CVE-2006-6768

The CVE-2006-6768 entry documents multiple XSS vulnerabilities in the default.asp page of PWP Technologies The Classified Ad System, exploitable via the (1) cat and (2) main parameters. The underlying issue is cross-site scripting in input handling on that page, with a CVSS base score of 6.8 (Med...

CVE-2006-6704

Cross-site scripting XSS vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database."...

CVE-2006-6544

The CVE-2006-6544 entry describes a Cross-site scripting (XSS) vulnerability in CM68 News that allows remote attackers to inject arbitrary script or HTML via unspecified vectors. Affected software is CM68 News; the exact component/file and vulnerable version(s) are not explicitly stated in the pr...

CVE-2006-6393

Cross-site scripting XSS vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function...

CVE-2006-6159

CVE-2006-6159 describes multiple cross-site scripting (XSS) vulnerabilities in DeskPRO 2.0.0 and 2.0.1, exploitable via the message or subject parameters in newticket.php. The underlying issue is that remote attackers can inject arbitrary web script or HTML. The CVSS basis is 6.8 (Medium), with n...

CVE-2006-5799

CVE-2006-5799 involves multiple XSS vulnerabilities in the xenis.creator CMS, specifically in default.asp where the (1) contid and (2) search parameters can be exploited to inject arbitrary web script/HTML. Documented impact is partial confidentiality/integrity/availability, with a NVD CVSS v2 ba...

CVE-2006-5661

CVE-2006-5661 is an XSS vulnerability in VIRtech Netquery’s nquser.php that allows remote attackers to inject arbitrary web script via the User-Agent header. The issue is documented across multiple feeds, with CVSS 2.0 indicating a Network attack, no authentication, and partial impact to confiden...

CVE-2006-5632

Cross-site scripting XSS vulnerability in changepass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from thir...

CVE-2006-5515

Cross-site scripting XSS vulnerability in lib-history.inc.php in phpAdsNew and phpPgAds before 2.0.8-pr1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to injected data that is stored by a delivery script and displayed by the admin interface...

CVE-2006-5203

Invision Power Board IPB 2.1.7 and earlier allows remote restricted administrators to inject arbitrary web script or HTML, or execute arbitrary SQL commands, via a forum description that contains a crafted image with PHP code, which is executed when the user visits the "Manage Forums" link in the...

CVE-2006-5190

CVE-2006-5190 affects osCommerce 2.2 Milestone 2 Update 060817. The vulnerability is a set of multiple XSS flaws exploitable through the page parameter in admin scripts (banner_manager.php, banner_statistics.php, countries.php, currencies.php, languages.php, manufacturers.php, newsletters.php, or...

CVE-2006-5146

Multiple cross-site scripting XSS vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in a funk.php, or the 2 action parameter in b tem.php and c uss.php...

CVE-2006-5129

CVE-2006-5129 affects ph03y3nk just another flat file (JAF) CMS 4.0 RC1. The vulnerabilities are cross-site scripting in two spots: (1) module/shout/jafshout.php (the shoutbox) via the message parameter and related name/email/title/date/ldate/lname variables, and (2) the message body in a forum p...

CVE-2006-5090

CVE-2006-5090 describes multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) . The affected vectors are the parameters mod and action in index.php, and pageid in modules/pageedit/index.php, allowing remote attackers to inject arbitrary web script or HTML. The provi...

CVE-2006-4973

DotNetNuke (Perpetual Motion Interactive Systems) has a reflected XSS vulnerability in Default.aspx: versions prior to 3.3.5 and 4.x prior to 4.3.5 allow remote attackers to inject arbitrary HTML via the error parameter. Affected software is DotNetNuke under Perpetual Motion Interactive Systems. ...

CVE-2006-4747

Multiple cross-site scripting XSS vulnerabilities in IdevSpot TextAds allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter in delete.php and 2 the error parameter in error.php...

[Full-disclosure] PocketPC MMS - Remote Code Injection/Execution Vulnerability and Denial-of-Service

Vulnerability Report ----------------------------- Vendor: Microsoft and ArcSoft Product: PocketPC OS and MMS Composer Versions: MMS Composer: 1.5.5.6, 2.0.0.13 possible others Platform: PocketPC tested on: WinCE 4.2 and WinCE 4.21, possible others Architecture: ARM Devices: HP iPAQ h6315, i-mate...

Code injection

Tamarack MMSd before 7.992 allows remote attackers to cause a denial of service crash via malformed RFC1006 OSI over TCP/IP packets...

CVE-2006-3564

HiveMail 1.3 and earlier are affected by multiple cross-site scripting (XSS) vulnerabilities. The issue arises from unsanitized input in several parameters across PHP scripts: (1) email, (2) cond, or (3) name in addressbook.view.php; (4) daysprune in index.php; (5) data[to] in compose.email.php; ...

CVE-2006-3494

Multiple cross-site scripting XSS vulnerabilities in Buddy Zone 1.0.1 allow remote attackers to inject arbitrary HTML and web script via the 1 catid parameter to a viewclassifieds.php; 2 id parameter in b viewad.php; 3 eventid parameter in c viewevent.php, d deleteevent.php, and e editevent.php;...