CVE-2005-1695

CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...

PostNuke <= 0.760 RC4a Multiple Vulnerabilities

The remote host is running PostNuke version 0.760 RC4a or older. These versions suffer from several vulnerabilities, among them : - Multiple Remote Code Injection Vulnerabilities An attacker can read arbitrary files on the remote and possibly inject arbitrary PHP code remotely. - SQL Injection...

CVE-2004-1926

Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to inject arbitrary code via the 1 Theme, 2 Country, 3 Real Name, or 4 Displayed time zone fields in a User Profile, or the 5 Name, 6 Description, 7 URL, or 8 Country fields in a Directory/Add Site operation...

osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion of remote code that could be run...

CVE-2005-1181

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...

CVE-2005-1231

Cross-site scripting XSS vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the 1 term or 2 description...

CVE-2005-1181

Ariadne CMS 2.4 is cited as affected by a PHP remote code injection in loader.php via the ariadne parameter referencing a remote URL. The vendor disputes the issue, arguing loader.php must include ariadne.inc (defining $ariadne) and cannot be modified by an attacker; CVE personnel have partially ...

CVE-2005-1181

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...

CVE-2005-1049

Summary: CVE-2005-1049 describes multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC3 (and related RC4 variants) where an attacker can inject arbitrary HTML/JavaScript via the module parameter to admin.php or the op parameter to user.php. The issue is noted to exist when the ...

CVE-2005-1030

CVE-2005-1030 affects the Active Auction House ASP application. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via parameters such as ReturnURL, password, username, and other fields (e.g., ReturnURL to...

CVE-2005-0919

Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting XSS attacks...

CVE-2005-0548

Cross-site scripting XSS vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

CVE-2005-0645

Cross-site scripting XSS vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the 1 CLIENT-IP or 2 X-FORWARDED-FOR header in an HTTP POST request to shownews.php...

CVE-2004-1746

Cross-site scripting XSS vulnerability in index.php in PHP Code Snippet Library allows remote attackers to inject arbitrary web script or HTML via the 1 catselect or 2 show parameters...

CVE-2004-1711

Moodle post.php XSS (CVE-2004-1711) affects Moodle prior to 1.3. The vulnerability arises from not validating the reply parameter in post.php, enabling remote XSS via crafted URLs. OpenVAS entries confirm a remote XSS in Moodle post.php by tampering with the reply variable; no explicit exploit de...

CVE-2004-1593

Cross-site scripting XSS vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

security flaw

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

CVE-2004-1442

CVE-2004-1442 describes a cross-site scripting (XSS) vulnerability in the db2www CGI interpreter of IBM Net.Data 7 and 7.2. The issue allows remote attackers to inject arbitrary web script or HTML via a macro filename, which is mishandled in error messages such as DTWP001E. The provided sources i...