS vulnerability in app/controllers/todoscontroller.rb in Tracks 1.7.2, 2.0RC2, and 2.0devel allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to todos/tag/. NOTE: some of these details are obtained from third party information...
CVE-2011-1038
Multiple cross-site scripting XSS vulnerabilities in stconf.nsf in the server in IBM Lotus Sametime 8.0.1 allow remote attackers to inject arbitrary web script or HTML via 1 the messageString parameter in a WebMessage action or 2 the PATHINFO...
CVE-2010-3070
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
CVE-2010-3070
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
CVE-2010-3070
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
Cross site scripting
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
CVE-2010-3070
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
CVE-2010-3070
Cross-site scripting XSS vulnerability in NuSOAP 0.9.5, as used in MantisBT and other products, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to an arbitrary PHP script that uses NuSOAP classes...
Sql injection
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATHINFO...
CVE-2010-3212
SQL injection vulnerability in index.php in Seagull 0.6.7 and earlier allows remote attackers to execute arbitrary SQL commands via the frmQuestion parameter in a retrieve action, in conjunction with a user/password PATHINFO...
CVE-2009-4982
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATHINFO to the default URI...
Sql injection
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATHINFO to the default URI...
CVE-2009-4982
SQL injection vulnerability in the select function in Irokez CMS 0.7.1, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the PATHINFO to the default URI...
Sql injection
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO...
CVE-2010-2436
SQL injection vulnerability in modules/blog/index.php in AneCMS Blog 1.3 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the PATHINFO...
CVE-2010-2281
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...
CVE-2010-1515
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 article-id parameter in conjunction with a /admin/news/article/list PATHINFO; the 3 keyword parameter in conjunction...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in index.php in TomatoCMS 2.0.6 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword or 2 bannerid parameter in conjunction with a /admin/ad/banner/list PATHINFO; and allow remote authenticated users, with certain...