ar-blogv5.2.txt

Software: ar-blog Web Site: http://www.ar-blog.com Versions: ar-blog v 5.2 Type: Cross Site Scripting Class: Remote Exploit : 1- http://www.target.com/index.php?page=showtopis&month=XSS&year=1426&all=9 2- http://www.target.com/index.php?page=showtopis&month=9&year=XSS&all=9 Example : 1-...

CVE-2005-4439

Buffer overflow in ELOG elogd 2.6.0-beta4 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a URL with a long 1 cmd or 2 mode parameter...

CVE-2004-2193

The CVE-2004-2193 issue affects CJOverkill’s trade.php (versions older than 4.0.4) with a cross-site scripting (XSS) vulnerability. The flaw arises from insufficient sanitization of user-supplied input, enabling remote attackers to inject script via the tms[0] or url parameters. OpenVAS entries c...

CVE-2005-0723

Cross-site scripting XSS vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php...

CVE-2005-0723

Cross-site scripting XSS vulnerability in the jumpmenu function in functions.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the URL parameters, which is not properly cleansed in the $pageurl variable, as demonstrated using pafiledb.php...

CVE-2004-0265

Cross-site scripting XSS vulnerability in modules.php for Php-Nuke 6.x-7.1.0 allows remote attackers to execute arbitrary script as other users via URL-encoded 1 title or 2 fname parameters in the News or Reviews modules...

CVE-2002-1430

CVE-2002-1430 : Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters. Exploitation details are not provided in the connected documents; the description indicates a ...

Character not allowed in user name

A user has sign up with the user name "m&m". The i tried to modify this user. Because the username is passed as url parameter FooServlet?name=m&m : GET or POST method the servlet container cut the name and try to retreive the username named "m" !!! The only way is to use a database client, change...

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters...

Sun ONE Application Server 7.0 - Error Message Cross-Site Scripting

source: https://www.securityfocus.com/bid/7710/info Sun ONE Application Server has been reported prone to a cross-site scripting vulnerability. Sun ONE Application Server does not adequately filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied...

CVE-2002-1422

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters...

Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities

Geeklog 1.3.5 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/4969/info Geeklog does not filter script code from URL parameters, making it prone to cross-site scripting attacks. Attacker-supplied script code may be included in a malicious link to the...

Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting

Critical Path InJoin Directory Server 4.0 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4717/info Critical Path provides an LDAP Lightweight Directory Access Protocol Directory Server called InJoin. InJoin Directory is provided for Microsoft Windows operating systems and Unix...

MiniBB 1.2 - Cross-Site Scripting

MiniBB 1.2 - Cross-Site Scripting source: https://www.securityfocus.com/bid/4619/info MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. MiniBB does not filter script code from URL parameters, making it...

MiniBB 1.2 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/4619/info MiniBB is web forum software. It is written in PHP and will run on most Unix and Linux variants as well as Microsoft Windows operating systems. MiniBB does not filter script code from URL parameters, making it prone to cross-site scripting...

NFuse Cross Site Scripting vulnerability

Hi, NFuse provides several jsp or asp pages to make a portal. In one this page launch.jsp or launch.asp it's possible to use the method getLastError of the TemplateParser object in fact this method is inherited from the WebPNObject object. The CSS problem comes from the getLastError method. It do...

AOL Instant Messenger 4.04.1.20104.2.1193 - BuddyIcon Buffer Overflow

AOL Instant Messenger 4.04.1.20104.2.1193 - BuddyIcon Buffer Overflow source: https://www.securityfocus.com/bid/2122/info AOL Instant Messenger AIM is a real time messaging service for users that are on line. When AOL Instant Messenger is installed, by default it configures the system so that the...