306 matches found
CVE-2007-3822
Multiple cross-site scripting XSS vulnerabilities in Webcit before 7.11 allow remote attackers to inject arbitrary web script or HTML via 1 the who parameter to showuser; and other vectors involving 2 calendar mode, 3 bulletin board mode, 4 room names, and 5 uploaded file names...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
CVE-2007-3254
Multiple cross-site scripting XSS vulnerabilities in Xythos Enterprise Document Manager XEDM before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via 1 a saved Workflow name; 2 a Workflow name, related to deletion of a Workflow template...
Sql injection
SQL injection vulnerability in index.php in IceBB 1.0-rc5 allows remote authenticated users to execute arbitrary SQL commands via the filename of an uploaded file to the avatar function, as demonstrated by setting admin privileges...
CVE-2006-3731
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service crash via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related to the LiveHTTPHeaders extension...
[eVuln] MyPhPim Arbitrary File Upload
New eVuln Advisory: MyPhPim Arbitrary File Upload --------------------Summary---------------- Software: MyPhPim Sowtware's Web Site: http://sourceforge.net/projects/myphpim/ Versions: 01.05 Critical Level: Moderate Type: File Upload Class: Remote Status: Unpatched Exploit: Available Solution: Not...