CVE-2002-1884

index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin"...

CVE-2005-2053

Just another flat file JAF CMS before 3.0 Final allows remote attackers to obtain sensitive information via 1 an asterisk in the id parameter, 2 a blank id parameter, or 3 an asterisk in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that th...

MercuryBoard 1.1.4 SQL Injection

RST/GHC Advisory 28 Product : MercuryBoard Version : 1.1.4 FILE : index.php VULN : SQL injection CODE : global.php ---------- 71 : $this-agent = isset$SERVER'HTTPUSERAGENT' ? $SERVER'HTTPUSERAGENT' : null; index.php --------- 154 : $mercury-db-query"REPLACE INTO $mercury-preactive activeid,...

CVE-2005-1951

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...

CVE-2005-1975

Multiple cross-site scripting XSS vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the id parameter to index.php, or the 2 siteid, 3 nom, 4 email, or 5 commentaire parameters in commentaires.php...

CVE-2005-1951

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF "%0d%0a" sequences in the 1 productsid or 2 pid parameter to index.php or 3 goto parameter to banner.php...

CVE-2005-1955

Cross-site scripting XSS vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter...

CVE-2005-1955

Cross-site scripting XSS vulnerability in index.php in singapore 0.9.11 allows remote attackers to inject arbitrary web script or HTML via the gallery parameter...

CVE-2005-1817

Invision Power Board (IPB) versions 1.0–1.3 are affected by a vulnerability in index.php that allows remote attackers to edit arbitrary forum posts by sending a modified request. The issue is triggered via direct parameter manipulation in a HTTP request to index.php, enabling an attacker to alter...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2005-1817

Invision Power Board IPB 1.0 through 1.3 allows remote attackers to edit arbitrary forum posts via a direct request to index.php with modified parameters...

CVE-2005-1810

SQL injection vulnerability in template-functions-category.php in WordPress 1.5.1 allows remote attackers to execute arbitrary SQL commands via the $catID variable, as demonstrated using the cat parameter to index.php...

CVE-2005-1800

Cross-site scripting XSS vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php...

CVE-2005-1715

Cross-site scripting XSS vulnerability in index.php for TOPo 2.2 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the 1 m, 2 s, 3 ID, or 4 t parameters, or the 5 field name, 6 Your Web field, or 7 email field in the comments section...

CVE-2005-1715

CVE-2005-1715 describes a reflected cross-site scripting vulnerability in TOPo 2.2 (version 2.2.178), specifically in index.php. The issue allows remote attackers to inject arbitrary script/HTML via several inputs in the comments section and related fields: (1) m, (2) s, (3) ID, (4) t, and (5) fi...

CVE-2004-2072

CVE-2004-2072 describes a cross-site scripting (XSS) vulnerability in Mambo Open Source 4.6 (and possibly earlier) via the Itemid parameter in index.php. The underlying issue is a failure to properly sanitize user input in the web application, enabling an attacker to inject script that may run in...

CVE-2005-1673

Multiple SQL injection vulnerabilities in Help Center Live allow remote attackers to execute arbitrary SQL commands via the 1 id parameter to index.php, 2 tid parameter to view.php, fid parameter to 3 download.php or 4 chatdownload.php, 5 status parameter to icon.php, TICKETtid parameter to 6...

PT-2005-2575 · Fusion · Fusion Sbx

Name of the Vulnerable Software and Affected Versions: Fusion SBX versions 1.2 and earlier Description: The issue concerns the improper use of the extract function in index.php, allowing remote attackers to bypass authentication by setting the is logged parameter or execute arbitrary code via the...

CVE-2005-1582

The CVE-2005-1582 entry concerns a Cross-site scripting (XSS) vulnerability in index.php of 1Two News 1.0. The vulnerability permits remote injection of arbitrary web script or HTML via the query/POST parameters nom, email, siteweb, or commentaire. The NVD listing documents a MEDIUM impact score ...

CVE-2005-1584

The CVE-2005-1584 entry describes a Cross-site scripting (XSS) vulnerability in Quick.Forum 2.1.6, exploitable via the topic field in a NewTopic action within index.php. The underlying issue is an XSS allowance in the input handling, enabling remote attackers to inject arbitrary web script or HTM...