70 matches found
CVE-2014-5276
Multiple cross-site scripting XSS vulnerabilities in Pro Chat Rooms Text Chat Rooms 8.2.0 allow remote authenticated users to inject arbitrary web script or HTML via 1 an uploaded profile picture or 2 the edit parameter to profiles/index.php...
CVE-2014-0344
Properties.do in ZOHO ManageEngine OpStor before build 8500 does not properly check privilege levels, which allows remote authenticated users to obtain Admin access by using the name parameter in conjunction with a true value of the edit parameter...
Traq 2.2 - Multiple SQL Injections / Cross-Site Scripting
source: https://www.securityfocus.com/bid/49835/info Traq is prone to multiple SQL-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication...
Cross site scripting
Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...
CVE-2009-4253
Cross-site scripting XSS vulnerability in dspStats.php in PowerPhlogger 2.2.5 allows remote attackers to inject arbitrary web script or HTML via the edit parameter...
CVE-2007-5693
Eval injection vulnerability in the translation module translator.php in SiteBar 3.3.8 allows remote authenticated users to execute arbitrary PHP code via the edit parameter in an upd cmd action, a different vulnerability than CVE-2007-5492...
CVE-2006-6039
SQL injection vulnerability in matchdetail.php in Powie's PHP MatchMaker 4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the edit parameter...
CVE-2006-3406
The CVE-2006-3406 entry refers to a directory traversal vulnerability in QTOFileManager 1.0, specifically in the qtofm.php edit parameter. The underlying issue allows a remote attacker to modify arbitrary files by supplying a .. (dot dot) sequence, impacting potentially confidentiality and integr...
CVE-2006-3405
Cross-site scripting XSS vulnerability in qtofm.php in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the 1 delete, 2 pathext, and 3 edit parameters...
DEBIAN-CVE-2004-1559
Multiple cross-site scripting XSS vulnerabilities in Wordpress 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 redirectto, text, popupurl, or popuptitle parameters to wp-login.php, 2 redirecturl parameter to admin-header.php, 3 popuptitle, popupurl, content, or posttit...