PT-2006-6609 · Mginternet · Mginternet Car Site Manager

Name of the Vulnerable Software and Affected Versions: MGinternet Car Site Manager CSM affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the s parameter in the /csm/asp/listings.asp API...

EUVD-2006-4196

Cross-site scripting XSS vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

DEBIAN-CVE-2006-3810

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

mospray.txt

Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...

CVE-2006-3681

Multiple cross-site scripting XSS vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 refererpagesfilter, 2 refererpagesfilterex, 3 urlfilterex, 4 urlfilter, 5 hostfilter, or 6 hostfilterex parameters, a...

CVE-2006-3624

CVE-2006-3624 documents multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 . The issue is triggered by the url parameter to either player.php or popup.php , allowing remote injection of arbitrary script/HTML. NVD reports a CVSSv2 base score of 4.3 (MEDIUM) with network attack ve...

EUVD-2006-3566

Multiple cross-site scripting XSS vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 titel or 2 ausgabe parameters...

PT-2006-4443 · Unknown · Fantastic Guestbook

Name of the Vulnerable Software and Affected Versions: Fantastic Guestbook versions 2.0.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the first name, last name, or nickname parameters in the guestbook.php file. Recommendations: For Fantast...

PT-2006-4289 · Taskjitsu · Taskjitsu

Name of the Vulnerable Software and Affected Versions: Taskjitsu versions prior to 2.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the title and description parameters when creating a task. Recommendations:...

cpanel10.txt

A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...

mybloggie221.txt

Milli-Harekat Advisory www.milli-harekat.org MyBloggie = 2.1.1 version - Remote File Include Vulnerabilities Risk : meduim Class: Remote Script : MyBloggie 2.1.1 version Msn : erne at ernealizm.com Credits : ERNE Thanks : DjReMix,Eskobar,Blackened,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and Al...

PHP-Nuke 7.9 Final - 'phpbb_root_path' Remote File Inclusions

Milli-Harekat Advisory www.milli-harekat.org PHP-Nuke = All version - Remote File Include Vulnerabilities Risk : High Class: Remote Script : PHP NUKE ALL VERSION Credits : ERNE Thanks : DjReMix,Eskobar,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and All MHG USERS Vulnerable :...

CVE-2006-2418

Cross-site scripting XSS vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts...

CVE-2006-2396

Cross-site scripting XSS vulnerability in phpODP 1.5h allows remote attackers to inject arbitrary web script via the browse parameter...

ICQ Client Cross-Application Scripting (XAS)

ICQ Client Cross-Application Scripting XAS by [email protected] Severity: Low Potential Impact: Remote script execution ICQ client in some condition is vulnerable to remote script injection into used Internet Explorer in My Computer Security Zone. Detailed description quote...