CVE-2004-1746

The CVE-2004-1746 entry describes a Cross-site scripting (XSS) vulnerability in PHP Code Snippet Library’s index.php, exploitable via the cat_select and show parameters. The underlying issue is inadequate input sanitization in index.php, allowing remote attackers to inject arbitrary JavaScript in...

CVE-2004-1665

PsNews is affected by cross-site scripting (XSS) flaws in index.php for version 1.1 (and older than 1.2). The OpenVAS/Nessus entries describe multiple parameter XSS allowing the attacker to steal cookies from legitimate users. The root cause is described as XSS in index.php via the no parameter, ...

CVE-2004-1692

CVE-2004-1692 describes a cross‑site scripting (XSS) vulnerability in the Mambo 4.5 (1.0.9) index.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML by manipulating the (1) Itemid, (2) mosmsg, or (3) limit parameters. The issue is documented with a CVSS v2 base ...

CVE-2004-1600

CVE-2004-1600 affects index.php in CoolPHP 1.0-stable, where a malformed op parameter allows remote attackers to reveal the path in an error message, exposing sensitive information (NVD: CVSSv2 base 5.0, MEDIUM). The issue is described consistently across NVD/CVE references; no remediation or exp...

CVE-2004-1599

CVE-2004-1599 concerns a Cross-site Scripting (XSS) vulnerability in CoolPHP 1.0-stable, exploitable via index.php using the query or nick parameters. The underlying issue is insufficient input handling in the affected script, allowing an attacker to inject and execute arbitrary web scripts/HTML ...

CVE-2004-1566

CVE-2004-1566 : The Silent-Storm Portal (versions 2.1 and 2.2) contains a cross-site scripting (XSS) flaw in index.php via the module parameter. This enables a remote attacker to inject and execute arbitrary web script or HTML in the victim’s browser. The vulnerability is tied to improper handlin...

CVE-2004-1592

The CVE-2004-1592 entry concerns ocPortal (index.php) remote file inclusion. Affected software is ocPortal 1.0.3 and earlier; the vulnerability arises from a flaw in the req_path parameter, which can be manipulated to reference a URL on a remote server containing a malicious funcs.php, enabling r...

CVE-2004-1668

CVE-2004-1668 centers on the Subjects 2.0 Postnuke module, where multiple SQL injection vulnerabilities exist in index.php. The underlying issue is input validation for the (1) pageid, (2) subid, and (3) catid parameters, allowing remote arbitrary SQL execution. Impact is noted as partial confide...

CVE-2004-1505

Technical details (affected product/component/versions/root cause) are not publicly provided in the supplied Connected documents. Monitor for updates to confirm scope, impact, and remediation for CVE-2004-1505.

CVE-2004-1516

The CVE-2004-1516 entry corresponds to a CRLF injection (HTTP response splitting) vulnerability in phpWebSite 0.9.3-4, exploitable via the block_username parameter in the user module. The issue arises from insufficient input validation in the PHP application, enabling remote attackers to inject a...

CVE-2005-0463

Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in 1 host.php, 2 port.php, and 3 index.php...

CVE-2005-0411

CVE-2005-0411 affects CitrusDB up to version 0.3.6 (and earlier). The vulnerability is a directory-traversal in index.php where the GET parameter load can include arbitrary local PHP files via .. sequences, enabling remote attackers and local users to include PHP files. The issue is documented wi...

CVE-2005-0443

CubeCart 2.0.4 is affected by a remote XSS and path disclosure vulnerability in index.php triggered by an invalid language parameter that is echoed in a PHP error message. The OpenVAS entry and NVD/CVE records corroborate a language-based XSS/vector that can reveal the install path; CVSS v2 base ...

CVE-2005-0414

MercuryBoard 1.1.1 is affected by a SQL injection in post.php via the reply post action (index.php) using the t or qu parameters, allowing remote SQL commands (CVE-2005-0414). NVD lists base 7.5/ HIGH with network attack vector and no authentication. OpenVAS corroborates MercuryBoard vulnerabilit...

CVE-2004-1402

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via 1 the string parameter for index.php, 2 comments.php, or 3 the administrator login page...

CVE-2004-1412

Kayako eSupport 2.x (index.php) is vulnerable to cross-site scripting via the searchm parameter. This XSS allows remote attackers to inject arbitrary web script or HTML. The NVD entry lists a CVSS v2 base score of 4.3 (Medium) with network attack vector, no authentication, and partial integrity i...

CVE-2005-0309

The CVE-2005-0309 entry affects Exponent 0.95, with two vulnerable entry points: index.php and mod.php. The underlying issue is multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML through the module parameter. The description expl...

CVE-2005-0283

CVE-2005-0283 describes a directory traversal in QWikiwiki’s index.php that allows remote attackers to read arbitrary files by crafting the page parameter with a .. and a %00 terminator. The vulnerability stems from insufficient validation of the page parameter, enabling traversal to the file sys...

CVE-2005-0266

The CVE-2005-0266 entry documents a Cross-site scripting (XSS) vulnerability in SugarCRM 1.X, specifically in index.php, where an attacker can inject arbitrary web script or HTML via one of five parameters: return_module, return_action, name, module, or record. The vulnerability is exploitable re...

CVE-2005-0283

Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. dot dot and a %00 at the end of the filename in the page parameter...