356 matches found
CVE-2006-3576
SQL injection vulnerability in search.php in SenseSites CommonSense CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the Date parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information...
CVE-2005-2461
Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the 1 year or 2 date parameter...
CVE-2006-2689
Multiple cross-site scripting XSS vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 debutimage parameter in a article-album.php3, 2 date parameter in b rubrique.php3, and the 3 perso and 4 aide parameters to c an unknown script,...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in EVA-Web 2.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 debutimage parameter in a article-album.php3, 2 date parameter in b rubrique.php3, and the 3 perso and 4 aide parameters to c an unknown script,...
Cross site scripting
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-2265
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-2265
Cross-site scripting vulnerability in admin/main.asp in Ocean12 Calendar Manager Pro 1.00 allows remote attackers to inject arbitrary web script or HTML via the date parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
PT-2006-2914 · Unknown · Green Minute
Name of the Vulnerable Software and Affected Versions: Green Minute versions 1.0 and earlier Description: Multiple SQL injection vulnerabilities in userscript.php allow remote attackers to execute arbitrary SQL commands via the huserid, pituus, or date parameters. The vendor has disputed this...
CVE-2006-1848
Multiple cross-site scripting XSS vulnerabilities in statsview.php in LinPHA 1.1.0 allow remote attackers to inject arbitrary web script or HTML via the 1 datefrom, 2 dateto, and 3 date parameter...
Sql injection
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1426
Multiple SQL injection vulnerabilities in Pixel Motion Blog allow remote attackers to execute arbitrary SQL commands via the 1 date parameter in index.php or bypass authentication via the 2 password parameter in admin/index.php...
CVE-2006-1252
Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...
Sql injection
Eval injection vulnerability in cal.php in Light Weight Calendar LWC 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php...
EUVD-2006-0214
Eval injection vulnerability in Light Weight Calendar LWC 1.0 20040909 and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php...
CVE-2004-2296
The previewreview function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message...