80 matches found
CVE-2010-0682
WordPress 2.9 before 2.9.2 allows remote authenticated users to read trash posts from other authors via a direct request with a modified p parameter...
CVE-2009-0330
Directory traversal vulnerability in index.php in Simple Content Management System SCMS 1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter...
CVE-2008-5264
Cross-site scripting XSS vulnerability in searcher.exe in Tornado Knowledge Retrieval System 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the p parameter in a root action...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
mod_autoindex XSS
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
CVE-2008-0191
WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive information via an invalid p parameter in an rss2 action to the default URI, which reveals the full path and the SQL database structure...
CVE-2007-6648
Directory traversal vulnerability in index.php in SanyBee Gallery 0.1.0 and 0.1.1 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the p parameter...
Sql injection
SQL injection vulnerability in admin.php/vars.php in CustomCMS CCMS 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page...
CVE-2007-6658
SQL injection vulnerability in admin.php/vars.php in CustomCMS CCMS 3.1 Demo allows remote attackers to execute arbitrary SQL commands via the p parameter in the Console page...
Cross site scripting
Cross-site scripting XSS vulnerability in buscar.asp in Solidweb Novus 1.0 allows remote attackers to inject arbitrary web script or HTML via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
DEBIAN-CVE-2007-4465
Cross-site scripting XSS vulnerability in modautoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset. NOTE: it could be argued that th...
PT-2007-5645 · Apache +1 · Apache Http Server +1
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.2.6 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the P parameter using the UTF-7 charset when the charset on a server-generated page is...
CVE-2007-4256
Directory traversal vulnerability in showpage.cgi in YNP Portal System 2.2.0 allows remote attackers to read arbitrary files via a .. dot dot in the p parameter...
PT-2006-3421 · Openwiki · Openwiki
Name of the Vulnerable Software and Affected Versions: OpenWiki version 0.78 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the p parameter in the ow.asp file. This issue has been disputed by the vendor, who claims that code...
CVE-2006-1638
Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter to a accounts.php, b changep.php, c editac.php, d feedback.php, e fpass.php, f login.php, g post.php, h reply.php, or i replylog.php; 2 p parameter to j...
DEBIAN-CVE-2005-2107
Multiple cross-site scripting XSS vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 p or 2 comment parameter...
WordPress <= 1.5.1.2 - Multiple XSS vulnerabilities
Because of these vulnerabilities in post.php, attackers can inject arbitrary web script or HTML via the "p" or "comment" parameter. Solution Update the WordPress to the latest available version at least 1.5.1.3...