1195 matches found
CVE-2007-1903
Cross-site scripting XSS vulnerability in search.php in SonicBB 1.0 allows remote attackers to inject arbitrary web script or HTML via the part parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, o...
CVE-2007-2599
Multiple SQL injection vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, or e...
CVE-2007-2600
Multiple cross-site scripting XSS vulnerabilities in TutorialCMS aka Photoshop Tutorials 1.00 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 catFile parameter to a browseCat.php or b browseSubCat.php; the 2 id parameter to c openTutorial.php, d topFrame.php, o...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in ACP3 4.0 beta 3 allow remote attackers to inject arbitrary web script or HTML via 1 the formmail parameter to contact/contact/index.php; the 2 formmods or 3 formsearchterm parameter to search/list/actionsearch/index.php; 4 the id parameter to...
Cross site scripting
Cross-site scripting XSS vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id...
CVE-2007-1872
Cross-site scripting XSS vulnerability in toendaCMS 1.5.3 allows remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search id...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via 1 the email Subject header in thread.php, 2 the editquery parameter in search.php, or other unspecified parameters in search.php. NOTE:...
PT-2007-2909 · Php Nuke · Php-Nuke
Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 8.0 and earlier Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module. Recommendations: For PHP-Nuk...
CVE-2007-0595
Cross-site scripting XSS vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter aka the search box...
CVE-2007-0141
Cross-site scripting XSS vulnerability in yald.php in Yet Another Link Directory 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2007-0121
Cross-site scripting XSS vulnerability in search.asp in RI Blog 1.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter...
CVE-2006-6111
Multiple SQL injection vulnerabilities in Alan Ward A-Cart Pro 2.0 allow remote attackers to execute arbitrary SQL commands via the 1 productid parameter in product.asp or 2 search parameter in search.asp. NOTE: the category.asp vector is already covered by CVE-2004-1873...
PT-2006-6748 · Unknown · A-Cart Pro
Name of the Vulnerable Software and Affected Versions: A-Cart Pro version 2.0 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the productid parameter in "product.asp" or the search parameter in "search.asp". Recommendations: For A-Cart Pr...
CVE-2006-6082
CVE-2006-6082 affects the CreaScripts Creadirectory component. The documented issue is multiple XSS vulnerabilities that allow remote attackers to inject arbitrary script or HTML via the (1) cat parameter to addlisting.asp or (2) the search parameter to search.asp. The root cause is insufficient ...
PT-2006-6739 · Unknown · Activenews Manager
Name of the Vulnerable Software and Affected Versions: ActiveNews Manager affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited...
PT-2006-6735 · Baal · Baalasp Forum
Name of the Vulnerable Software and Affected Versions: BaalAsp forum affected versions not specified Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities can be exploited through...
CVE-2006-5799
Multiple cross-site scripting XSS vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the 1 contid or 2 search parameters...
CVE-2006-5164
CVE-2006-5164 affects Sum Effect Software digiSHOP 4.0. Vulnerable component: cart.php. Type: cross-site scripting (XSS). Vectors: remote attackers can craft requests using the (1) sortBy or (2) search parameters to inject arbitrary web script/HTML. Impact: potential script execution in the victi...
CVE-2006-4923
Cross-site scripting XSS vulnerability in search.php in eSyndiCat Portal System allows remote attackers to inject arbitrary web script or HTML via the what parameter...