Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Microsoft Windows SharePoint Services 3.0 for Windows Server 2003 and Office SharePoint Server 2007 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string in "every main page," as demonstrated by default.asp...

CVE-2007-2532

Multiple cross-site scripting XSS vulnerabilities in Minh Nguyen Duong Obie Website Mini Web Shop 2 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO query string to 1 sendmail.php or 2 orderform.php, different vectors than CVE-2006-6734...

GLSA-200705-04 : Apache mod_perl: Denial of Service

The remote host is affected by the vulnerability described in GLSA-200705-04 Apache modperl: Denial of Service Alex Solvey discovered that the 'pathinfo' variable used in file RegistryCooker.pm modperl 2.x or file PerlRun.pm modperl 1.x, is not properly escaped before being processed. Impact : A...

ObieWebsite Mini Web Shop 2 - Sendmail.php?PATH_INFO Cross-Site Scripting

ObieWebsite Mini Web Shop 2 - Sendmail.php?PATHINFO Cross-Site Scripting source: https://www.securityfocus.com/bid/23847/info Mini Web Shop is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit...

Apache mod_perl resource exhaustion

PATHINFO environment variable is used in regular expressions without scpeial characters escaping...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

CVE-2007-1349

PerlRun.pm in Apache modperl before 1.30, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

mod_perl -- remote DoS in PATH_INFO parsing

Mandriva reports: PerlRun.pm in Apache modperl 1.29 and earlier, and RegistryCooker.pm in modperl 2.x, does not properly escape PATHINFO before use in a regular expression, which allows remote attackers to cause a denial of service resource consumption via a crafted URI...

Cross site scripting

Cross-site scripting XSS vulnerability in wp-admin/vars.php in WordPress before 2.0.10 RC2, and before 2.1.3 RC2 in the 2.1 series, allows remote authenticated users with theme privileges to inject arbitrary web script or HTML via the PATHINFO in the administration interface, related to loose...

WordPress <= 2.1.2 RC2 - XSS

Because of this vulnerability in wp-admin/vars.php, the authenticated users with theme privileges can inject arbitrary web script or HTML via the PATHINFO. Solution Update the WordPress to the latest available version at least 2.1.3...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

CVE-2007-1291

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

Cross site scripting

Cross-site scripting XSS vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2007-1241

Cross-site scripting XSS vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 index.php and 2 login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO string...

CVE-2007-0353

Cross-site scripting XSS vulnerability in 1 index.php and 2 login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO string...

CVE-2007-0138

formbankcgi.exe in Fersch Formbankserver 1.9, when the PATHINFO begins with 1 AbfrageForm or 2 EingabeForm, allows remote attackers to cause a denial of service daemon crash via multiple requests containing many /../ sequences in the Name parameter. NOTE: The provenance of this information is...

CVE-2006-6848

The CVE-2006-6848 entry describes an SQL injection in ASPTicker 1.0, exploiting admin.asp via PATH_INFO (possibly related to the Password parameter) to allow remote execution of arbitrary SQL. This conveys a remote, unauthenticated risk with potential data exposure or modification. No remediation...

CVE-2006-6848

SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO, possibly related to the Password parameter...

CVE-2006-6848

SQL injection vulnerability in admin.asp in ASPTicker 1.0 allows remote attackers to execute arbitrary SQL commands via the PATHINFO, possibly related to the Password parameter...