2970 matches found
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
The remote host is running phpAdsNew / phpPgAds, an open source banner ad server. The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws : - Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject...
CVE-2005-2542
Technical details about CVE-2005-2542 are not publicly available in the provided connected documents. Monitor for updates; sources do not specify affected versions, impact, vectors, or remediation beyond the IPB 1.0.3 issue.
[SECURITY] [DSA 768-1] New phpbb2 packages fix cross-site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 768-1 [email protected] http://www.debian.org/security/ Martin Schulze July 27th, 2005 http://www.debian.org/security/faq -...
CVE-2005-2396
Cross-site scripting XSS vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template...
CVE-2005-2379
Oracle Reports 9.0.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. The weaknesses are triggered via specific parameters: (1) debug in showenv, (2) test in parsequery, or (3) delimiter, and (4) CELLWRAPPER in ...
FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)
A SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue i...
CVE-2004-2211
CVE-2004-2211 describes a cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0. The flaw allows remote attackers to inject arbitrary scripts/HTML through multiple input vectors: forum_id, method, and forum_title in post.asp; forum_title in forum.asp; and id in post.asp. The cited ref...
Serendipity XML-RPC for PHP Remote Code Injection
The version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipityxmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the...
XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit
Exploit for unknown platform in category web applications =================================================================== XML-RPC Library \n"; print "special chars allowed are / and - \n\n"; read command line options my $options = GetOptions general options 'host=s' = $host, input host to...
XML-RPC Library 1.3.0 - xmlrpc.php Remote Code Injection
XML-RPC Library 1.3.0 - xmlrpc.php Remote Code Injection tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research...
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection
tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc drupal exploit, but James sais xoop...
XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit
No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...
XML-RPC for PHP Remote Code Injection Vulnerability
Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...
CVE-2002-1954
CVE-2002-1954 is an XSS in the PHP 4.2.3 phpinfo function. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the query string argument, demonstrated using soinfo.php. Affected software: PHP 4.2.3; vulnerable component: phpinfo output handling. Root cause: unsani...
CVE-2002-1802
Cross-site scripting XSS vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news...
CVE-2002-1965
Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...
CVE-2002-1732
Actinic Catalog 4.7.0 is affected by multiple XSS vulnerabilities (CVE-2002-1732). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) query string arguments to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) the PRODREF parameter to ss000007.pl, or ...
CVE-2005-1811
Technical details for CVE-2005-1811 are not publicly available in the provided documents. Monitor for updates.
postnuke -- multiple vulnerabilities
Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...
Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)
-----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0, 20050418 Next: -----------------Code Start-----Version 1.36, 2.0, 20050418 Next-------------- pass1: pass2: Id: Member Key:...