Input validation

The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-2145

The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information...

CVE-2007-2146

CVE-2007-2146 affects MiniGal b13: the imagecomments function in classes.php lets remote attackers inject arbitrary PHP code into a file under thumbs/ by supplying the name or email parameter. This is a client-controlled input vulnerability in a PHP application function, enabling code injection w...

CVE-2007-2146

The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the 1 name or 2 email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

No description provided by source. ?/ File: shoutbox.php Affects: ShoutPro 1.5.2 may affect earlier versions Date: 17th April 2007 Issue Description: =========================================================================== ShoutPro 1.5.2 fails to fully sanitize user input $shout that it writes...

ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit

Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...

ShoutPro 1.5.2 - &#039;shout.php&#039; Remote Code Injection

?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "%3C%3F%24a%3D...

ShoutPro 1.5.2 - shout.php Remote Code Injection

ShoutPro 1.5.2 - shout.php Remote Code Injection ?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "...

CVE-2007-1927

Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...

CVE-2007-1848

Cross-site scripting XSS vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desctitle field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports vali...

CVE-2006-7187

Cross-site scripting XSS vulnerability in the showrecentsearches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable...

CVE-2007-1780

The CVE-2007-1780 has concrete details across connected sources: Overlay Weaver’s DHT shell (owdhtshell) versions 0.5.9–0.5.11 are affected by a cross-site scripting (XSS) vulnerability when invoked with the -x option, allowing remote attackers to inject arbitrary web script or HTML via certain i...

CVE-2007-1636

Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. dot dot sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header...

CVE-2007-1524

CVE-2007-1524 affects ZomPlog up to version 3.7.6, specifically the themes/default/ handling. The vulnerability is a directory traversal flaw where an attacker can use the settings[skin] parameter to include local files; by injecting PHP code into an Apache log file, that code can be included via...

CVE-2007-1405

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

CVE-2007-1241

CVE-2007-1241 is an XSS vulnerability reported in Audins Audiens 3.3, specifically in setup.php, exploitable through PATH_INFO to inject arbitrary script/HTML. Concretely, multiple sources (NVD, CVE lists, Prion, Vulners) describe the same issue; the root cause is not elaborated beyond the PATH_I...

CVE-2006-7023

CVE-2006-7023 concerns FX-APP 0.0.8.1 with multiple XSS vulnerabilities allowing remote injection of HTML/script via profile fields (search box, url, website, comment, signature) and possibly a menu item. According to NVD, the CVSS2 base score is 4.3 (Network attack, Medium complexity, no authent...

CVE-2007-0768

CVE-2007-0768 affects Yahoo! Messenger

CVE-2007-0407

CVE-2007-0407 describes a cross-site scripting (XSS) vulnerability in Plain Black WebGUI, specifically in Operation/User.pm for versions before 7.3.5 (beta). The issue arises from accepting a username during anonymous registration, allowing an attacker to inject arbitrary web script or HTML. The ...

CVE-2006-4576

Cross-site scripting XSS vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer...