Lucene search
+L

329 matches found

prion
prion
added 2007/01/09 11:28 a.m.20 views

Sql injection

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

7.5CVSS8.5AI score0.11327EPSS
Exploits1References11Affected Software1
nvd
nvd
added 2006/11/24 6:7 p.m.14 views

CVE-2006-6087

Cross-site scripting XSS vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter...

4.3CVSS5.6AI score0.01826EPSS
Exploits0References6
cve
cve
added 2006/11/24 6:0 p.m.46 views

CVE-2006-6087

The CVE-2006-6087 entry concerns XSS in weblog.php of the My Little Weblog project, allowing remote attackers to inject arbitrary script/HTML via the action parameter. The vulnerability is located in weblog.php and is triggered by crafting the action parameter to include script/HTML. The connecte...

4.3CVSS5.6AI score0.01826EPSS
Exploits0References6Affected Software1
cve
cve
added 2006/11/21 11:0 p.m.43 views

CVE-2006-6032

SPHPBlog (Simple PHP Blog) is affected by XSS in CVE-2006-6032. Concrete details from the connected data show vulnerable code paths in SPHPBlog where input is used without proper validation for two parameters: the action parameter in add_block.php and the entry parameter in index.php. The descrip...

6.8CVSS5.7AI score0.01191EPSS
Exploits0References3Affected Software1
exploitpack
exploitpack
added 2006/11/21 12:0 a.m.11 views

My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting

My Little Weblog 2006.11.21 - Weblog.php Cross-Site Scripting source: https://www.securityfocus.com/bid/21238/info My Little Weblog is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input to the 'action' parameter of the 'weblog.php' script...

6.8AI score
Exploits0
ptsecurity
ptsecurity
added 2006/10/31 12:0 a.m.10 views

PT-2006-6339 · Ig · Ig Shop

Name of the Vulnerable Software and Affected Versions: iG Shop version 1.4 Description: The issue is related to a cross-site scripting XSS vulnerability. It allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings in the change pass.php file when the action...

6.8CVSS6.1AI score0.01324EPSS
Exploits1References6
nvd
nvd
added 2006/10/25 10:7 p.m.14 views

CVE-2006-5504

Cross-site scripting XSS vulnerability in index.php in Simple Machines Forum SMF allows remote attackers to inject arbitrary web script or HTML via a base64 encoded params value in the action parameter...

4.3CVSS5.6AI score0.0112EPSS
Exploits0References5
nvd
nvd
added 2006/10/25 10:7 p.m.11 views

CVE-2006-5503

Cross-site scripting XSS vulnerability in index.php in Simple Machines Forum SMF 1.1 RC2 allows remote attackers to inject arbitrary web script or HTML via the action parameter...

4.3CVSS5.7AI score0.01575EPSS
Exploits1References4
cvelist
cvelist
added 2006/10/23 5:0 p.m.21 views

CVE-2006-5447

Cross-site scripting XSS vulnerability in index.php in DEV Web Management System WMS 1.5 allows remote attackers to inject arbitrary web script or HTML via the action parameter...

5.7AI score0.01173EPSS
Exploits1References5
nvd
nvd
added 2006/09/06 12:4 a.m.24 views

CVE-2006-4543

Cross-site scripting XSS vulnerability in index.php in HLStats 1.34 allows remote attackers to inject arbitrary web script or HTML via the 1 game parameter in players mode, the 2 weapon parameter in weaponinfo mode, the 3 st parameter in search mode, the 4 action parameter in actioninfo mode, and...

6.8CVSS5.6AI score0.01869EPSS
Exploits1References4
nvd
nvd
added 2006/06/22 10:6 p.m.13 views

CVE-2006-3138

Multiple cross-site scripting XSS vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PIC parameter in offers-pix.php, 2 from parameter in cp/index.php, and 3 action parameter in cp/adminindex.php...

4.3CVSS5.8AI score0.02049EPSS
Exploits0References8
nvd
nvd
added 2006/04/21 10:2 a.m.16 views

CVE-2006-1971

Cross-site scripting XSS vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter...

4.3CVSS5.7AI score0.02093EPSS
Exploits1References8
cvelist
cvelist
added 2006/04/21 10:0 a.m.17 views

CVE-2006-1971

Cross-site scripting XSS vulnerability in login.php in KRANKIKOM ContentBoxX allows remote attackers to inject arbitrary web script or HTML via the action parameter...

5.7AI score0.02093EPSS
Exploits1References8
prion
prion
added 2006/04/19 4:6 p.m.15 views

Design/Logic Flaw

xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the 1 action parameter to membersonly/index.cgi and 2 page parameter customerarea/index.cgi, probably due to invalid values...

5CVSS7.2AI score0.01377EPSS
Exploits0References3Affected Software1
prion
prion
added 2006/03/09 1:6 p.m.15 views

Cross site scripting

DISPUTED Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a...

4.3CVSS6AI score0.01221EPSS
Exploits1References5
cvelist
cvelist
added 2006/03/09 11:0 a.m.16 views

CVE-2006-1096

Cross-site scripting XSS vulnerability in index.php in NZ Ecommerce allows remote attackers to inject arbitrary web script or HTML via the action parameter. NOTE: the vendor has disputed this issue in a comment on the researcher's blog, but research by CVE suggests that this might be a legitimate...

5.7AI score0.01221EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2006/03/09 12:0 a.m.4 views

PT-2006-2123 · Nz · Nz Ecommerce

Name of the Vulnerable Software and Affected Versions: NZ Ecommerce affected versions not specified Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the action parameter in index.php. The vendor has disputed this issue, but research...

4.3CVSS5.9AI score0.01221EPSS
Exploits1References7
nvd
nvd
added 2005/12/31 5:0 a.m.12 views

CVE-2005-4609

index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter...

5CVSS6.2AI score0.01425EPSS
Exploits0References5
cvelist
cvelist
added 2005/12/01 11:0 a.m.20 views

CVE-2005-3958

SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 idcat parameter in a showcat action and 2 the action parameter...

8.3AI score0.0128EPSS
Exploits1References6
cvelist
cvelist
added 2005/11/29 9:0 p.m.28 views

CVE-2005-3894

Multiple cross-site scripting XSS vulnerabilities in index.pl in Open Ticket Request System OTRS 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via 1 hex-encoded values in the QueueID parameter and 2 Action parameters...

5.4AI score0.06254EPSS
Exploits1References15
Rows per page
Query Builder