3502 matches found
CVE-2006-2390
Cross-site scripting XSS vulnerability in OZJournals 1.2 allows remote attackers to inject arbitrary web script or HTML via the vname parameter in the comments functionality...
CVE-2006-2390
The set of connected documents confirms a cross-site scripting (XSS) vulnerability in OZJournals 1.2, exploitable via the vname parameter in the comments functionality. The CVSSv2 base score is 5.8 (Medium), with network access required and no user interaction needed, and impact described as part...
CVE-2006-2290
Multiple cross-site scripting XSS vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 email, and 3 url parameter...
CVE-2006-2290
CVE-2006-2290 describes multiple cross-site scripting (XSS) vulnerabilities in kommentar.php of the 2005-Comments-Script. The issue allows remote attackers to inject arbitrary web script or HTML via the 1) id, 2) email, and 3) url parameters. According to NVD, the CVSS v2 base score is 6.8 (Mediu...
CVE-2006-2290
Multiple cross-site scripting XSS vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the 1 id, 2 email, and 3 url parameter...
[SA19996] 2005-Comments-Script Multiple Vulnerabilities
TITLE: 2005-Comments-Script Multiple Vulnerabilities SECUNIA ADVISORY ID: SA19996 VERIFY ADVISORY: http://secunia.com/advisories/19996/ CRITICAL: Moderately critical IMPACT: Cross Site Scripting WHERE: From remote SOFTWARE: 2005-Comments-Script http://secunia.com/product/9778/ DESCRIPTION: Some...
neo-Advisory-20.txt
/ --------------------------------------------------------------- Neo Security Team NST® Advisory 20 --------------------------------------------------------------- Program : CuteNews 1.4.1 Homepage: http://www.cutephp.com Vulnerable Versions: CuteNews 1.4.1 & lower ones Risk: Medium! Impact: Cro...
Cross site scripting
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
CVE-2006-2232
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
CVE-2006-2232
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
security flaw
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
Sql injection
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 tid parameter in a preview.php; the 2 cid, 3 pid, and 4 eid parameters in b archive.php; and the 5 pid parameter in c comments.php...
CVE-2006-1842
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...
ShoutBOOK <= 1.1 XSS
==================== Discovered by: Qex Date: 16 April 2006 ==================== Write a message: Name: XSS Location: optional Website: optional Comments: XSS...
Design/Logic Flaw
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
Cross site scripting
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
CVE-2006-1697
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
CVE-2006-1697
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...