CVE-2004-1466

The settimelimit function in Gallery before 1.4.4p2 deletes non-image files in a temporary directory every 30 seconds after they have been uploaded using savephotos.php, which allows remote attackers to upload and execute execute arbitrary scripts before they are deleted, if the temporary directo...

CVE-2004-0875

Multiple cross-site scripting XSS vulnerabilities in Phpgroupware aka webdistro 0.9.16.002 and earlier allow remote attackers to insert arbitrary HTML or web script, as demonstrated with a request to the wiki module...

Squirrelmail: Another XSS vulnerability

Background SquirrelMail is a webmail package written in PHP. It supports IMAP and SMTP, and can optionally be installed with SQL support. Description A new cross-site scripting XSS vulnerability in Squirrelmail-1.4.3rc1 has been discovered. In functions/mime.php Squirrelmail fails to properly...

CVE-2003-1277

Cross-site scripting XSS vulnerabilities in Yet Another Bulletin Board YaBB 1.5.0 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via cookies by injecting arbitrary HTML or script into 1 newsicon of newstemplate.php, and 2 threadid a...

CVE-2001-1370

CVE-2001-1370 affects PHPLib before 7.2d when register_globals is on, allowing remote code execution by sending an HTTP request that overwrites $_PHPLIB[libdir] to load code from another server. The issue is observed in Horde 1.2.5 and earlier, and in IMP before 2.2.6. Debian’s DSA-073-1 referenc...

CVE-2002-1007

Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via 1 the courseid parameter in a link to login.pl, 2 the CTID parameter in ProcessInfo.cgi, or 3 the Message parameter in index.cgi...