php CRLF injection

CRLF injection vulnerability in the ftpputcmd function in PHP before 4.4.7, and 5.x before 5.2.2 allows remote attackers to inject arbitrary FTP commands via CRLF sequences in the parameters to earlier FTP commands...

tomcat host manager xss

Cross-site scripting XSS vulnerability in the Host Manager Servlet for Apache Tomcat 6.0.0 to 6.0.13 and 5.5.0 to 5.5.24 allows remote attackers to inject arbitrary HTML and web script via crafted requests, as demonstrated using the aliases parameter to an html/add action...

CVE-2007-4945

The CVE-2007-4945 entry details multiple XSS vulnerabilities in LetterGrade , allowing remote attackers to inject arbitrary script/HTML via (1) a student’s email address, (2) the year parameter to genbrws/Student/cal_month.php3, and other calendar-related vectors. The connected sources corroborat...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the AXIS 207W camera allow remote attackers to inject arbitrary web script or HTML via the camNo parameter to incl/imageincl.shtml, and other unspecified vectors...

DEBIAN-CVE-2007-4828

Cross-site scripting XSS vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2007-4836

Cross-site scripting XSS vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action...

CVE-2007-4836

Cross-site scripting XSS vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action...

CVE-2007-4334

Cross-site scripting XSS vulnerability in whois.php in Php-stats 0.1.9.2 allows remote attackers to inject arbitrary web script or HTML via the IP parameter...

CVE-2007-3842

Cross-site scripting XSS vulnerability in the 8e6 R3000 Enterprise Filter before 2.0.05 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: this may be the same as CVE-2007-2970...

CVE-2007-3017

The WYSIWYG editor applet in activeWeb contentserver CMS before 5.6.2964 only filters malicious tags from articles sent to admin/applets/wysiwyg/rendereditor.asp, which allows remote authenticated users to inject arbitrary JavaScript via a request to admin/worklist/worklistedit.asp...

CVE-2007-3769

Cross-site scripting XSS vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which is reflected to the user in the resulting error message. NOTE:...

Cross site scripting

Cross-site scripting XSS vulnerability in modlettermansubscribe.php in the Letterman Subscriber modletterman before 1.2.5 module for Joomla! allows remote attackers to inject arbitrary web script or HTML via the Itemid parameter...

CVE-2007-1355

Multiple cross-site scripting XSS vulnerabilities in the appdev/sample/web/hello.jsp example application in Tomcat 4.0.0 through 4.0.6, 4.1.0 through 4.1.36, 5.0.0 through 5.0.30, 5.5.0 through 5.5.23, and 6.0.0 through 6.0.10 allow remote attackers to inject arbitrary web script or HTML via the...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Endy Kristanto Surat kabar / News Management Online aka phpwebnews 0.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the mtxt parameter to 1 iklan.php, 2 index.php, or 3 bukutamu.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to inject arbitrary web script or HTML via 1 the QUERYSTRING corresponding to drop downs or 2 various forms...

PT-2007-2898

Name of the Vulnerable Software and Affected Versions DirectAdmin affected versions not specified Description A cross-site scripting XSS issue exists in CMD USER STATS, allowing remote attackers to inject arbitrary web script or HTML via the RESULT parameter. Recommendations At the moment, there ...

FreeBSD : cacti -- remote injection exploit (930) (deprecated)

The remote host is missing an update to the system The following package is affected: cacti This plugin has been deprecated since the advisory has been canceled. %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated as the VuXML entry has been cancelled. Disabled on 2015/11/30. C...

PYSEC-2007-2

Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...

AJ Dating 1.0 (view_profile.php) Remote SQL Injection Exploit

No description provided by source. html head meta http-equiv="Content-Type" content="text/html; charset=windows-1254" titleAJDating 1.0 viewprofile.php Remote BLIND SQL Injection Exploit/title script language="JavaScript"...

CVE-2007-1234

Multiple cross-site scripting XSS vulnerabilities in sitex allow remote attackers to inject arbitrary web script or HTML via 1 the sxYear parameter to calendar.php, 2 the search parameter to search.php, 3 the linkid parameter to redirect.php, or 4 the page parameter to calendarevents.php...