Cross site scripting

Cross-site scripting XSS vulnerability in search.php in MyBulletinBoard MyBB 1.02 allows remote attackers to inject arbitrary web script or HTML via the 1 sortby and 2 sortordr parameters, which are not properly handled in a redirection...

CVE-2006-0470

CVE-2006-0470 describes an XSS vulnerability in MyBB 1.02’s search.php where the sortby and sortordr parameters are not properly handled during redirection. An attacker could inject arbitrary script/HTML by manipulating these parameters, leading to possible remote script execution in the context ...

CVE-2006-0450

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service application crash by 1 registering many users through profile.php or 2 using search.php to search in a certain way that confuses the database...

Code injection

phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service application crash by 1 registering many users through profile.php or 2 using search.php to search in a certain way that confuses the database...

MyBB 1.0.2 XSS attack in search.php redirection

http://127.0.0.1/mybb/search.php?action=dosearch&keywords=&postthread=1&author=imei&matchusername=1&forums=all&findthreadst=1&numreplies=&postdate=0&pddir=1&sortby="script language=javascriptalertdocument.cookie/script&sorder=1&showresults=threads&submit=Search...

CVE-2006-0406

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters...

CVE-2006-0406

CVE-2006-0406 affects MyBB 1.0.2: the search.php component can leak schema details by returning a SQL error message that reveals the database table prefix, due to certain search parameters. This is a remote-information-disclosure risk without explicit exploitation details in the provided document...

Sql injection

Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058...

CVE-2006-0334

Cross-site scripting XSS vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim that the affected parameter is "q", but the only public archive of the original researcher...

CVE-2006-0334

CVE-2006-0334 describes a reflected cross-site scripting (XSS) vulnerability in the search.php of My Amazon Store Manager 1.0. The issue enables an attacker to inject arbitrary web script or HTML by supplying crafted input via the Keywords parameter (note: some sources reference parameter q, but ...

dcpXSS.txt

NightWarrior nightwarrior771athotmail.com DCP Portal Cross-Site Scripting Vulnerability http://www.dcp-portal.org http://vicktimhost/calendar.php?show=fullmonth&s=1&submit=GO&day=XSS http://vicktimhost/search.php post this code alert'nightwarrior';...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 p and 2 keyword parameters in a index.php and b search.php...

CVE-2006-0101

Multiple cross-site scripting XSS vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 p and 2 keyword parameters in a index.php and b search.php...

CVE-2006-0101

Multiple cross-site scripting XSS vulnerabilities in sBLOG 0.7.1 Beta 20051202 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 p and 2 keyword parameters in a index.php and b search.php...

Sql injection

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2006-0068

SQL injection vulnerability in Primo Cart 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 q parameter to search.php and 2 email parameter to user.php...

CVE-2005-4642

Multiple cross-site scripting XSS vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to 1 search.php, 2 members.php, 3 stats.php, 4 viewforum.php, 5 register.php, 6 usercp.php, 7 groups.php, 8 pms.php, and 9 calendar.php...

CVE-2005-4547

The vulnerability is a Cross-site Scripting (XSS) issue in eggblog 2.0, specifically in home/search.php, where the q parameter used by Keyword and Search fields can allow remote attackers to execute arbitrary SQL commands. The description notes XSS as the vulnerability type but the impact is stat...

CVE-2005-4546

CVE-2005-4546 affects eggblog 2.0: the search.php module exposes the server full path to remote attackers via an invalid q parameter, with the description suggesting a possible SQL injection trigger. The concrete impact stated is path disclosure; no additional exploit details are provided in the ...