MonAlbum 0.8.7 SQL Injection

advisory by undefined1 @ bash-x.net/undef/ Mon Album 0.8.7 http://www.3dsrc.com/monalbum/ There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php line 99 if isset$GET"pc" $pc = $GET"pc"; ... no sanity checks if isset$pc && $grechinactive $result = executerequete"select idrub, nom,...

CVE-2006-1106

Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...

DEBIAN-CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

GLSA-200603-01 : WordPress: SQL injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200603-01 WordPress: SQL injection vulnerability Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already...

WordPress: SQL injection vulnerability

Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...

WordPress2.0.0-autorswebsite.txt

original advisory ——————-Summary—————- Software: WordPress Sowtware’s Web Site: http://www.wordpress.org Versions: 2.0.0 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: Low —————–Description————— There is some security bug in...

XSS bugs and SQL injection in sNews

Official page : http://www.solucija.com/home/snews/ XSS in comments : just post some comment with scriptalert'XSS TEST by securitydot.net';/script FIX : put this on 423 line $r = strreplace "","&lt",$r; $r = strreplace "","&lg",$r; Injection through categories : index.php?category=120or201=2 FIX ...

Cross site scripting

Cross-site scripting XSS vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the 1 shoutname field in shoutboxpanel.php and the 2 comments field in commentsinclude.php...

CVE-2006-0593

Cross-site scripting XSS vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the 1 shoutname field in shoutboxpanel.php and the 2 comments field in commentsinclude.php...

sPaizXSS.txt

NightWarrior nightwarrior771athotmail.com sPaiz-Nuke Cross-Site Scripting Vulnerability http://www.alstrasoft.com http://www.example.com/sPaiz-Nuke/modules.php?name=Articles&file=search&query=XSS&type=articles&type=comments...

CVE-2006-0239

Multiple cross-site scripting XSS vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via 1 a comment to comments.asp and 2 possibly certain other fields in unspecified scripts...

CVE-2006-0239

Multiple cross-site scripting XSS vulnerabilities in Simple Blog 2.1 allow remote attackers to inject arbitrary web script or HTML via 1 a comment to comments.asp and 2 possibly certain other fields in unspecified scripts...

CVE-2005-4228

Multiple SQL injection vulnerabilities in PhpWebGallery 1.5.1 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 since, 2 sortby, and 3 itemsnumber parameters to comments.php, 4 the search parameter to category.php, and 5 imageid parameter to picture.php. NOTE: it was...

PluggedOut Blog SQL vuln.

PluggedOut Blog SQL vuln. Vuln. dicovered by : r0t Date: 5 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/pluggedout-blog-sql-vuln.html vendor:www.pluggedout.com/index.php?pk=devblog affected version:1.9.4 , 1.9.5 and prior Product Description: Blog is an open source script you ca...

CVE-2005-3104

Movable Type

CVE-2005-3104

mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments...

Courier mail server crossite scripting

Internet Explorer Conditional Comments crossite scripting with sqwebmail...

CVE-2005-2820

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...

CVE-2005-2820

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...

DEBIAN-CVE-2005-2820

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...