329 matches found
Sql injection
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...
CVE-2006-6087
Cross-site scripting XSS vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter...
CVE-2006-6087
The CVE-2006-6087 entry concerns XSS in weblog.php of the My Little Weblog project, allowing remote attackers to inject arbitrary script/HTML via the action parameter. The vulnerability is located in weblog.php and is triggered by crafting the action parameter to include script/HTML. The connecte...
CVE-2006-6032
SPHPBlog (Simple PHP Blog) is affected by XSS in CVE-2006-6032. Concrete details from the connected data show vulnerable code paths in SPHPBlog where input is used without proper validation for two parameters: the action parameter in add_block.php and the entry parameter in index.php. The descrip...
My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting
My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21238/info My Little Weblog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'action' parameter of the 'weblog.php' script...
PT-2006-6339 · Ig · Ig Shop
Name of the Vulnerable Software and Affected Versions: iG Shop version 1.4 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings in the change pass.php file when the action...
CVE-2006-5504
Cross-site scripting XSS vulnerability in index.php in Simple Machines Forum SMF allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter...
CVE-2006-5503
Cross-site scripting XSS vulnerability in index.php in Simple Machines Forum SMF 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter...
CVE-2006-5447
Cross-site scripting XSS vulnerability in index.php in DEV Web Management System WMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter...
CVE-2006-4543
Cross-site scripting XSS vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the 1 game parameter in players mode, the 2 weapon parameter in weaponinfo mode, the 3 st parameter in search mode, the 4 action parameter in actioninfo mode, and...
CVE-2006-3138
Multiple cross-site scripting XSS vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PIC parameter in offers-pix.php, 2 from parameter in cp/index.php, and 3 action parameter in cp/adminindex.php...
CVE-2006-1971
Cross-site scripting XSS vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter...
CVE-2006-1971
Cross-site scripting XSS vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter...
Design/Logic Flaw
xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the 1 action parameter to membersonly/index.cgi and 2 page parameter customerarea/index.cgi, probably due to invalid values...
Cross site scripting
DISPUTED Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a...
CVE-2006-1096
Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate...
PT-2006-2123 · Nz · Nz Ecommerce
Name of the Vulnerable Software and Affected Versions: NZ Ecommerce affected versions not specified Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the action parameter in index.php. The vendor has disputed this issue, but research...
CVE-2005-4609
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter...
CVE-2005-3958
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 idcat parameter in a showcat action and 2 the action parameter...
CVE-2005-3894
Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...