Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Kamgaing Email System kmail 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 d parameter to main.php, ordner parameter to 2 main.php, or 3 webdisk.php, 4 draft parameter to compose.php, or 5 m, or 6 y...

Sql injection

SQL injection vulnerability in PCPIN Chat 5.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the username field login parameter to main.php...

CVE-2006-1623

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...

Information disclosure

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...

CVE-2006-1623

Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development FXB application, allows remote attackers to include and execute arbitrary PHP code. NOTE: this disclosure is extremely vague and has very little information about the specif...

CVE-2006-1623

Technical details for CVE-2006-1623 are not publicly available in the provided documents. The descriptions remain vague about vulnerability type, affected product, and impact. Monitor for updates from NVD/CVE records and connected sources.

CVE-2006-0125

Affected software: AppServ 2.4.5 (AppServ main.php). Vulnerability: appserv_root parameter in appserv/main.php can be exploited for a remote file inclusion (RFI). Root cause: lack of input sanitization for appserv_root leading to include of arbitrary files. Impact (as documented): unauthenticated...

CVE-2005-1438

The connected documents confirm a Remote File Include vulnerability in osTicket variants, specifically CVE-2005-1438, via the include_dir parameter in main.php. The issue affects osTicket versions up to 1.2.7 (per Tenable NASL “osTicket <= 1.2.7 Multiple Vulnerabilities”) and is included among...

CVE-2005-1438

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the includedir parameter...

CVE-2005-1438

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the includedir parameter...

CVE-2005-0222

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2subView parameter, which reveals the path in an error message...

CVE-2005-0222

The CVE-2005-0222 entry concerns Gallery 2.0 Alpha where main.php exposes sensitive path information via the g2_subView parameter, enabling remote information disclosure. The underlying issue is a lack of proper validation/error handling that reveals the file path in an error message when g2_subV...