CVE-2006-4496

Cross-site scripting XSS vulnerability in comments.php in IwebNegar 1.1 allows remote attackers to inject arbitrary web script or HTML via the comment parameter...

CVE-2006-4496

CVE-2006-4496 affects IwebNegar 1.1, with a cross-site scripting (XSS) vulnerability in comments.php exploitable via the comment parameter to inject arbitrary script/HTML. The NVD notes a MEDIUM severity (CVSSv2 base 4.3) and no authentication required, with user interaction not required but with...

IwebNegar v1.1 Multiple vulnerabilities

:: IwebNegar v1.1 Multiple vulnerabilities :: ------------------------------------------------ Software : IwebNegar v1.1 Website : ---- Bug Discover : Hessam-x / www.hessamx.net I. Cross Site Scripting Vulnerability ------------------------------------------------- Parameter "comment" are not...

IwebNegar 1.1 - comments.php SQL Injection

IwebNegar 1.1 - comments.php SQL Injection source: https://www.securityfocus.com/bid/19757/info IwebNegar is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker...

CVE-2006-3476

Cross-site scripting XSS vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter...

CVE-2006-3476

CVE-2006-3476 affects PhpWebGallery prior to or including 1.5.2 (and possibly 1.6.0). The vulnerability is an XSS in comments.php where the keyword parameter can be controlled by an attacker and reflected into the page, allowing remote execution of arbitrary web script or HTML in a victim’s brows...

CVE-2006-3476

Cross-site scripting XSS vulnerability in comments.php in PhpWebGallery 1.5.2 and earlier, and possibly 1.6.0, allows remote attackers to inject arbitrary web script or HTML via the keyword parameter...

phpwebgallery152.txt

Produce : PhpWebGallery = 1.5.2 Site : http://www.phpwebgallery.net Problem : XSS Greetz : hasnaa and all friends Moroccan Security Research Team Vulnerable file : comments.php Exploit : http://localhost/phpwebgallery/comments.php?keyword=%22%3EXSS...

Alex DownloadEngine 1.4.1 - comments.php SQL Injection

Alex DownloadEngine 1.4.1 - comments.php SQL Injection source: https://www.securityfocus.com/bid/18293/info DownloadEngine is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

CVE-2005-3920

SQL injection vulnerability in Babe Logger 2 allows remote attackers to execute arbitrary SQL commands via the 1 gal parameter to index.php or 2 id parameter to comments.php...

CVE-2003-1178

Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 allows remote attackers to execute arbitrary PHP code via the 1 id, 2 templateset, or 3 action parameter...

CVE-2004-1402

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via 1 the string parameter for index.php, 2 comments.php, or 3 the administrator login page...

CVE-2004-1559

Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...

Multiple XSS Vulnerabilities in Wordpress 1.2

Vendor : Wordpress URL : http://wordpress.org/ Version : Wordpress 1.2 Risk : XSS Description: WordPress is a state-of-the-art semantic personal publishing platform with a focus on aesthetics, web standards, and usability. ... Go to http://wordpress.org/ for detailed information. Cross Site...

CuteNews 0.88 - comments.php Remote File Inclusion

CuteNews 0.88 - comments.php Remote File Inclusion source: https://www.securityfocus.com/bid/6935/info CuteNews is prone to an issue that may allow remote attackers to include files located on remote servers. Under some circumstances, it is possible for remote attackers to influence the include...