CVE-2009-3509

CVE-2009-3509 affects CJ Dynamic Poll PRO 2.0, specifically the admin/admin_index.php component. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via PATH_INFO, indicating insufficient input handling for path information. T...

Cross site scripting

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

CVE-2009-3485

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

CVE-2009-3493

Multiple cross-site scripting XSS vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 scrivi.php and 2 index.php...

CVE-2009-3485

Cross-site scripting XSS vulnerability in the J-Web interface in Juniper JUNOS 8.5R1.14 and 9.0R1.1 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the default URI...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in index.php in the Publisher module 2.0 for Miniweb allow remote attackers to inject arbitrary web script or HTML via the 1 begin parameter and the 2 PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in scrivi.php in Zenas PaoLink aka Pao-Link 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-3320

Cross-site scripting XSS vulnerability in scrivi.php in Zenas PaoLink aka Pao-Link 1.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2008-7075

Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via 1 the subcatid parameter to article.list.php; or the artid parameter to 2 article.print.php, 3 article.comments.php, 4 article.publisher.php, or 5...

CVE-2009-2255

Zen Cart 1.3.8a, 1.3.8, and earlier does not require administrative authentication for admin/recordcompany.php, which allows remote attackers to execute arbitrary code by uploading a .php file via the recordcompanyimage parameter in conjunction with a PATHINFO of passwordforgotten.php, then...

CVE-2009-1583

Multiple cross-site scripting XSS vulnerabilities in TemaTres 1.0.3 and 1.031 allow remote attackers to inject arbitrary web script or HTML via the 1 search form; 2 expresiondebusqueda, 3 letra, 4 estadoid, and 5 tema parameters to index.php; the 6 PATHINFO to index.php; 7 unspecified parameters...

CVE-2009-1583

CVE-2009-1583 affects TemaTres 1.0.3 and 1.031, with multiple XSS vulnerabilities (and, per OpenVAS, SQLi in some checks) exposed via several parameters to index.php and sobre.php. Impact described as remote script/HTML injection; no exploitation details are provided in the initial/connected docu...

Cross site scripting

Cross-site scripting XSS vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATHINFO, which is displayed on the 404 error page, as...

CVE-2009-1554

Cross-site scripting XSS vulnerability in ThemeServlet.java in Sun Woodstock 4.2, as used in Sun GlassFish Enterprise Server and other products, allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in the PATHINFO, which is displayed on the 404 error page, as...

CVE-2009-1554

The CVE-2009-1554 issue affects Sun Woodstock 4.2 (as used in Sun GlassFish Enterprise Server and related products). The vulnerability is a cross-site scripting (XSS) flaw in ThemeServlet.java that allows remote attackers to inject arbitrary web script or HTML via a UTF-7 string in PATH_INFO, whi...

Cross site scripting

Cross-site scripting XSS vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-1451

Cross-site scripting XSS vulnerability in startpage.php in SMA-DB 0.3.12 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2009-1451

The CVE-2009-1451 entry describes a Cross-site Scripting (XSS) vulnerability in SMA-DB 0.3.12, specifically in startpage.php, where an attacker can inject arbitrary web script or HTML via PATH_INFO. Affected software: SMA-DB 0.3.12; vulnerable component: startpage.php; root cause: unsanitized PAT...

Apache mod_perl Path_Info Remote DoS Vulnerability

According to its version number, the remote version of the Apache modperl module is prone to a remote denial of service DoS vulnerability. Copyright C 2009 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2008-6644

Cross-site scripting XSS vulnerability in Default.aspx in DotNetNuke 4.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...