security flaw

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.framesn.document.open, which facilitates spoofing and other attacks...

CVE-2006-4784

Multiple cross-site scripting XSS vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to 1 doc/index.php or 2 files/index.php...

PHPay 2.02 - 'nu_mail.inc.php?mail()' Remote Injection

!/usr/bin/perl Script: phPay v2.02 http://phpay.de/ Vuln File: numail.inc.php Exploit & Advisory: beford Vulnerability: mail Injection Vuln Code: \n"; if scalar@ARGV headers\n"; print "\t : orly\n"; print "\t : folder where phpay is installed /phpay/ /phpayv2.02/ ..\n"; print "\t : duh\n"; print...

PT-2006-4804 · Taskjitsu · Taskjitsu

Name of the Vulnerable Software and Affected Versions: Taskjitsu version 2.0.3 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple systems, including the Search Tasks system, the Edit Task system, the back-end Category Editor system, and pages that...

security flaw

Multiple cross-site scripting XSS vulnerabilities in PHP 4.4.1 and 5.1.1, when displayerrors and htmlerrors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message...

PT-2006-4206 · Netsoft · Smartnet

Name of the Vulnerable Software and Affected Versions: Netsoft smartNet version 2.0 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via the keyWord parameter in the "search.jsp" file. Recommendations:...

CVE-2006-3265

Multiple cross-site scripting XSS vulnerabilities in index.php in Qdig before 1.2.9.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 pregallery or 2 postgallery parameters...

CVE-2006-3264

Cross-site scripting XSS vulnerability in mclient.cgi in Namo DeepSearch 4.5 allows remote attackers to inject arbitrary web script or HTML via the p parameter...

CVE-2006-3241

Cross-site scripting XSS vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter...

CVE-2006-3131

Multiple cross-site scripting XSS vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the 1 newsarchive, 2 language, and 3 intranetLogin parameters in a index.php; the 4 sitesid parameter in b sites.php; and the 5 newsid parameter in c newsmore.php...

CVE-2006-3007

SHOUTcast 1.9.5 is affected by multiple XSS vulnerabilities that allow remote attackers to inject arbitrary HTML or script via the DJ fields Description, URL, Genre, AIM, and ICQ. The core issue is input sanitization in these fields, enabling HTML/script injection on the client side. OpenVAS and ...

CVE-2006-3004

Multiple cross-site scripting XSS vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in player.php and 2 keyword parameter when performing a search...

CVE-2006-3004

Multiple cross-site scripting XSS vulnerabilities in Ez Ringtone Manager allow remote attackers to inject arbitrary web script or HTML via the 1 id parameter in player.php and 2 keyword parameter when performing a search...

CVE-2006-2728

Cross-site scripting XSS vulnerability in superalbum/index.php in Photoalbum B&W 1.3 allows remote attackers to inject arbitrary web script or HTML via the pic parameter...

CVE-2006-2741

Cross-site scripting XSS vulnerability in Epicdesigns tinyBB 0.3 allow remote attackers to inject arbitrary web script or HTML via the q parameter in forgot.php, which is echoed in an error message, and other unspecified vectors...

CVE-2006-2635

Multiple cross-site scripting XSS vulnerabilities in Tikiwiki aka Tiki CMS/Groupware 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "ipt" in 1 offset and 2 days parameters in a tiki-lastchanges.php, the 3 find and 4 offset parameters in ...

CVE-2006-2415

Multiple cross-site scripting XSS vulnerabilities in FlexChat 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 username and 2 CFTOKEN parameter in a index.cfm and 3 CFTOKEN and 4 CFID parameter in b chat.cfm...

CVE-2006-2419

Cross-site scripting XSS vulnerability in index.php in Directory Listing Script allows remote attackers to inject arbitrary web script or HTML via the dir parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

CVE-2006-2178

Multiple cross-site scripting XSS vulnerabilities in CyberBuild allow remote attackers to inject arbitrary web script or HTML via the 1 SessionID parameter to login.asp, 2 ProductIndex parameter to browse0.htm, 3 rowcolor parameter to result.asp, or 4 heading parameter to result.asp. NOTE: vector...