Cross site scripting

Cross-site scripting XSS vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to 1 comp.php, 2 diff.php, or 3 revision.php...

CVE-2011-5221

Cross-site scripting XSS vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to 1 comp.php, 2 diff.php, or 3 revision.php...

CVE-2012-1470

Multiple cross-site scripting XSS vulnerabilities in codeeditor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 path or 2 line parameters...

CVE-2012-1470

Multiple cross-site scripting XSS vulnerabilities in codeeditor.php in ocPortal before 7.1.6 allow remote attackers to inject arbitrary web script or HTML via the 1 path or 2 line parameters...

WebSVN 'path' 参数跨站脚本漏洞

Bugtraq ID: 51109 WebSVN是一个基于Web的Subversion Repository浏览器。 通过"path"参数传递给comp.php或revision.php脚本的输入在返回用户之前svnlook.php脚本中的"getLog"函数对此缺少过滤，可被利用进行跨站脚本攻击。 构建恶意URL，诱使用户解析，可获得敏感信息或劫持用户会话 0 WebSVN 2.3.2 WebSVN 2.1 WebSVN 2.0rc4 WebSVN 2.0 WebSVN 1.7 WebSVN 1.0 厂商解决方案 WebSVN 2.3.1及之后版本已经修复此漏洞，建议用户下载使用：...

CVE-2010-5025

Cross-site scripting XSS vulnerability in manage/main.php in CuteSITE CMS 1.2.3 and 1.5.0 allows remote attackers to inject arbitrary web script or HTML via the fldpath parameter. NOTE: some of these details are obtained from third party information...

CVE-2010-4948

PHP remote file inclusion vulnerability in libs/adodb/adodb.inc.php in PHP Free Photo Gallery script allows remote attackers to execute arbitrary PHP code via a URL in the path parameter...

Design/Logic Flaw

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

CVE-2010-3700

VMware SpringSource Spring Security 2.x before 2.0.6 and 3.x before 3.0.4, and Acegi Security 1.0.0 through 1.0.7, as used in IBM WebSphere Application Server WAS 6.1 and 7.0, allows remote attackers to bypass security constraints via a path parameter...

EasyFTP Server list.html path Stack Buffer Overflow

This module exploits a stack-based buffer overflow in EasyFTP Server 1.7.0.11 and earlier. EasyFTP fails to check input size when parsing the 'path' parameter supplied to an HTTP GET request, which leads to a stack based buffer overflow. EasyFTP allows anonymous access by default; valid credentia...

CVE-2010-2271

Format string vulnerability in authcfg.cgi in Accoria Web Server aka Rock Web Server 1.4.7 allows remote attackers to have an unspecified impact via format string specifiers in the path aka Password File parameter...

PT-2009-6273 · D4J +1 · Com Ezine +1

Name of the Vulnerable Software and Affected Versions: Joomla! component com ezine version 2.1 Description: A remote file inclusion issue in the class/php/d4m ajax pagenav.php file of the D4J eZine component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the...

Remote file inclusion

PHP remote file inclusion vulnerability in libraries/database.php in Efront 3.5.4 and earlier, when registerglobals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: this is only a vulnerability when the administrator does not follow...

Remote file inclusion

PHP remote file inclusion vulnerability in pages/pageHeader.php in OpenSiteAdmin 0.9.7 BETA allows remote attackers to execute arbitrary PHP code via a URL in the path parameter, a different vector than CVE-2008-0648...

CVE-2009-1288

Multiple cross-site scripting XSS vulnerabilities in the Advanced Management Module AMM on the IBM BladeCenter, including the BladeCenter H with BPET36H 54, allow remote attackers to inject arbitrary web script or HTML via 1 the username in a login action or 2 the PATH parameter to...

CVE-2008-6609

Cross-site scripting XSS vulnerability in phpcksec.php in Stefan Ott phpcksec 0.2 allows remote attackers to inject arbitrary web script or HTML via the path parameter...

DEBIAN-CVE-2009-1148

Directory traversal vulnerability in bsdispasmimetype.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the filepath parameter $filename variable...

CVE-2008-6295

Multiple cross-site scripting XSS vulnerabilities in Camera Life 2.6.2b8 allow remote attackers to inject arbitrary web script or HTML via the q parameter to 1 search.php and 2 rss.php; the query string after the image name in 3 photos/photo; the path parameter to 4 folder.php; page parameter and...

PHPAuctionSystem - Multiple Remote File Inclusions

PHPAuctionSystem - Multiple Remote File Inclusions »=======================================================================================================-X » » » PHPAuctionSystem Multiple Remote File Inclusion Vulnerability » » » » ======= ------d-------m------ ==== ==== » » || = | |o...

CVE-2008-5792

PHP remote file inclusion vulnerability in showjoined.php in Indiscripts Enthusiast 3.1.4, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. NOTE: the researcher also points out the analogous directory traversal issue...