security flaw

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

CVE-2005-0266

Cross-site scripting XSS vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the 1 returnmodule, 2 returnaction, 3 name, 4 module, or 5 record parameter...

CVE-2005-0075

prefs.php in SquirrelMail before 1.4.4, with registerglobals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers...

CVE-2005-0309

Multiple cross-site scripting XSS vulnerabilities in 1 index.php or 2 mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter...

CVE-2005-0274

Multiple cross-site scripting XSS vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the 1 cat, 2 si, 3 page, or 4 ppuser parameters...

CVE-2005-0266

Cross-site scripting XSS vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the 1 returnmodule, 2 returnaction, 3 name, 4 module, or 5 record parameter...

CVE-2004-2358

Cross-site scripting XSS vulnerability in adminwords.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter...

CVE-2004-1593

Cross-site scripting XSS vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter...

CVE-2004-2670

Multiple cross-site scripting XSS vulnerabilities in mod.php in eNdonesia 8.3 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter in a viewcat operation or 2 the query parameter in a search operation in the publisher module...

CVE-2004-2725

Multiple cross-site scripting XSS vulnerabilities in Aztek Forum 4.0 allow remote attackers to inject arbitrary web script or HTML via 1 the search parameter in a search.php, 2 the email parameter in b subscribe.php, and 3 the return and 4 title parameters in c forum2.php...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

CVE-2004-2468

Cross-site scripting XSS vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter...

CVE-2004-2308

Cross-site scripting XSS vulnerability in cPanel 9.1.0 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the dir parameter in dohtaccess.html...

CVE-2004-2651

Multiple cross-site scripting XSS vulnerabilities in YaCy before 0.32 allow remote attackers to inject arbitrary web script or HTML via the 1 urlmaskfilter parameter to index.html or the 2 page parameter to Wiki.html...

CVE-2004-1059

CVE-2004-1059 describes multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch, affecting version 3.2.26 and earlier. The issues allow remote attackers to inject arbitrary HTML and web script via the next/prev result search pages and the extended and simple search forms. The connected...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

CVE-2004-2200

Cross-site scripting XSS vulnerability in DUware DUforum 3.0 through 3.1 allows remote attackers to inject arbitrary web script or HTML via via the message text...

CVE-2004-2059

Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the 1 SearchFor parameter in TABLE-NAMEsearch.asp, 2 SQL parameter in TABLE-NAMEedit.asp, 3 SearchFor parameter in TABLElist.asp, or 4 SQL parameter in export.asp...

CVE-2004-2522

Cross-site scripting XSS vulnerability in web.tmpl in Gattaca Server 2003 1.1.10.0 allows remote attackers to inject arbitrary web script or HTML via the 1 template or 2 language parameter...

ProZilla -- server response buffer overflow vulnerabilities

Buffer overflow vulnerabilities have been reported to exist in this software package. The vulnerabilities can be triggered by a remote server and can be used to inject malicious code in the ProZilla process...