3858 matches found
CVE-2010-1854
CVE-2010-1854 concerns an XSS in auktion.php of Pay Per Watch & Bid Auktions System, exploitable through the id_auk parameter, where an injected script/HTML appears in a forced SQL error message. Related records (NVD/Red Hat) confirm this vulnerability and its association to CVE-2010-1855 (SQL in...
CVE-2010-1854
Cross-site scripting XSS vulnerability in auktion.php in Pay Per Watch & Bid Auktions System allows remote attackers to inject arbitrary web script or HTML via the idauk parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; th...
Cross site scripting
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
CVE-2010-1618
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
CVE-2010-1618
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
Information disclosure
Wolfram Research webMathematica allows remote attackers to obtain sensitive information via a direct request to the MSP script, which reveals the installation path in an error message...
The current CAPTCHA implementation may not be secure
The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...
The current CAPTCHA implementation may not be secure
The current CAPTCHA implementation displays a different message if the CAPTCHA is being displayed and the captcha is entered correctly but the password for the user is not, than if the CAPTCHA is entered incorrectly. This is giving away more information than a login screen should. The error messa...
Cross site scripting
Cross-site scripting XSS vulnerability in tsother.php in the Teamsite Hack plugin 3.0 and earlier for WoltLab Burning Board allows remote attackers to inject arbitrary web script or HTML via the userid parameter in a modboard action, which is not properly handled in a forced SQL error message...
CVE-2010-1339
CVE-2010-1339 is a cross-site scripting (XSS) vulnerability affecting the WoltLab Burning Board installation using the Teamsite Hack plugin (3.0 and earlier). The issue is triggered by the userid parameter in a modboard action within ts_other.php, where user input is inappropriately handled insid...
MIT Kerberos 5 kadmind DoS
use-after-free vulnerability on error message generation...
CVE-2010-1076
Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...
Cross site scripting
Cross-site scripting XSS vulnerability in index.php in Entry Level CMS EL CMS allows remote attackers to inject arbitrary web script or HTML via the subj parameter, which is not properly handled in a forced SQL error message. NOTE: the provenance of this information is unknown; the details are...
BBSxp 2 0 0 8 (Build: 8.0.4) Sql injection vulnerability-vulnerability warning-the black bar safety net
File:MoveThread. asp MoveThread. asp line 2-2 of 4 % if CookieUserName =empty then error"you have nota href=""javascript:BBSXPModal. Open 'Login. asp',3 8 0,1 7 0;""login/a" 'save the cookie log can be ThreadID=Request"ThreadID" ' Sql Injection Vulnerability If Not IsNumericThreadID then...
CVE-2010-0376
Cross-site scripting XSS vulnerability in productlist.php in JCE-Tech PHP Calendars, downloaded 2010-01-11, allows remote attackers to inject arbitrary web script or HTML via the cat parameter. NOTE: this issue is reportedly resultant from a forced SQL error message that occurs from exploitation ...
CVE-2010-0376
CVE-2010-0376 is an XSS vulnerability in JCE-Tech PHP Calendars, specifically in product_list.php where the cat parameter can be exploited to inject arbitrary HTML/Script. The issue is described as arising from a forced SQL error message related to CVE-2010-0375. Connected sources confirm the vul...
Apache Tomcat Error Message Reporting 跨站脚本攻击漏洞
No description provided by source...
Code injection
DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a crafted page parameter to misc.php, which reveals the installation path in an error message. NOTE: this issue might be resultant from improperly controlled computation in tools.php that leads to a denial of service CPU or...
conn. asp storm library law principles and applications-vulnerability warning-the black bar safety net
Today learn conn. asp storm database,this method is a very old method,it is through direct access to the database connection file conn. asp enables the server to produce the error,by returning the error information to storm out of the database the absolute path,here in conn. asp is the database...
CVE-2009-4322
extras/ipntestreturn.php in Zen Cart allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message...