2729 matches found
CVE-2007-0144
The CVE-2007-0144 entry documents a Cross-site scripting (XSS) vulnerability in search.asp of Digitizing Quote And Ordering System 1.0. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter. The NVD notes a MEDIUM base score (6.8) with n...
CVE-2006-6911
SQL injection vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated users to execute arbitrary SQL commands via the ordernum parameter...
CVE-2007-0144
Cross-site scripting XSS vulnerability in search.asp in Digitizing Quote And Ordering System 1.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the ordernum parameter...
Microsoft Internet Explorer CSS Class Ordering Memory Corruption Vulnerability
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page. The specific vulnerability exists due to improper handling of CSS...
CEScripts (Multiple Scripts) - Cross-Site Scripting
CEScripts Multiple Scripts - Cross-Site Scripting source: https://www.securityfocus.com/bid/18402/info CEScripts scripts are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...
CEScripts (Multiple Scripts) - Cross-Site Scripting
source: https://www.securityfocus.com/bid/18402/info CEScripts scripts are prone to multiple cross-site scripting vulnerabilities because they fail to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary script code execute in the browser of an unsuspecti...
security flaw
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index...
CVE-2005-0946
SQL injection vulnerability in phpCoin 1.2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the 1 term/keywords field on the search page, 2 username or 3 e-mail field on the forgot password page, or 4 domain name on the ordering new package page...
CVE-2005-0946
CVE-2005-0946 affects phpCOIN 1.2.1b and earlier, with SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. Affected input surfaces include the term/keywords field on search, username or e-mail on forgot password, and domain name on the new package ordering...