Lucene search
K

306 matches found

NVD
NVD
added 2007/07/17 1:30 a.m.18 views

CVE-2007-3822

Multiple cross-site scripting XSS vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via 1 the who parameter to showuser; and other vectors involving 2 calendar mode, 3 bulletin board mode, 4 room names, and 5 uploaded file names...

2.6CVSS5.7AI score0.02478EPSS
Exploits1References10
Prion
Prion
added 2007/06/27 6:30 p.m.15 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...

3.5CVSS5.6AI score0.01774EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2007/06/27 6:0 p.m.18 views

CVE-2007-3254

Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...

5.3AI score0.01774EPSS
Exploits0References12
Prion
Prion
added 2007/03/28 10:19 a.m.14 views

Sql injection

SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges...

9.3CVSS8.5AI score0.01801EPSS
Exploits0References7Affected Software1
NVD
NVD
added 2006/07/21 2:3 p.m.18 views

CVE-2006-3731

Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service crash via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension...

2.6CVSS6.5AI score0.00946EPSS
Exploits0References2
securityvulns
securityvulns
added 2006/01/12 12:0 a.m.32 views

[eVuln] MyPhPim Arbitrary File Upload

New eVuln Advisory: MyPhPim Arbitrary File Upload --------------------Summary---------------- Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: File Upload Class: Remote Status: Unpatched Exploit: Available Solution: Not...

0.3AI score
Exploits0
Rows per page
Query Builder