CVE-2006-3115

The CVE-2006-3115 entry concerns phpRaid (versions around 3.0.4 onward). According to Secunia Research, there are SQL injection vulnerabilities in phpRaid's view.php where user-supplied input in the raid_id parameter is not properly sanitized before being used in SQL queries, enabling remote mani...

CVE-2006-2885

Multiple cross-site scripting XSS vulnerabilities in KnowledgeTree Open Source 3.0.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 fDocumentId parameter in view.php and the 2 fSearchableText parameter in /search/simpleSearch.php...

CVE-2006-2637

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

CVE-2006-2637

The CVE-2006-2637 entry describes a cross-site scripting (XSS) vulnerability in view.php of TuttoPhp variants Morris Guestbook 1, Pretty Guestbook 1, and Smile Guestbook 1. An attacker can inject arbitrary script/HTML by providing a javascript: URI in the SRC attribute of an IMG element via the p...

CVE-2006-2637

Cross-site scripting XSS vulnerability in view.php in TuttoPhp 1 Morris Guestbook 1, 2 Pretty Guestbook 1, and 3 Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the pagina parameter...

CVE-2006-2610

Cross-site scripting XSS vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the 1 URL query string and the 2 Sort parameter...

phpRaidXSS.txt

phpRaid "view.php" XSS Vulnerability Script : phpRaid Script Website : http://www.spiffyjr.com/ Version : phpRaid v2.9.5 This Xss Works On phpRaid Exploit ; 1- Http://www.example.com/phpRaid/view.php?alert'Xss%20Vulnerability'; 2-...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to 1 comentarii.php or 2 view.php. NOTE: this issue might be resultant from SQL injection...

CVE-2006-2243

Multiple cross-site scripting XSS vulnerabilities in Web4Future News Portal allow remote attackers to inject arbitrary web script or HTML via the ID parameter to 1 comentarii.php or 2 view.php. NOTE: this issue might be resultant from SQL injection...

CVE-2005-4799

Multiple cross-site scripting XSS vulnerabilities in Yet Another PHP Image Gallery YaPIG 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the Homepage field aka the Website field in an "image-related comment" and 2 the imgsize field in view.php. NOTE: due to...

CVE-2005-4164

CVE-2005-4164 is a SQL injection vulnerability in the view.php component of PHP-addressbook 1.2. An attacker can submit a crafted id parameter to remote-execute arbitrary SQL commands, with impact described as partial confidentiality, integrity, and availability. The NVD entry lists a base score ...

CVE-2005-4164

SQL injection vulnerability in view.php in PHP-addressbook 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2005-4035

Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 prod, and 2 brid parameters to a view.php; the 3 the bid parameter to b viewbrands.php; and the 4 grp and 5 cat parameters to...

CVE-2005-4043

SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 arrange and 2 p parameters...

CVE-2005-4043

CVE-2005-4043 is an SQL injection vulnerability in Hobosworld HobSR 1.0 and earlier, exploitable via view.php parameters (1) arrange and (2) p to allow remote arbitrary SQL execution. Affected: Hobosworld HobSR before a specific patch/version; root cause is unsanitized input in view.php. Impact: ...

CVE-2005-4043

SQL injection vulnerability in view.php in Hobosworld HobSR 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 arrange and 2 p parameters...

HobSR SQL inj. vuln

HobSR SQL inj. vuln Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/hobsr-sql-inj-vuln.html vendor:www.hobosworld.com/scripts.php?id=5 affected version:1.0 and prior Product Description: HobSR is an top sites script where users sign up to have their...

MySQL AB Eventum 1.x - 'view.php?id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/14436/info MySQL Eventum is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage any of these issues to have arbitrary script code...

CVE-2005-1886

Cross-site scripting XSS vulnerability in view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to inject arbitrary web script or HTML via 1 the phid parameter or 2 unknown parameters when posting a new comment...