Format string

Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote authenticated users to inject arbitrary web script, HTML, and possibl...

CVE-2009-2372

CVE-2009-2372 affects Drupal 6.x prior to 6.13, where remote authenticated users could inject arbitrary HTML/JS (and possibly PHP) through crafted user signatures after the comment input format was changed to an administrator-controlled format. The issue arises from how user signatures are proces...

CVE-2009-1575

CVE-2009-1575 is an XSS vulnerability in Drupal 5.x (<5.17) and 6.x (<6.11) (also affects vbDrupal

Code injection

ViArt Shop aka Shopping Cart 3.5 allows remote attackers to access the contents of an arbitrary shopping cart via a modified cartname parameter...

CVE-2009-1408

Cross-site scripting XSS vulnerability in webSPELL 4.2.0c allows remote attackers to inject arbitrary web script or HTML allows remote attackers to inject arbitrary web script or HTML via Javascript events such as onmouseover in nested BBcode tags, as demonstrated using 1 email, 2 img, and 3 url...

FreeBSD : Remote code injection in phpMyAdmin (0d4c31ac-cb91-11d8-8898-000d6111a684)

This vulnerability would allow remote user to inject PHP code to be executed by eval function. This vulnerability is only exploitable if variable $cfg'LeftFrameLight' is set to FALSE in file config.inc.php. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package chec...

CVE-2008-6732

Cross-site scripting XSS vulnerability in the Language skin object in DotNetNuke before 4.8.4 allows remote attackers to inject arbitrary web script or HTML via "newly generated paths."...

Dokeos LMS <= 1.8.5 (whoisonline.php) PHP Code Injection Exploit

Exploit for unknown platform in category web applications ================================================================ Dokeos LMS = 1.8.5 whoisonline.php PHP Code Injection Exploit ================================================================ ?php /...

phpMyAdmin 2.11.x < 2.11.9.4 / 3.0.x < 3.1.3 Multiple Vulnerabilities

phpMyAdmin is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:phpmyadmin:phpmyadmin";...

DEBIAN-CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

CVE-2009-1285

Static code injection vulnerability in the getConfigFile function in setup/lib/ConfigFile.class.php in phpMyAdmin 3.x before 3.1.3.2 allows remote attackers to inject arbitrary PHP code into configuration files...

Cross site scripting

Cross-site scripting XSS vulnerability in Cisco Subscriber Edge Services Manager SESM allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: some of these details are obtained from third party information...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Sun Calendar Express Web Server in Sun ONE Calendar Server 6.0 and Sun Java System Calendar Server 6 2004Q2 through 6.3-7.01 allow remote attackers to inject arbitrary web script or HTML via 1 the fmt-out parameter to login.wcap or 2 the date...

CVE-2009-1150

Multiple cross-site scripting XSS vulnerabilities in the export page displayexport.lib.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allow remote attackers to inject arbitrary web script or HTML via the pmadbfilenametemplate cookie...

DEBIAN-CVE-2009-1151

Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action...

CVE-2008-6515

CVE-2008-6515 describes a cross-site scripting (XSS) vulnerability in Fritz Berger’s yet another php photo album - next generation (yappa-ng). The issue allows remote attackers to inject arbitrary web script or HTML via the query string to the default URI. The available records identify the affec...

SOL9875 - BIG-IP management interface vulnerability CVE-2008-6474

The BIG-IP CLI and Web Management Interface are vulnerable to a remote code-injection because the application fails to properly sanitize user-supplied input. Exploiting this issue may allow an attacker to execute arbitrary code with the privileges of the user running the affected application...

Cross site scripting

Cross-site scripting XSS vulnerability in Adobe RoboHelp 6 and 7, and RoboHelp Server 6 and 7, allows remote attackers to inject arbitrary web script or HTML via vectors involving files produced by RoboHelp...

CVE-2009-0540

Libero CVE-2009-0540 is an XSS vulnerability in Libero 5.3 SP5 (and possibly versions before 5.5 SP1) that allows remote attackers to inject arbitrary web script via the search term field. The issue arises from insufficient input filtering/sanitisation of HTML tags in the web app, and is categori...

ESET Remote Administrator远程脚本注入漏洞

BUGTRAQ ID: 33633 CVECAN ID: CVE-2009-0548 ESET Remote Administrator用于远程安装和集中管理网络中的ESET杀毒软件。 ESET Remote Administrator没有正确地验证对Additional Report Settings接口的输入，远程攻击者可以通过提交恶意请求注入任意HTML和脚本代码，并在用户查看报表的时候执行注入的代码。 Eset Remote Administrator 3.0.35 厂商补丁： Eset ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...