Lucene search
K

3534 matches found

NVD
NVD
added 2006/05/05 7:2 p.m.15 views

CVE-2006-2232

Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...

4.3CVSS5.7AI score0.01226EPSS
Exploits1References5
Cvelist
Cvelist
added 2006/05/05 7:0 p.m.16 views

CVE-2006-2232

Cross-site scripting XSS vulnerability in Scriptsez Cute Guestbook 20060211 allows remote attackers to inject arbitrary web script or HTML via the Comments field when signing the guestbook...

5.7AI score0.01226EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2006/05/03 4:9 p.m.4 views

security flaw

Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting XSS attacks via style sheet specifiers with invalid 1 "/" and "/" comments, or 2 a newline in a "url" specifier, which is processed by certain web browsers...

4.3CVSS5.7AI score0.02034EPSS
Exploits0References4
Prion
Prion
added 2006/04/26 12:6 a.m.13 views

Sql injection

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 tid parameter in a preview.php; the 2 cid, 3 pid, and 4 eid parameters in b archive.php; and the 5 pid parameter in c comments.php...

6.4CVSS9.3AI score0.02301EPSS
Exploits0References12Affected Software1
NVD
NVD
added 2006/04/19 4:6 p.m.18 views

CVE-2006-1842

Cross-site scripting XSS vulnerability in global.php in ShoutBOOK 1.1 allows remote attackers to inject arbitrary web script or HTML via the 1 NAME and 2 COMMENTS parameters...

2.6CVSS5.7AI score0.01293EPSS
Exploits0References6
securityvulns
securityvulns
added 2006/04/18 12:0 a.m.34 views

ShoutBOOK <= 1.1 XSS

==================== Discovered by: Qex Date: 16 April 2006 ==================== Write a message: Name: XSS Location: optional Website: optional Comments: XSS...

1.3AI score
Exploits0
NVD
NVD
added 2006/04/15 11:2 p.m.17 views

CVE-2006-1437

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...

5CVSS6.2AI score0.01392EPSS
Exploits0References4
Prion
Prion
added 2006/04/15 11:2 p.m.14 views

Design/Logic Flaw

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...

5CVSS6.7AI score0.01392EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2006/04/15 11:0 p.m.21 views

CVE-2006-1437

UPOINT @1 Event Publisher stores sensitive information under the web document root with insufifcient access control, which allows remote attackers to read private comments via a direct request to eventpublisher.txt...

6.2AI score0.01392EPSS
Exploits0References4
Prion
Prion
added 2006/04/11 10:2 a.m.20 views

Cross site scripting

Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...

4.3CVSS6.5AI score0.02093EPSS
Exploits1References8Affected Software1
NVD
NVD
added 2006/04/11 10:2 a.m.23 views

CVE-2006-1697

Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...

4.3CVSS6AI score0.02093EPSS
Exploits1References8
Cvelist
Cvelist
added 2006/04/11 10:0 a.m.27 views

CVE-2006-1697

Cross-site scripting XSS vulnerability in Matt Wright Guestbook 2.3.1 allows remote attackers to execute arbitrary web script or HTML via the 1 Your Name, 2 E-Mail, or 3 Comments fields when posting a message...

6AI score0.02093EPSS
Exploits1References8
securityvulns
securityvulns
added 2006/03/31 12:0 a.m.27 views

MonAlbum 0.8.7 SQL Injection

advisory by undefined1 @ bash-x.net/undef/ Mon Album 0.8.7 http://www.3dsrc.com/monalbum/ There are 2 sql injection flaws in MonAlbum 0.8.7. First in index.php line 99 if isset$GET"pc" $pc = $GET"pc"; ... no sanity checks if isset$pc && $grechinactive $result = executerequete"select idrub, nom,...

0.6AI score
Exploits0
NVD
NVD
added 2006/03/09 1:6 p.m.15 views

CVE-2006-1106

Cross-site scripting XSS vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 message, 2 name, 3 url, and 4 email parameters when commenting on a post. NOTE: the vendor has disputed some issues from the original disclosure, but...

4.3CVSS5.7AI score0.01976EPSS
Exploits0References6
OSV
OSV
added 2006/03/06 9:2 p.m.3 views

DEBIAN-CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

7.5CVSS8.8AI score0.02907EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2006/03/06 12:0 a.m.25 views

GLSA-200603-01 : WordPress: SQL injection vulnerability

The remote host is affected by the vulnerability described in GLSA-200603-01 WordPress: SQL injection vulnerability Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already...

7.5CVSS5.9AI score0.02907EPSS
Exploits0References2
Gentoo Linux
Gentoo Linux
added 2006/03/04 12:0 a.m.36 views

WordPress: SQL injection vulnerability

Background WordPress is a PHP and MySQL based content management and publishing system. Description Patrik Karlsson reported that WordPress 1.5.2 makes use of an insufficiently filtered User Agent string in SQL queries related to comments posting. This vulnerability was already fixed in the...

7.5CVSS7.3AI score0.02907EPSS
Exploits0
Packet Storm
Packet Storm
added 2006/02/17 12:0 a.m.23 views

WordPress2.0.0-autorswebsite.txt

original advisory ——————-Summary—————- Software: WordPress Sowtware’s Web Site: http://www.wordpress.org Versions: 2.0.0 Class: Remote Status: Unpatched Exploit: Available Solution: Available Discovered by: imei addmimistrator Risk Level: Low —————–Description————— There is some security bug in...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/02/15 12:0 a.m.40 views

XSS bugs and SQL injection in sNews

Official page : http://www.solucija.com/home/snews/ XSS in comments : just post some comment with scriptalert'XSS TEST by securitydot.net';/script FIX : put this on 423 line $r = strreplace "","&lt",$r; $r = strreplace "","&lg",$r; Injection through categories : index.php?category=120or201=2 FIX ...

1.1AI score
Exploits0
Prion
Prion
added 2006/02/08 1:2 a.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the 1 shoutname field in shoutboxpanel.php and the 2 comments field in commentsinclude.php...

4.3CVSS6.2AI score0.02088EPSS
Exploits0References8Affected Software1
Rows per page
Query Builder