PT-2011-4932 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr version 3.1.0 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the username parameter in a setup action to "admin/company.php", or the PATH INFO to "admin/security...

F3Site 2011 alfa 1 - Cross-Site Scripting / Cross-Site Request Forgery

Vulnerability ID: HTB22757 Reference: http://www.htbridge.ch/advisory/xsrfcsrfinf3site.html Product: F3Site Vendor: COMPMaster http://dhost.info/compmaster/ Vulnerable Version: 2011 alfa 1 and probably prior versions Vendor Notification: 21 December 2010 Vulnerability Type: CSRF Cross-Site Reques...

CVE-2009-2854

Wordpress before 2.8.3 does not check capabilities for certain actions, which allows remote attackers to make unauthorized edits or additions via a direct request to 1 edit-comments.php, 2 edit-pages.php, 3 edit.php, 4 edit-category-form.php, 5 edit-link-category-form.php, 6 edit-tag-form.php, 7...

Code injection

U&M Software Signup 1.0 and 1.1 does not require administrative authentication for all scripts in the admin/ directory, which allows remote attackers to have an unspecified impact via a direct request to 1 adminstart.php, 2 admineventtype.php, 3 admineventdetails.php, 4 admineventlist.php, 5...

DEBIAN-CVE-2008-0195

WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive information via an empty value of the page parameter to certain PHP scripts under wp-admin/, which reveals the path in various error messages...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

CVE-2007-6633

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

CVE-2007-6633

Multiple cross-site scripting XSS vulnerabilities in FAQMasterFlexPlus, possibly 1.5 or 1.52, allow remote attackers to inject arbitrary web script or HTML via 1 the catname parameter to faq.php; and unspecified parameters to the 2 add categories, 3 edit categories, 4 delete categories, 5 add faq...

CVE-2007-4861

SAXON 5.4, with displayerrors enabled, allows remote attackers to obtain sensitive information via 1 a direct request for news.php, 2 an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in 3 admin/, 4 rss/, and 5 the ro...

PT-2006-6178 · Hinton Design · Phpht Topsites

Name of the Vulnerable Software and Affected Versions: Hinton Design phpht Topsites affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpht real path parameter to certain scripts, including 1 'index.php', 2 other scripts ...

PT-2006-2739 · Vwar · Virtual War

PHP remote file inclusion vulnerability in Virtual War VWar 1.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the vwar root parameter to 1 admin/admin.php, 2 war.php, 3 stats.php, 4 news.php, 5 joinus.php, 6 challenge.php, 7 calendar.php, 8 member.php, 9 popup.php, and othe...

CVE-2005-3927

Multiple directory traversal vulnerabilities in GuppY 4.5.9 and earlier allow remote attackers to read and include arbitrary files via 1 the meskin parameter to admin/editorTypetool.php, or the lng parameter to the in admin/inc scripts 2 archbatch.php, 3 dbbatch.php, and 4 nwlmail.php...

CVE-2005-2571

FunkBoard 0.66CF (and possibly earlier) has an access-control flaw: the admin/mysql_install.php and admin/pg_install.php scripts are not properly restricted, allowing an attacker to obtain the database username and password or inject arbitrary PHP code into info.php. The issue is described as a l...

Sun AnswerBook2 format string and other vulnerabilities

------------------------------------------------------------------------ DynaWeb httpd Format String and AnswerBook 2 Unauthenticated Admin Script Execution Vulnerabilities Release Date: August 1, 2002 Application: Solaris ab2 1.4.2 / dwhttpd 4.1a6 with patch 110011-02 and before Severity: Remote...