13 matches found
EUVD-2006-7041
Malware in sbrugna...
EUVD-2006-7043
Malware in sbrugna...
EUVD-2006-7042
Malware in sbrugna...
CVE-2006-7061
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting XSS attacks...
CVE-2006-7060
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message...
CVE-2006-7059
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...
CVE-2006-7059
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...
CVE-2006-7060
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message...
CVE-2006-7061
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting XSS attacks...
CVE-2006-7060
The CVE-2006-7060 entry concerns the Scriptsez.net E-Dating System, specifically the file/component cindex.php. Affected behavior is a remote disclosure where an invalid id parameter in a dologin action causes an error message that reveals the full filesystem path, leading to potential informatio...
CVE-2006-7061
CVE-2006-7061 affects Scriptsez.net E-Dating System. The vulnerability stems from storing data files with predictable names under the web document root and insufficient access control, enabling remote attackers to read private messages and potentially leverage them for XSS. The connected document...
CVE-2006-7059
CVE-2006-7059 affects Scriptsez.net E-Dating System. The issue is multiple cross-site scripting (XSS) vulnerabilities that let remote attackers inject arbitrary script/HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin opera...
E-Dating System from scriptsez.net - XSS
E-Dating System Homepage: http://www.scriptsez.net/ Effected files: Input boxes. cindex.php Description: A Professional dating system that uses flatfiles instead of MySQL. XSS Vulnerabilities PoC: The input boxes of sending a message, and editing your profile do not properally filter user input...