CVE-2005-2820

Cross-site scripting XSS vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "if" and "endif"...

PT-2005-3706 · Maxdev · Maxdev Md-Pro

Name of the Vulnerable Software and Affected Versions: MAXdev MD-Pro versions 1.0.72 and earlier Description: The issue affects one or more modules in MAXdev MD-Pro, including the Download, Search, Web links, Blocks, Messages, News, Comments, Settings, Stats, or subjects modules. The impact and...

[Full-disclosure] Secunia Research: SqWebMail Conditional Comments Script Insertion Vulnerability

====================================================================== Secunia Research 06/09/2005 - SqWebMail Conditional Comments Script Insertion Vulnerability - ====================================================================== Table of Contents Affected...

XSS in GreyMatter blog

Graymatter - perl based web blog. offsite: http://www.greymatterforums.com/ GM analyze posting comments and if post contain some dangerous code like script/script, administrator get message about it in log files. Log files contain not only message, but dangerous code. When admin try to look log...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2005-2689

Multiple cross-site scripting XSS vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via 1 the moderate parameter to the Comments module or 2 htmltext parameter to html/user.php...

CVE-2005-2608

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting XSS attacks in vulnerable applications that use SafeHTML...

CVE-2005-2608

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting XSS attacks in vulnerable applications that use SafeHTML...

vBulletin <= 3.0.6 (Template) Command Execution Exploit (metasploit)

Exploit for unknown platform in category web applications ==================================================================== vBulletin 'vBulletin '$Revision: 1.0 $', 'Authors' = 'str0ke' , 'Arch' = , 'OS' = , 'Priv' = 0, 'UserOpts' = 'RHOST' = 1, 'ADDR', 'The target address', 'RPORT' = 1, 'PORT...

CVE-2005-2152

SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article...

[Full-disclosure] Quickblogger

------------------------------------------------------------ - EXPL-A-2005-011 exploitlabs.com Advisory 040 - ------------------------------------------------------------ - QuickBlogger - AFFECTED PRODUCTS ================= QuickBlogger 1.4 and earlier http://www.jlwebworks.net/ OVERVIEW ========...

Drupal 4.5.3 4.6.1 - Comments PHP Injection

Drupal 4.5.3 4.6.1 - Comments PHP Injection !/usr/bin/perl Mon Jul 4 18:19:35 CEST 2005 [email protected] DRUPAL-SA-2005-002 php injection in comments yes, its lame Hax0r code here, read before execute Run without arguments to show the help. BLINK! BLINK! BLINK! BLINK! Feel free to port to anoth...

Drupal 4.5.3 &lt; 4.6.1 - Comments PHP Injection

!/usr/bin/perl Mon Jul 4 18:19:35 CEST 2005 [email protected] DRUPAL-SA-2005-002 php injection in comments yes, its lame Hax0r code here, read before execute Run without arguments to show the help. BLINK! BLINK! BLINK! BLINK! Feel free to port to another stupid script language mIRC, python, TCL ...

CVE-2004-2138

AllWebScripts MySQLGuest is affected by a cross-site scripting (XSS) vulnerability in AWSguest.php. The issue allows remote attackers to inject arbitrary HTML/PHP via the fields Name, Email, Homepage, or Comments. The exact vulnerable component is AWSguest.php within AllWebScripts MySQLGuest; und...

[Full-disclosure] [DRUPAL-SA-2005-002] Drupal 4.6.2 / 4.5.4 fixes input validation issue

---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-002 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-002 Date: 2005-jun-29 Security risk: highly critical Impact: system...

drupal -- PHP code execution vulnerabilities

Kuba Zygmunt discovered a flaw in the input validation routines of Drupal's filter mechanism. An attacker could execute arbitrary PHP code on a target site when public comments or postings are allowed...

CVE-2005-1715

Cross-site scripting XSS vulnerability in index.php for TOPo 2.2 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the 1 m, 2 s, 3 ID, or 4 t parameters, or the 5 field name, 6 Your Web field, or 7 email field in the comments section...

CVE-2005-1715

CVE-2005-1715 describes a reflected cross-site scripting vulnerability in TOPo 2.2 (version 2.2.178), specifically in index.php. The issue allows remote attackers to inject arbitrary script/HTML via several inputs in the comments section and related fields: (1) m, (2) s, (3) ID, (4) t, and (5) fi...

CVE-2005-1511

PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie...

CVE-2005-1499

CVE-2005-1499 affects myBloggie 2.1.1 via delcomment.php, where remote attackers can delete arbitrary comments by modifying the comment_id parameter. The NVD notes a CVSSv2 base score of 7.5 (HIGH) with network attack vector, low attack complexity, no authentication required, and partial impact o...