CVE-2006-2189

SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: this issue can be used to trigger path disclosure. In addition, it might be primary to vector 1 in CVE-2006-1135...

CVE-2006-2189

The CVE-2006-2189 issue affects sBlog 0.7.2, where search.php’s keyword parameter is not properly sanitized, allowing remote attackers to inject and execute arbitrary SQL commands. The vulnerability can also enable path disclosure as noted, indicating potential broader disclosure implications. Th...

CVE-2006-2184

CVE-2006-2184 describes a cross-site scripting (XSS) vulnerability in the PHPKB Knowledge Base product, affecting the search.php component where the vulnerability is triggered via the searchkeyword parameter. The issue allows remote attackers to inject arbitrary web script or HTML. Root cause is ...

CVE-2006-2184

Cross-site scripting XSS vulnerability in search.php in PHPKB Knowledge Base allows remote attackers to inject arbitrary web script or HTML via the searchkeyword parameter. NOTE: the issue was originally disputed by the vendor, but on 20060519, the vendor notified CVE that "We have fixed all the...

sBLOG search.php keyword Parameter SQL Injection

The remote host is running sBLOG, a PHP-based blog application. The installed version of sBLOG fails to validate user input to the 'keyword' parameter of the 'search.php' script before using it to generate database queries. Regardless of PHP's 'magicquotesgpc' setting, an unauthenticated attacker...

CVE-2006-2059

actionpublic/search.php in Invision Power Board IPB 2.1.x and 2.0.x before 20060425 allows remote attackers to execute arbitrary PHP code via a search with a crafted value of the lastdate parameter, which alters the behavior of a regular expression to add a "e" execute modifier...

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

CVE-2006-2016

Multiple cross-site scripting XSS vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 dn parameter in a compareform.php, b copyform.php, c renameform.php, d templateengine.php, and e deleteform.php; 2 scope parameter in f...

CVE-2006-1841

Cross-site scripting XSS vulnerability in search.php in boastMachine bMachine 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field...

CVE-2006-1841

Cross-site scripting XSS vulnerability in search.php in boastMachine bMachine 2.7, and possibly other versions before 2.9b, allows remote attackers to inject arbitrary web script or HTML via the key parameter, as used by the search field...

CVE-2006-1841

CVE-2006-1841 : A persistent XSS vulnerability exists in the search.php module of boastMachine (bMachine) 2.7, and possibly earlier versions before 2.9b. The flaw allows remote attackers to inject arbitrary web script or HTML via the key parameter used by the search field. The available documents...

CVE-2006-1822

Cross-site scripting XSS vulnerability in search.php in FarsiNews 2.5.3 Pro and earlier allows remote attackers to inject arbitrary web script or HTML via the selectedsearcharch parameter...

CVE-2006-1822

CVE-2006-1822 describes a cross-site scripting (XSS) flaw in the search.php component of FarsiNews 2.5.3 Pro and earlier. The vulnerability occurs when handling the selected_search_arch parameter, allowing remote attackers to inject arbitrary web script or HTML that could execute in a victim’s br...

CVE-2006-1720

Cross-site scripting XSS vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection...

CVE-2006-1720

Cross-site scripting XSS vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. NOTE: it is possible that this issue is resultant from SQL injection...

CVE-2006-1720

SaphpLesson 3.0 is affected by an XSS in search.php via the Word parameter. The issue may stem from SQL injection, per the CVE description. Detailing: vulnerable component is search.php (Word param in SaphpLesson 3.0), root cause is unsanitized input leading to script/HTML injection. Impact per s...

CVE-2006-1638

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter to a accounts.php, b changep.php, c editac.php, d feedback.php, e fpass.php, f login.php, g post.php, h reply.php, or i replylog.php; 2 p parameter to j...

Cross site scripting

Cross-site scripting XSS vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via 1 the searchterms parameter to a search.php, and 2 the firstname, 3 lastname, 4 email, 5 password, and 6 confirmpassword parameters to b userinput.php. NOTE: the provenance ...

CVE-2006-1642

The CVE-2006-1642 entry describes a Cross-site Scripting (XSS) vulnerability in Interact 2.1.1. The flaw allows remote attackers to inject arbitrary web script or HTML via multiple input vectors: search_terms in search.php and first_name, last_name, email, password, and confirm_password in userin...