EUVD-2009-2908

Malware in sbrugna...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 component and 2 priority parameters to buglist.php; and the 3 Username 4 E-mail, 5 Pass, and 6 Confirm pass fields to createaccount.php...

CVE-2009-2920

Multiple cross-site scripting XSS vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 component and 2 priority parameters to buglist.php; and the 3 Username 4 E-mail, 5 Pass, and 6 Confirm pass fields to createaccount.php...

CVE-2009-2920

CVE-2009-2920 affects Elvin 1.2.2 with multiple Cross-Site Scripting (XSS) flaws. The vulnerabilities allow remote attackers to inject arbitrary scripts via parameters to buglist.php (component, priority) and to createaccount.php (Username, E-mail, Pass, Confirm pass). Attack vector is network-ba...

CVE-2009-2920

Multiple cross-site scripting XSS vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the 1 component and 2 priority parameters to buglist.php; and the 3 Username 4 E-mail, 5 Pass, and 6 Confirm pass fields to createaccount.php...

CVE-2006-3244

Anthill 0.2.6 and earlier are affected by SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands via (1) the order parameter in buglist.php and (2) the bug parameter in query.php. Root cause: improper handling of user-supplied input leads to query manipulation...

CVE-2006-3244

Multiple SQL injection vulnerabilities in Anthill 0.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 order parameter in buglist.php and the 2 bug parameter in query.php...