vBulletin 3.0 - search.php Cross-Site Scripting

vBulletin 3.0 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/9656/info It has been reported that VBulletin is prone to a cross-site scripting vulnerability in the 'search.php' script. This issue is reportedly due to a failure to sanitize user input and so allow HTML a...

[UNIX] FreznoShop Cross Site Scripting Vulnerability (search.php)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

phpBB 1.x2.0.x - search.php?search_results SQL Injection

phpBB 1.x2.0.x - search.php?searchresults SQL Injection source: https://www.securityfocus.com/bid/9883/info A vulnerability has been reported to exist in the software that may allow a remote user to inject malicious SQL syntax into database queries. The problem reportedly exists in one of the...

phpBB 2.06 search.php SQL injection

Hello bugtraq readers, A vulnerability exists in phpBB 2.06 that could allow an attacker to manipulate SQL queries and gain administrative control over the forum. The search.php script of the application does not sufficiently sanitize the input of the "searchid" parameter. As a result of this an...

CVE-2003-0614

CVE-2003-0614 is a cross-site scripting (XSS) vulnerability in Gallery (web-based photo album) affecting Gallery 1.1 through 1.3.4. The vulnerability resides in search.php, where unsanitized input from the searchstring parameter can be exploited to inject arbitrary JavaScript into a victim’s brow...

Gallery search.php searchstring Parameter XSS

The version of Gallery hosted on the remote web server is affected by a cross-site scripting attack due to a failure to properly sanitize user-supplied input to the 'searchstring' parameter of the 'search.php' script. A remote attacker may use this to steal the cookies from the legitimate users o...

CVE-2002-1457

SQL injection vulnerability in search.php for L-Forum 2.40 allows remote attackers to execute arbitrary SQL statements via the search parameter...

CVE-2002-1457

CVE-2002-1457 targets L-Forum 2.40. It describes a SQL injection in search.php via the search parameter that could allow remote attackers to execute arbitrary SQL statements. The connected documents confirm the affected software (L-Forum 2.40) and the vulnerable component (search.php) with the un...

phpBB 2.0.3 - 'search.php' Cross-Site Scripting

source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an attacker to steal a legitimate users...

phpBB 2.0.3 - search.php Cross-Site Scripting

phpBB 2.0.3 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/6311/info phpBB is vulnerable to cross site scripting attacks. This is due to insufficient santization of user-supplied input. The problem is located in the search.php script. This issue may be exploited by an...

CVE-2002-1131

Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier allows remote attackers to execute script as other web users via 1 addressbook.php, 2 options.php, 3 search.php, or 4 help.php...

Leszek Krupinski L-Forum 2.4 - Search Script SQL Injection

Leszek Krupinski L-Forum 2.4 - Search Script SQL Injection source: https://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the sear...

Leszek Krupinski L-Forum 2.4 - Search Script SQL Injection

source: https://www.securityfocus.com/bid/5468/info Reportedly, L-Forum is vulnerable to SQL injection attacks. The vulnerability lies in the file 'search.php' L-Forum does not properly sanitize user input that is used as part of the search parameter in the 'search.php' file. SQL code may be...