3534 matches found
CVE-2006-2232
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
CVE-2006-2232
Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...
security flaw
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...
Sql injection
Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 tid parameter in a preview.php; the 2 cid, 3 pid, and 4 eid parameters in b archive.php; and the 5 pid parameter in c comments.php...
CVE-2006-1842
Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...
ShoutBOOK <= 1.1 XSS
==================== Discovered by: Qex Date: 16 April 2006 ==================== Write a message: Name: XSS Location: optional Website: optional Comments: XSS...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
Design/Logic Flaw
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
CVE-2006-1437
UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...
Cross site scripting
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
CVE-2006-1697
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
CVE-2006-1697
Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...
MonAlbum 0.8.7 SQL Injection
advisory by undefined1 @ bash-x.net/undef/ Mon Album 0.8.7 http://www.3dsrc.com/monalbum/ There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php line 99 if isset$GET"pc" $pc = $GET"pc"; ... no sanity checks if isset$pc && $grechinactive $result = executerequete"select idrub, nom,...
CVE-2006-1106
Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...
DEBIAN-CVE-2006-1012
SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...
GLSA-200603-01 : WordPress: SQL injection vulnerability
The remote host is affected by the vulnerability described in GLSA-200603-01 WordPress: SQL injection vulnerability Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already...
WordPress: SQL injection vulnerability
Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...
WordPress2.0.0-autorswebsite.txt
original advisory -Summary- Software: WordPress Sowtwares Web Site: http://www.wordpress.org Versions: 2.0.0 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: Low Description There is some security bug in...
XSS bugs and SQL injection in sNews
Official page : http://www.solucija.com/home/snews/ XSS in comments : just post some comment with scriptalert'XSS TEST by securitydot.net';/script FIX : put this on 423 line $r = strreplace "","<",$r; $r = strreplace "","&lg",$r; Injection through categories : index.php?category=120or201=2 FIX ...
Cross site scripting
Cross-site scripting XSS vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the 1 shoutname field in shoutboxpanel.php and the 2 comments field in commentsinclude.php...