229 matches found
CVE-2008-6461
CVE-2008-6461 describes an SQL injection in the TYPO3 Random Prayer 2 (ste_prayer2) extension prior to version 0.0.3. The issue allows remote attackers to execute arbitrary SQL commands via unspecified vectors, indicating a vulnerability in how user input is handled within the extension’s databas...
CVE-2008-0936
SQL injection vulnerability in index.php in the Prayer List prayerlist 1.04 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view action...
CVE-2008-0936
CVE-2008-0936 affects the XOOPS Prayer List (prayerlist) 1.04 module: an SQL injection vulnerability in index.php allows an attacker to manipulate the cid parameter in a view action to execute arbitrary SQL. The vulnerability impacts remote confidentiality and integrity (per the reported CVSS 2.0...
CVE-2006-3538
Multiple cross-site scripting XSS vulnerabilities in demo.php in BeatificFaith Eprayer Alpha allow remote attackers to inject arbitrary web script or HTML via the SRC attribute of a SCRIPT element in the 1 "Your name" field and 2 "Enter Prayer Request here" field...
eprayer.txt
Eprayer v.Alpha. Homepage: http://eprayer.sourceforge.net Affected files: input boxs of prayer request. User submitted data is not sanatized before being dynamically generated. Try putting the code below in as "Your name" Screenshots: http://www.youfucktard.com/xsp/eprayer1.jpg...
ePrayver v.Alpha - XSS
Eprayer v.Alpha. Homepage: http://eprayer.sourceforge.net Affected files: input boxs of prayer request. User submitted data is not sanatized before being dynamically generated. Try putting the code below in as "Your name" SCRIPT SRC=http://youfucktard.com/xss.js/SCRIPT Screenshots:...
CVE-2006-1976
Cross-site scripting XSS vulnerability in addRequest.php in Prayer Request Board PRB Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field...
CVE-2006-1976
Cross-site scripting XSS vulnerability in addRequest.php in Prayer Request Board PRB Beta 1 before 20060320 allows remote attackers to inject arbitrary web script or HTML via the Request field...
CVE-2006-1976
PRB Beta 1’s addRequest.php is vulnerable to cross-site scripting (XSS) via the Request field, allowing remote attackers to inject arbitrary web script or HTML. Affected version: PRB Beta 1 before 20060320. The available documents do not provide exploit details, impact beyond script injection, or...