2388 matches found
CVE-2007-6486
Multiple cross-site scripting XSS vulnerabilities in shout.php aka the shoutbox in LineShout 1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 username nickname or 2 message parameter. NOTE: some of these details are obtained from third party information...
Sql injection
SQL injection vulnerability in index.php in phpRPG 0.8, when magicqutoesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-6469
SQL injection vulnerability in index.php in phpRPG 0.8, when magicqutoesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-6469
CVE-2007-6469 affects phpRPG 0.8 with an SQL injection in index.php triggered via the username parameter when magic_quotes_gpc is disabled. Remote attackers could potentially execute arbitrary SQL commands. The public records supplied do not include exploitation details or a confirmed remediation...
CVE-2007-6168
SQL injection vulnerability in default.asp in VU Case Manager allows remote attackers to execute arbitrary SQL commands via the username parameter, a different vector than CVE-2007-6143. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
FreeBSD : tikiwiki -- multiple vulnerabilities (20a4eb11-8ea3-11dc-a396-0016179b2dd5)
Secunia reports : Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when...
CVE-2007-5702
Cross-site scripting XSS vulnerability in swamp/action/LoginActions aka the login box in the Novell OpenSUSE SWAMP Workflow Administration and Management Platform 1.x allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: some of these details are obtaine...
CVE-2007-5683
Multiple cross-site scripting XSS vulnerabilities in TikiWiki 1.9.8.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the username parameter to the password reminder page tiki-remindpassword.php, 2 IMG tags in wiki pages, and 3 the localphp parameter to...
CVE-2007-5176
Multiple cross-site scripting XSS vulnerabilities in GroupLink eHelpDesk 6.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 NADISPLAYNAME parameter in helpdesk/user/rfcreate.jsp and the 2 username and 3 LDAPError parameters in index2.jsp. NOTE: the provenance of this...
Cross site scripting
Cross-site scripting XSS vulnerability in tiki-remindpassword.php in Tikiwiki aka Tiki CMS/Groupware 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7...
CVE-2007-4554
Cross-site scripting XSS vulnerability in tiki-remindpassword.php in Tikiwiki aka Tiki CMS/Groupware 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the username parameter. NOTE: this issue might be related to CVE-2006-2635.7...
tikiwiki -- multiple vulnerabilities
Secunia reports: Some vulnerabilities have been reported in TikiWiki, which can be exploited by malicious people to conduct cross-site scripting and script insertion attacks and disclose potentially sensitive information. Input passed to the username parameter in tiki-remindpassword.php when remi...
CVE-2007-3992
SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...
Sql injection
SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...
CVE-2007-3097
my.activation.php3 in F5 FirePass 4100 SSL VPN allows remote attackers to execute arbitrary shell commands via shell metacharacters in the username parameter...
Sql injection
SQL injection vulnerability in admin.php in SchoolBoard allows remote attackers to execute arbitrary SQL commands via the 1 username and 2 password parameters. NOTE: CVE disputes this issue, because 'username' does not exist, and the password is not used in any queries...
CVE-2007-2622
Multiple SQL injection vulnerabilities in TaskDriver 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the username parameter to login.php or 2 the taskid parameter to notes.php...
Cross site scripting
Cross-site scripting XSS vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2007-2153
Cross-site scripting XSS vulnerability in atmail.php in @Mail 5.0 allows remote attackers to inject arbitrary web script or HTML via the username parameter...
CVE-2007-2011
Cross-site scripting XSS vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter...