Unfixed XSS vulnerability at www.cvwd.org

Security researcher xeno3dx, has submitted on 19/09/2007 a cross-site-scripting XSS vulnerability affecting www.cvwd.org, which at the time of submission ranked 3650508 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/09/2007. It is currently...

Unfixed XSS vulnerability at 1-look.org

Security researcher www.r3t.n3t.nl, has submitted on 18/09/2007 a cross-site-scripting XSS vulnerability affecting 1-look.org, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 23/09/2007. It is currently...

Unfixed XSS vulnerability at srash.com

Security researcher kusomiso.com, has submitted on 16/09/2007 a cross-site-scripting XSS vulnerability affecting srash.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 20/09/2007. It is currently...

Unfixed XSS vulnerability at www.bb-chat.tv

Security researcher kusomiso.com, has submitted on 13/09/2007 a cross-site-scripting XSS vulnerability affecting www.bb-chat.tv, which at the time of submission ranked 30655 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 13/09/2007. It is...

Unfixed XSS vulnerability at www.gopuglia.it

Security researcher Langy, has submitted on 30/08/2007 a cross-site-scripting XSS vulnerability affecting www.gopuglia.it, which at the time of submission ranked 1177650 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 30/08/2007. It is currentl...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

CVE-2007-4453

Multiple cross-site scripting XSS vulnerabilities in vBulletin 3.6.8 allow remote attackers to inject arbitrary web code or HTML via the 1 s parameter to index.php, and the 2 q parameter to a faq.php, b member.php, c memberlist.php, d calendar.php, e search.php, f forumdisplay.php, g...

GetMyOwnArcade Search.PHP SQL注入漏洞

GetMyOwnArcade是一款基于PHP的WEB应用程序。 GetMyOwnArcade不正确过滤用户提交的输入，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是'Search.PHP'脚本对用户提交的'$query'参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息，或者操作数据库。 GetMyOwnArcade 目前没有解决方案提供： http://www.getmyownarcade.com/ GetMyOwnArcade search.php $query SQL-Injection Discovered By:...

Sql injection

SQL injection vulnerability in search.php in GetMyOwnArcade allows remote attackers to execute arbitrary SQL commands via the query parameter...

CVE-2007-4386

CVE-2007-4386 : A SQL injection exists in GetMyOwnArcade’s search.php, exploitable by remote attackers through the query parameter to execute arbitrary SQL commands. According to the sources, the vulnerability enables partial loss of confidentiality, integrity, and availability, with a network at...

GetMyOwnArcade (search.php query) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ==================================================================== GetMyOwnArcade search.php query Remote SQL Injection Vulnerability ==================================================================== GetMyOwnArcade search.php $query...

GetMyOwnArcade - search.php?query SQL Injection

GetMyOwnArcade - search.php?query SQL Injection GetMyOwnArcade search.php $query SQL-Injection Discovered By: RoXur777 August 11th 2007 Google-Dork: "Powered by GetMyOwnArcade" / $query is not being filtered before getting passed to a query. Therefore, we can inject SQL code into the SQL-Query...

Cross site scripting

Cross-site scripting XSS vulnerability in Search.php in DiMeMa CONTENTdm CDM allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2...

CVE-2007-4245

Cross-site scripting XSS vulnerability in Search.php in DiMeMa CONTENTdm CDM allows remote attackers to inject arbitrary web script or HTML via a search, probably related to the CISOBOX1 parameter to results.php in CDM 4.2...

CVE-2007-4102

Cross-site scripting XSS vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading '"/ sequence in the search string...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via 1 the catid parameter to search.php or the 2 typ parameter to register.php...

CVE-2007-4085

Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the 1 queid parameter to forumanswer.php or 2 the catid parameter to search.php...

sblog073-xss.txt

sBlog 0.7.3 Beta XSS Vulnerabilitie Found by 0x90 www.0x90.com.ar msn & mail: [email protected] in blog http://host/blog/search.php use '"/ Welcome to the jungle!...

Unfixed XSS vulnerability at www.buzzcomix.net

Security researcher FiSh, has submitted on 25/07/2007 a cross-site-scripting XSS vulnerability affecting www.buzzcomix.net, which at the time of submission ranked 101463 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is currentl...

pafiledb-sql.txt

Site: http://www.phparena.net/pafiledb Description: SQL injection categories in includes/search.php Code: $results = $db-GetArray"SELECT FROM ".$dbPrefix."files WHERE ".$searchin." AND filecatid IN ".implode',',$POST'categories'.""; Comment:"ouuch" SQL: UNION SELECT ALL...