1673 matches found
Cross site scripting
Cross-site scripting XSS vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter...
CVE-2006-1558
The CVE-2006-1558 entry concerns an XSS vulnerability in PHP Script Index, specifically in search.php. The underlying issue is a reflected/script injection via the search parameter, allowing remote attackers to inject arbitrary web script or HTML. Connected data confirm the affected component as ...
Sql injection
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frmsearchin parameter...
CVE-2006-1481
SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frmsearchin parameter...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in search.php in Calendar Express 2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 allwords or 2 oneword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party informati...
CVE-2006-1401
CVE-2006-1401 affects Calendar Express 2.2. The issue is multiple XSS in search.php exploitable via the allwords and oneword parameters, allowing remote script/HTML injection. The connected documents confirm the affected component and vulnerability class but do not provide explicit exploit detail...
PHP Ticket 0.71 - 'search.php' SQL Injection
!/usr/bin/perl Copyright C undefined1 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This program is...
PHP Ticket <= 0.71 (search.php) Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ PHP Ticket = 0.71 search.php Remote SQL Injection Exploit ============================================================ !/usr/bin/perl Copyright C undefined1 This program is free...
Sql injection
Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...
CVE-2006-1288
Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...
CVE-2006-1288
Multiple SQL injection vulnerabilities in Invision Power Board IPB 2.0.4 and 2.1.4 before 20060105 allow remote attackers to execute arbitrary SQL commands via cookies, related to 1 arrays of id/stamp pairs and 2 the keys in arrays of key/value pairs in ipsclass.php; 3 the topics variable in...
SQL-injection and XSS in photokorn gallery
Advisory: SQL-injection and XSS in photokorn gallery Home Page: http://www.telekorn.com Уязвимость/Vulnerability: SQL-injection Уязвимый скрипт/Vulnerable script: search.php http://www.stockvault.net/gallery/search.php?action=search&type=detail&where=keywords'&keyword=dotted Раскрытие установочно...
XSS in AShop
Advisory: AShop Home Page: www.ashopsoftware.com Уязвимость/Vulnerability: Межсайтовый скриптинг/Cross Site Scripting Уязвимый скрипт/Vulnerable script: search.php, catalogue.php http://www.amfengshui.com/ashop-jp/search.php?searchstring="scriptalert/script"...
Sql injection
Multiple SQL injection vulnerabilities in DSDownload 1.0, with magicquotesgpc disabled, allow remote attackers to execute arbitrary SQL commands via the 1 key and 2 category parameters to a search.php and b downloads.php...
ofsatr 2.6 search for vulnerabilities simple analysis-vulnerability warning-the black bar safety net
Information source: cool-off heaven Article author: lanker See online have a similar tool, but the analysis of the articles but did not find, listen to small black say hackers Handbook, unfortunately even without the magazine, so you capture and then look at the code, generally analysis a bit. Th...
MyBB search.php 'forums' Parameter SQLi
The version of MyBB running on the remote host is affected by a SQL injection vulnerability due to improper sanitization of user-supplied input to the 'forums' parameter of the search.php script. A remote attacker can exploit this issue to manipulate SQL queries, resulting in the disclosure of...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in sBlog 0.7.2 allow remote attackers to inject arbitrary web script or HTML via the 1 keyword parameter to search.php or 2 username parameter to commentsdo.php...
sBlog 0.7.2 - search.php?keyword POST Method Cross-Site Scripting
sBlog 0.7.2 - search.php?keyword POST Method Cross-Site Scripting source: https://www.securityfocus.com/bid/17044/info sBlog is prone to HTML-injection vulnerabilities. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. Attacker-suppli...
Sql injection
Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the 1 folder parameter to feed.php or 2 rssquery parameter to search.php...
CVE-2006-1042
CVE-2006-1042 affects Gregarius 0.5.2. The vulnerability is a SQL injection in the web UI, exploitable via the 1) folder parameter to feed.php or 2) rss_query parameter to search.php, enabling remote attackers to execute arbitrary SQL commands. The provided sources describe multiple SQL injection...