7211 matches found
CVE-2005-3365
Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via 1 the name parameter in register.php, 2 the email parameter in lostpassword.php, 3 the year parameter in calendar.php, and the 4...
CVE-2005-3366
The CVE-2005-3366 issue affects PHP iCalendar (PHP iCalendar 2.0a2–2.0.1). The vulnerability is a PHP file inclusion flaw in index.php that uses the phpicalendar cookie to include files, allowing remote code execution and arbitrary local file inclusion. The issue is not XSS per the report. Impact...
CVE-2005-3334
CVE-2005-3334 concerns Flyspray, a lightweight bug-tracking web app. The vulnerability affects Flyspray 0.9.7 through 0.9.8 (devel) and is a cross-site scripting (XSS) flaw in the index.php page. An attacker can inject arbitrary web script or HTML via multiple parameters (PHPSESSID, task, string,...
CVE-2005-3306
CVE-2005-3306 describes an XSS vulnerability in index.php of FlatNuke 2.5.6, exploitable via the user parameter in a profile operation to inject arbitrary script/HTML. The vulnerability is specifically a cross-site scripting issue and is stated as a separate/vector from CVE-2005-2814, with a note...
CVE-2005-3308
Multiple cross-site scripting XSS vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the 1 name or 2 comment parameter in detail.php, 3 the username parameter in get.php, and 4 the search parameter in index.php...
CVE-2004-2511
Multiple cross-site scripting XSS vulnerabilities in DCP-Portal 5.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via 1 the year, 2 month, and 3 day parameters in calendar.php; 4 the cid and 5 url parameters in index.php; 6 the cid parameter in annoucement.php; 7 the...
FlatNuke < 2.5.7 index.php Traversal File Inclusion
Binary data 3265.prm...
CVE-2005-3083
Cross-site scripting XSS vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter...
CVE-2005-3083
CMS Made Simple 0.10 contains a cross-site scripting (XSS) vulnerability in index.php via the page parameter. Root cause is improper handling of the page parameter leading to script/HTML injection; impact implied is partial integrity compromise. CVSS 2.0 base score: 4.3 (Medium); vector: AV:N/AC:...
CVE-2005-3020
Multiple cross-site scripting XSS vulnerabilities in vBulletin before 3.0.9 allow remote attackers to inject arbitrary web script or HTML via the 1 group parameter to css.php, 2 redirect parameter to index.php, 3 email parameter to user.php, 4 goto parameter to language.php, 5 orderby parameter t...
CVE-2005-3004
SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote attackers to execute arbitrary SQL commands via the 1 idp, 2 idctg, or 3 idprd parameters to the pages module in index.php...
CVE-2005-3009
Cross-site scripting XSS vulnerability in CuteNews allows remote attackers to inject arbitrary web script or HTML via the mod parameter to index.php...
CVE-2005-3003
The CVE-2005-3003 entry concerns NooTopList 1.0.0 release 17, specifically in index.php. The vulnerability is a SQL injection in the application’s handling of the (1) o and (2) sort parameters, enabling remote attackers to execute arbitrary SQL commands. The NVD metrics indicate a high base sever...
CVE-2005-2979
SQL injection vulnerability in index.php in phpoutsourcing Noah's classifieds allows remote attackers to execute arbitrary SQL commands via the rollid parameter...
CVE-2005-2980
Cross-site scripting XSS vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter...
CVE-2005-2980
The CVE-2005-2980 issue is an XSS vulnerability in Noah’s Classifieds v1.3, specifically in index.php where the rollid parameter can be exploited to inject arbitrary web script/HTML. The connected PT-2005-3817 entry confirms the vulnerable software and parameters, and notes that remote attackers ...
CVE-2005-2979
CVE-2005-2979 describes a SQL injection in Noah’s classifieds (index.php) by manipulating the rollid parameter. Public documents identify Noah’s classifieds as the affected software and point to an underlying input handling flaw in index.php, enabling remote SQL command execution. The NVD entry l...
Noahs Classifieds 1.21.3 - index.php SQL Injection
Noahs Classifieds 1.21.3 - index.php SQL Injection source: https://www.securityfocus.com/bid/14833/info Noah's Classifieds is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before using it in an SQL query. Successful exploitation could...
CVE-2005-2814
Cross-site scripting XSS vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a visreg operation to index.php...
CVE-2005-2818
Cross-site scripting XSS vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to 1 email.php,2 index.php, 3 del.php, or 4 addform.php...