CVE-2005-0526

Multiple cross-site scripting XSS vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via 1 the search string to search.php, 2 the subject of a PM, which is processed by pm.php, or 3 the body of a PM, which is processed by pmpshow.php...

CVE-2005-0219

Multiple cross-site scripting XSS vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via 1 the index field in addcomment.php, 2 setalbumName, 3 slideindex, 4 slidefull, 5 slideloop, 6 slidepause, 7 slidedir fields in slideshowlow.php, or 8 username...

CVE-2005-0219

Multiple cross-site scripting XSS vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via 1 the index field in addcomment.php, 2 setalbumName, 3 slideindex, 4 slidefull, 5 slideloop, 6 slidepause, 7 slidedir fields in slideshowlow.php, or 8 username...

CVE-2005-0843

CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header...

PHP-Calendar < 0.10.3 includes/search.php SQL Injection

Binary data 2864.prm...

sphpblog search.php q Parameter XSS

Due to a lack of input validation, the remote version of Simple PHP Blog can be used to perform a cross-site scripting attack by injecting arbitrary script code to the 'q' parameter of the search.php script. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include 'compat.inc' ; if...

SPHPBlog 0.4 - &#039;search.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/13170/info sphpBlog is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code executed in the browser ...

CVE-2005-0843

CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header...

CVE-2005-0843

CVE-2005-0843 : In Phorum 5.0.14a, the file search.php is vulnerable to a CRLF injection via the body parameter, which is included in the HTTP Location header. This allows remote attackers to perform HTTP response splitting. The issue is documented in multiple sources (NVD entry for CVE-2005-0843...

Software PBLang 4.65 search.php XSS vulnerability

HRG - Hackerlounge Research Group Release: HRG001 Friday 11-02-05 Software PBLang 4.65 search.php XSS vulnerability The author can't be held responsible for any damage done by a reader. You have your own resonsibility Please use this document like it's meant to. Vulnerable: PBLang 4.65 current an...

CVE-2005-0526

Multiple cross-site scripting XSS vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via 1 the search string to search.php, 2 the subject of a PM, which is processed by pm.php, or 3 the body of a PM, which is processed by pmpshow.php...

CVE-2004-2076

Cross-site scripting XSS vulnerability in search.php for Jelsoft vBulletin 3.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the query parameter...

CVE-2004-2350

SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 allows remote attackers to execute arbitrary SQL and gain privileges via the searchresults parameter...

CVE-2004-2511

Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the year, 2 month, and 3 day parameters in calendar.php; 4 the cid and 5 url parameters in index.php; 6 the cid parameter in annoucement.php; 7 the...

CVE-2004-0032

CVE-2004-0032 describes a cross-site scripting (XSS) vulnerability in PHPGEDVIEW 2.61, exploitable via the firstname parameter in search.php. The issue allows remote attackers to inject arbitrary HTML/web script when processing user-supplied input. The provided connected documents confirm the aff...

Cross Site Scripting in XOOPS Version 2.x Dictionary module

-------------------------------------------------------------------------- Cross Site Scripting in XOOPS Version 2.x Dictionary module -------------------------------------------------------------------------- Type: Cross Site Scripting XSS Titule: Xoops Dictionary module by nagl Date: August 28,...

CVE-2004-1640

Multiple cross-site scripting XSS vulnerabilities in XOOPS 0.94 and 1.0 allow remote attackers to execute arbitrary web script and HTML via the 1 terme parameter to search.php or 2 letter parameter to letter.php...

sBLOG <= 0.7.2 search.php keyword Parameter SQL Injection

Binary data 3528.prm...

CVE-2004-0338

The CVE-2004-0338 affects Invision Board Forum's search.php; a SQL injection via the st parameter allows remote arbitrary queries. The connected sources (NVD, CVE records, CVEList) confirm the vulnerability but do not provide exploit code or active exploitation status in these documents. No remed...

vBulletin 3.0 - &#039;search.php&#039; Cross-Site Scripting

source: https://www.securityfocus.com/bid/9656/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'search.php' script. This issue is reportedly due to a failure to sanitize user input and so allow HTML and script code that may facilitate cross-site...