CVE-2006-1121

Cross-site scripting XSS vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php...

Sql injection

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a / sequences with the "adclick" word in the query string, as demonstrated via the kala parameter...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

Cross site scripting

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

More on the workaround for the unpatched Oracle PLSQL Gateway flaw

According to Oracle, the workaround I posted, that prevents exploitation of a critical vulnerability that Oracle has so far failed to fix, breaks certain applications that sits atop their PLSQL Gateway. Though my workaround prevents exploitation of the critical flaw and thus protects vulnerable...

CVE-2006-0342

RockLiffe MailSite HTTP Mail management agent httpma 7.0.3.1 allows remote attackers to cause a denial of service CPU consumption and crash via a malformed query string containing special characters such as "|"...

CVE-2006-0341

Cross-site scripting XSS vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

CVE-2006-0317

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

CVE-2006-0317

Cross-site scripting XSS vulnerability in rkrtstats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERYSTRING variable. NOTE: the provenance of this information is unknown; portio...

security flaw

Cross-site scripting XSS vulnerability in Apache Struts 1.2.7, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly quoted or filtered when the request handler generates an error message...

Cross site scripting

Cross-site scripting XSS vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2005-4780

Cross-site scripting XSS vulnerability in Fidra Lighthouse CMS 1.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in a querystring to the home page. NOTE: The vendor disputes this issue, saying "Lighthouse does not in any way make use of the...

PT-2005-5443 · Fidra · Fidra Lighthouse Cms

Name of the Vulnerable Software and Affected Versions: Fidra Lighthouse CMS versions 1.1.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the search parameter in a query string to the home page. The vendor disputes this...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

CVE-2005-4491

Multiple cross-site scripting XSS vulnerabilities in Sitekit CMS 6.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 textonly, 3 locID, and 4 lang parameters to a Default.aspx, and the 6 ClickFrom parameter to b Request-call-back.html and c...

CVE-2005-4194

Buffer overflow in MediaServerList.exe in Sights 'n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service application crash via a long query string...

CVE-2005-4160

Directory traversal vulnerability in getdox.php in Torrential 1.2 allows remote attackers to read arbitrary files via "../" sequences in the query string argument...