Authentication flaw

cgi/b on the BT Home Hub router allows remote attackers to bypass authentication, and read or modify administrative settings or make arbitrary VoIP telephone calls, by placing a character at the end of the PATHINFO, as demonstrated by 1 %5C encoded backslash, 2 '%' percent, and 3 '' tilde. NOTE:...

CVE-2008-0385

SQL injection vulnerability in server/widgetallocator.php in Urulu 2.1 allows remote attackers to execute arbitrary SQL commands via the connectionId parameter to index.php with 1 statprt/js/request or 2 dyn/js/request in the PATHINFO...

CVE-2008-0385

Urulu 2.1 contains a SQL injection in the connectionId parameter of index.php via PATH_INFO (statprt/js/request or dyn/js/request). The vulnerability allows remote attackers to extract data from the database, with potential for arbitrary code execution if the database user has FILE privileges (e....

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Jinzora Media Jukebox 2.7.5 allow remote attackers to inject arbitrary web script or HTML via the 1 frontend, 2 setfrontend, 3 jzpath, 4 theme, and 5 settheme parameters to a index.php; the frontend, theme, and 6 language parameters to b...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2008-0552

Cross-site scripting XSS vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

CVE-2008-0552

Cross-site scripting XSS vulnerability in index.php in eTicket 1.5.6-RC4 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO...

Cross site scripting

Cross-site scripting XSS vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, which is not quoted when processing PHPSELF...

CVE-2008-0497

Cross-site scripting XSS vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, which is not quoted when processing PHPSELF...

CVE-2008-0497

Cross-site scripting XSS vulnerability in action.php in Nucleus CMS 3.31 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO, which is not quoted when processing PHPSELF...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

CVE-2008-0359

Multiple cross-site scripting XSS vulnerabilities in BLOG:CMS 4.2.1b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 admin.php or 2 index.php in photo/...

Cross site scripting

Cross-site scripting XSS vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the top-level URI...

CVE-2008-0146

Cross-site scripting XSS vulnerability in the error page in W3-mSQL allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the top-level URI...

CVE-2008-0146

CVE-2008-0146 is an XSS in the error page of W3-mSQL. The vulnerability allows remote attackers to inject arbitrary web script or HTML via PATH_INFO to the top-level URI. Affected component is the error handling of W3-mSQL; root cause details and exact vulnerable versions are not explicitly provi...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6374

Multiple cross-site scripting XSS vulnerabilities in Bitweaver 2.0.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 users/register.php or 2 search/index.php, or an editcomments action in 3 wiki/index.php or 4 forums/index.php. NOTE: the error...

CVE-2007-6374

CVE-2007-6374 concerns multiple XSS flaws in Bitweaver 2.0.0 and earlier, exploitable via PATH_INFO in four endpoints: /users/register.php, /search/index.php, /wiki/index.php (editcomments action), and /forums/index.php. The vulnerability allows remote attackers to inject arbitrary script or HTML...

CVE-2007-6054

Cross-site scripting XSS vulnerability in the login page in the management interface in the Aruba 800 Mobility Controller 2.5.4.18 and earlier, and 2.4.8.6-FIPS and earlier, allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to the /screens URI, related to the url...