CVE-2006-1548

Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...

CVE-2006-1548

Cross-site scripting XSS vulnerability in 1 LookupDispatchAction and possibly 2 DispatchAction and 3 ActionDispatcher in Apache Software Foundation ASF Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the langfile parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346...

CVE-2006-1348

Cross-site scripting XSS vulnerability in index.php in Greg Neustaetter gCards 1.45 and earlier allows remote attackers to inject arbitrary web script or HTML via the langfile parameter, which is injected into an error message. NOTE: this issue might be resultant from CVE-2006-1346...

Design/Logic Flaw

Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message...

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

CVE-2006-1119

CVE-2006-1119 concerns the Fantastico component integrated with cPanel . The issue arises when Fantastico does not properly handle operations with insufficient permissions, allowing remote authenticated users to cause a PHP error message that leaks the full pathname. The vulnerability is characte...

CVE-2006-1119

fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message...

Design/Logic Flaw

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...

CVE-2006-1112

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...

CVE-2006-1112

Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message...

Design/Logic Flaw

feedcreator.class.php aka the syndication component in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" slash in the feed parameter to index.php, which reveals the path in an error message...

CVE-2006-1027

feedcreator.class.php aka the syndication component in Joomla! 1.0.7 allows remote attackers to obtain sensitive information via a "/" slash in the feed parameter to index.php, which reveals the path in an error message...

Game-Panel <= 2.1.6 XSS

ORIGIONAL SOURCE: http://notlegal.ws/gamepanel.txt summary software: Game-Panel vendors website: http://game-panel.com versions: = 2.6.1 class: remote status: unpatched exploit: available solution: not available discovered by: sycko risk level: medium description game-panel uses a global variable...

Design/Logic Flaw

InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message...

Design/Logic Flaw

DISPUTED dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if...

CVE-2006-0754

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the...

CVE-2006-0754

dotProject 2.0.1 and earlier allows remote attackers to obtain sensitive information via direct requests with an invalid baseDir to certain PHP scripts in the db directory, which reveal the path in an error message. NOTE: the vendor disputes this issue, saying that it could only occur if the...

BomberClone BomberMan clon game buffer overflow

Buffer overflow on oversized error message...