CVE-2005-0889

Cross-site scripting XSS vulnerability in index.php for Dream4 Koobi CMS 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the area parameter...

CVE-2005-0889

CVE-2005-0889 describes a cross-site scripting (XSS) vulnerability in Dream4 Koobi CMS 4.2.3, specifically in index.php where the area parameter can be abused to inject arbitrary script/HTML. The vulnerability is documented with a CVSS v2 base score of 4.3 (Medium) and indicates that the attack v...

CVE-2005-0879

CVE-2005-0879 affects Vortex Portal Content Management System. It is a PHP remote file inclusion flaw in content.php and index.php that lets an attacker execute arbitrary PHP code by passing a URL in the act parameter. Documented impact per NVD: partial confidentiality, integrity, and availabilit...

CVE-2005-0879

PHP remote file include vulnerability in 1 content.php and 2 index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter...

CVE-2005-0870

Multiple cross-site scripting XSS vulnerabilities in phpSysInfo 2.3, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 sensorprogram parameter to index.php, 2 textlanguage, 3 texttemplate, or 4 hidepicklist parameter to systemfooter.php...

CVE-2005-0842

CVE-2005-0842 involves a cross-site scripting (XSS) vulnerability in Kayako eSupport version 2.3. The flaw occurs in index.php via the parameters _i and _c, allowing remote attackers to inject arbitrary web script or HTML in a victim’s browser. The public description does not specify a fix or aff...

CVE-2005-0842

Cross-site scripting XSS vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the 1 i or 2 c parameter...

Kayako ESupport 2.3 - index.php Multiple Cross-Site Scripting Vulnerabilities

Kayako ESupport 2.3 - index.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/12868/info Kayako ESupport is prone to a cross-site scripting vulnerability. Multiple parameters of the 'index.php' script can be exploited to pass malicious HTML and script cod...

CVE-2005-0805

The CVE-2005-0805 entry describes a SQL injection in Subdreamer Light’s index.php when magic_quotes_gpc is enabled. The vulnerability allows remote attackers to run arbitrary SQL via parameters treated as global variables, demonstrated via the imageid parameter that imagegallery.php fails to sani...

CVE-2005-0792

SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 uname parameter to index.php or 2 page parameter to zpanel.php...

knowledgeBuilder.txt

Remote File Inclusion KnowledgeBase Vendor: www.activecampaign.com/kb/ Well, inside the index.php file we can see: if $page == "" $page = "startup"; @include"$page.php"; ? After I tested some sites with kb I got file inclusion: http://www.site.com/kb/index.php?page=http://file DominusVis Infektio...

CVE-2005-0792

SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the 1 uname parameter to index.php or 2 page parameter to zpanel.php...

CVE-2005-0663

MercuryBoard 1.1.2 is affected by CVE-2005-0663 due to an SQL injection vulnerability in index.php via the f parameter. This is a remote issue allowing arbitrary SQL commands and is documented by multiple sources (NVD/OpenVAS entries). No remediation steps or fixes are provided in the supplied do...

CVE-2005-0662

CVE-2005-0662 is an XSS vulnerability in MercuryBoard 1.1.2, occurring in index.php via the Avatar field. The affected component is MercuryBoard’s web interface; the root cause is improper sanitization of user-supplied data in the Avatar parameter, allowing injection of arbitrary script/HTML. Pub...

CVE-2005-0675

CVE-2005-0675 affects Zorum 3.5. A Cross-site scripting (XSS) vulnerability exists in index.php, exploitable via the list or frommethod parameters to inject arbitrary script/HTML. This is a remote, unauthenticated vector with impact limited to client-side script execution; no remediation details ...

CVE-2005-0662

Cross-site scripting XSS vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field...

CVE-2003-1088

CVE-2003-1088 describes a Cross-site scripting (XSS) vulnerability in the index.php component of Zorum 3.4 and 3.5. The issue allows remote attackers to inject arbitrary web script or HTML by supplying a crafted value to the method parameter. The public descriptions indicate user-provided input i...

CVE-2005-0656

Multiple cross-site scripting XSS vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 hits parameter to hits.php, 2 query parameter to index.php, or 3 theCount parameter to counter.php...

CVE-2005-0676

CVE-2005-0676 affects Zorum 3.5. The vulnerability is in index.php via the search capability, where remote attackers can trigger an SQL error and potentially inject arbitrary SQL commands. The provided documents confirm the affected software and the underlying issue is an SQL injection/error cond...

CVE-2003-1089

CVE-2003-1089 affects Zorum 3.4. The issue arises in index.php, where invalid parameter names trigger a PHP error message that reveals the full path to the web root. This path disclosure is the primary impact described in the available records; no exploitation steps or active exploit code are pro...