CVE-2007-1171

SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie...

CVE-2007-1142

Cross-site scripting XSS vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the linkparameters parameter in 1 news.php and 2 nlayouts.php...

CVE-2007-1174

Multiple cross-site scripting XSS vulnerabilities in WebAPP before 20070214 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to unspecified fields in user Profiles. NOTE: some of these details are obtained from third party information...

CVE-2007-1109

Multiple cross-site scripting XSS vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 login or 2 mailaddress field in Register.php, or the 3 searchauthor, 4 mode, 5 startyear, 6 endyear, or 7 datetype field in Search.php, a different...

CVE-2007-0896

Cross-site scripting XSS vulnerability in the 1 Sage before 1.3.10, and 2 Sage++ extensions for Firefox, allows remote attackers to inject arbitrary web script or HTML via a "SCRIPT/=''SRC='" sequence in an RSS feed, a different vulnerability than CVE-2006-4712...

DEBIAN-CVE-2006-6942

Multiple cross-site scripting XSS vulnerabilities in PhpMyAdmin before 2.9.1.1 allow remote attackers to inject arbitrary HTML or web script via 1 a comment for a table name, as exploited through a dboperations.php, 2 the db parameter to b dbcreate.php, 3 the newname parameter to dboperations.php...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 index.php and 2 login.php in myBloggie 2.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO string...

Cross site scripting

Cross-site scripting XSS vulnerability in Movable Type MT 3.33, when nofollow is disabled and unmoderated comments are enabled, allows remote attackers to inject arbitrary web script or HTML via the Comments field...

security flaw

Multiple cross-site scripting XSS vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Explorer 6 SP1, Google Chrome, Opera 8.5.4 build 770...

DEBIAN-CVE-2007-0177

Cross-site scripting XSS vulnerability in the AJAX module in MediaWiki before 1.6.9, 1.7 before 1.7.2, 1.8 before 1.8.3, and 1.9 before 1.9.0rc2, when wgUseAjax is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2006-6871

Multiple cross-site scripting XSS vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via 1 the mod parameter in a viewlink operation in mod.php, 2 the intypeid parameter in a showinfo operation in the informasi module in mod.php, 3 the "your Friend" fie...

Cacti <= 0.8.6i cmd.php popen() Remote Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------------- Cacti = 0.8.6i "cmd.php" popen injection by rgod dork: intitle:"login to cacti" mail: retrog at alice dot it site: http://retrogod.altervista.org...

Cacti 0.8.6i - 'cmd.php?popen()' Remote Injection

126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont++;if $cont==15 $cont=0; $result.="\r\n"; $exa.="\r\n"; return $exa."\r\n".$result; $proxyregex = '\b\d1,3.\d1,3.\d...

CVE-2006-6649

Cross-site scripting XSS vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frmaction parameter. NOTE: the vendor disputes this issue, but it is not certain whether the dispute is about the severity of the issue, o...

CVE-2006-6571

Multiple cross-site scripting XSS vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 cuve, 2 chem, 3 do, and possibly other parameters...

CVE-2006-6271

Multiple cross-site scripting XSS vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to 1 index.php, 2 info.php; and 3 index.php, 4 votanti.php, 5 risultaticonfig.php, 6 modificaband.php, 7 bandeditor.php, and 8 configeditor.php...

DEBIAN-CVE-2006-6174

Cross-site scripting XSS vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in 1 tdiary.rb and 2 skel/conf.rhtml...

CVE-2006-5146

Multiple cross-site scripting XSS vulnerabilities in Yblog allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in a funk.php, or the 2 action parameter in b tem.php and c uss.php...

CVE-2006-4825

Multiple cross-site scripting XSS vulnerabilities in clfiles/index.php in SoftComplex PHP Event Calendar 1.5.1, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the 1 ti, 2 bi, or 3 cbgi parameters...

security flaw

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.framesn.document.open, which facilitates spoofing and other attacks...