CVE-2007-0331

Cross-site scripting XSS vulnerability in liens.php3 in liensdynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu...

Cross site scripting

Cross-site scripting XSS vulnerability in liens.php3 in liensdynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu...

CVE-2007-0331

Cross-site scripting XSS vulnerability in liens.php3 in liensdynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu...

Irokez Blog 0.7.1 - Multiple Remote File Inclusions

Irokez Blog 0.7.1 - Multiple Remote File Inclusions +------------------------------------------------------------------------------------------- + Irokez CMS +------------------------------------------------------------------------------------------- + Details: + Irokez CMS has several scripts...

phpProfiles 3.1.2b - Multiple Remote File Inclusions

+------------------------------------------------------------------------------------------- + phpProfiles +------------------------------------------------------------------------------------------- + Details: + phpProfiles has several scripts which do not initialize variables before using them ...

phpProfiles 3.1.2b - Multiple Remote File Inclusions

phpProfiles 3.1.2b - Multiple Remote File Inclusions +------------------------------------------------------------------------------------------- + phpProfiles +------------------------------------------------------------------------------------------- + Details: + phpProfiles has several scripts...

CVE-2006-5825

Cross-site scripting XSS vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5185

Eval injection vulnerability in Template.php in HAMweather 3.9.8.4 and earlier allows remote attackers to execute arbitrary code via a modified query string, which is supplied to an eval function call within the doparsecode function...

CVE-2006-5168

CVE-2006-5168 affects Simon Brown Pebble 2.0.0 RC1 and RC2, specifically the search functionality. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML through the query string. The provided documents do not include exploitatio...

CVE-2006-5168

Cross-site scripting XSS vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

DEBIAN-CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4794

CVE-2006-4794 describes multiple XSS vulnerabilities in e107 0.7.5 via the PATH_INFO query string in numerous PHP pages (contact.php, download.php, admin.php, etc.). Connected records indicate a broader XSS family affecting e107 0.7.16 and earlier (admin/ and related files such as submitnews.php,...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

phpunity.postcard - 'gallery_path' Remote File Inclusion

phpunity.postcard phpunity-postcard.php Remote File Inclusion Exploit Affected Software .: phpunity.postcard Vendor ............: http://www.perlunity.de/ Class .............: Remote File Inclusion Risk ..............: high Remote File Execution Found by ..........: Rivertam Contact ...........:...

CVE-2006-3585

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...

CVE-2006-3585

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...