Cross site scripting

Cross-site scripting XSS vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For XFORWARDEDFOR HTTP header, which is not properly handled when adding a comment to an album...

Design/Logic Flaw

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For XFORWARDEDFOR HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTEADDR...

CVE-2006-1126

Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For XFORWARDEDFOR HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTEADDR...

CVE-2006-1127

CVE-2006-1127 describes a cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2. A remote attacker can inject arbitrary script/HTML through the X-Forwarded-For header when adding a comment to an album. Reported sources (e.g., Exploit-DB/Nessus entries) corroborate multiple Gallery 2 v...

Sql injection

Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...

CVE-2006-1084

Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the optionprefix parameter in admin.php and other unspecified PHP scripts, and 2 the PCREMOTEADDR HTTP header to click.php...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

Sql injection

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

CVE-2006-1012

SQL injection vulnerability in WordPress 1.5.2, and possibly other versions before 2.0, allows remote attackers to execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment...

WordPress <= 1.5.2 - SQL injection

Because of this vulnerability, attackers can execute arbitrary SQL commands via the User-Agent field in an HTTP header for a comment. Solution Update the WordPress to the latest available version at least 1.5.3...

Gallery < 2.0.3 GalleryUtilities.class X_FORWARDED_FOR HTTP Header XSS

Binary data 3457.prm...

Gallery < 2.0.3 IP Spoofing

The version of Gallery hosted on the remote web server allows an attacker to spoof the IP address with a bogus 'XFORWARDEDFOR' HTTP header. In addition, an authenticated attacker can reportedly leverage this flaw to launch cross-site scripting attacks by adding comments to a photo. The applicatio...

Cross site scripting

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0896

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0896

Cross-site scripting XSS vulnerability in Sources/Register.php in Simple Machine Forum SMF 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field...

CVE-2006-0864

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value...

Code injection

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

CVE-2006-0852

Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php...

CVE-2005-4724

SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header...

CVE-2005-4687

PunBB 1.2.9 (used standalone or with F-ART BLOG:CMS) trusts the client IP from the X-Forwarded-For header instead of the TCP/IP stack, enabling IP address spoofing by remote attackers. Red Hat and CVE records corroborate this vulnerability in PunBB 1.2.9. The underlying issue is header-based IP e...