quickForum.txt

Quick.Forum 'topic field' XSS and 'page' & 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickForum advisore:http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html vendor notify: yes exploit available: yes Quick.Forum contais a flaw which...

CVE-2004-2288

The CVE-2004-2288 entry refers to a cross-site scripting (XSS) vulnerability in Jelsoft vBulletin, specifically in index.php via the loc parameter, allowing remote attackers to spoof parts of a website. Documents collectively confirm the affected product and vulnerable parameter; however, they do...

AutoIndex PHP Script index.php search Parameter XSS

The remote host is running AutoIndex, a free PHP script for indexing files in a directory. The installed version of AutoIndex fails to properly sanitize user-supplied input to the 'search' parameter of the 'index.php' script. By leveraging this flaw, an attacker may be able to cause arbitrary HTM...

CVE-2005-2421

Technical details about CVE-2005-2421 are not publicly available in the provided connected documents. Monitor for updates to identify affected products, root cause, impact, and fixes.

CVE-2005-2422

Cross-site scripting XSS vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter...

PHPList admin/index.php id Parameter SQL Injection

Binary data 3152.prm...

CVE-2005-2393

Cross-site scripting XSS vulnerability in CuteNews 1.3.6 allows remote attackers to inject arbitrary web script or HTML via 1 the lastusername parameter to index.php or 2 selectedsearcharch parameter to search.php...

CVE-2005-2392

CMSimple is affected by a cross-site scripting (XSS) vulnerability in index.php via the search parameter in the search function. The issue affects CMSimple 2.4 and earlier, arising from failure to sanitize user-supplied input in the search field. Public references in the provided documents confir...

CVE-2005-2392

Cross-site scripting XSS vulnerability in index.php for CMSimple 2.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter in the search function...

CVE-2004-2222

Directory traversal vulnerability in index.php in FsPHPGallery before 1.2 allows remote attackers to list arbitrary directories via the dir parameter...

CVE-2004-2222

The CVE-2004-2222 entry describes a directory-traversal vulnerability in FsPHPGallery prior to version 1.2, where an attacker can use the dir parameter in index.php to list arbitrary directories. Affected software: FsPHPGallery before 1.2. Cause: improper handling of the dir parameter leading to ...

CVE-2002-1996

Cross-site scripting XSS vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the 1 name parameter in modules.php and 2 catid parameter in index.php...

CVE-2001-1526

Cross-site scripting XSS vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter...

CVE-2005-2197

SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows remote attackers to modify SQL queries, as demonstrated using the f parameter to index.php...

CVE-2004-2180

WowBB Forum 1.61 and earlier versions are affected by multiple cross-site scripting (XSS) vulnerabilities. The flaws allow attackers to inject arbitrary script/HTML via numerous vectors: country (view_user.php), show (view_forum.php), letter (view_user.php), highlight (view_topic.php), show (inde...

CVE-2004-2195

Zanfi CMS Lite 1.1 is affected by a PHP remote file inclusion in index.php via the inc parameter, leading to arbitrary PHP code execution. The issue is a file inclusion vulnerability in Zanfi CMS Lite’s index.php that allows an attacker to have the remote script include and run attacker-controlle...

CVE-2005-2166

CVE-2005-2166 targets Plague News System (version 0.6 and earlier). The vulnerability is a SQL injection in index.php via the cid parameter, enabling remote attackers to execute arbitrary SQL commands. Connected PT-2005-3098 notes affected versions and confirms no publicly known fix in newer vers...

CVE-2005-2166

SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter...

CVE-2005-2138

CVE-2005-2138 describes a Cross-site Scripting (XSS) vulnerability in the Comdev eCommerce 3.0 and 3.1 product line, specifically in index.php. The flaw allows remote attackers to inject arbitrary web script or HTML by injecting Javascript into the onMouseOver event of an anchor tag in a review m...

Plague News System 0.7 - CID Cross-Site Scripting

Plague News System 0.7 - CID Cross-Site Scripting source: https://www.securityfocus.com/bid/14137/info Plague News System is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script. An...