Cross site scripting

Cross-site scripting XSS vulnerability in 1 index.php and 2 bmc/admin.php in BoastMachine bMachine 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $SERVER"PHPSELF" variable...

CVE-2006-2491

BoastMachine (bMachine) 3.1 and earlier is affected by CVE-2006-2491, a cross-site scripting (XSS) flaw in index.php and bmc/admin.php. The vulnerability arises because user-supplied data in the query string is not properly filtered when accessed via $_SERVER["PHP_SELF"], enabling remote attacker...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF...

CVE-2006-1293

Cross-site scripting XSS vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

CVE-2006-1089

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

CVE-2006-1089

CVE-2006-1089 affects PunBB 1.2.10, where an XSS flaw resides in header.php. The vulnerability arises when handling the pun_page tag and relies on the PHP_SELF variable, allowing remote attackers to inject arbitrary script/HTML via the URL. The associated NVD entry lists a Medium base impact with...

CVE-2006-1089

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

CVE-2006-0806

Multiple cross-site scripting XSS vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via 1 the nextpage parameter in adodb-pager.inc.php and 2 other unspecified vectors related to PHPSELF...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

Sql injection

Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via 1 the contactgroupid parameter in addressbook.update.php, 2 the messageid parameter in addressbook.add.php, 3 the folderid parameter in folders.update.php, and possibly...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2005-4861

functions.php in Ragnarok Online Control Panel ROCP 4.3.4a allows remote attackers to bypass authentication by requesting accountmanage.php with a trailing "/login.php" PHPSELF value, which is not properly handled by the CHECKAUTH function...

Limbo 1.0.4.2 - _SERVER[REMOTE_ADDR] Remote Command Execution

Limbo 1.0.4.2 - SERVERREMOTEADDR Remote Command Execution this works wtih registerglobals off & regardless of magicquotesgpc settings usage: launch from Apache, fill in requested fields, then go! Sun-Tzu: "Humble words and increased preparations are signs that the enemy is about to advance. Viole...

CVE-2005-4193

Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...

CVE-2005-4193

CVE-2005-4193 is an XSS vulnerability in UseBB prior to 0.7, exploitable via the $_SERVER['PHP_SELF'] variable in web requests. The affected component is UseBB’s input handling that processes PHP_SELF; impact is arbitrary scripted HTML in victim pages. The provided docs do not state a fixed versi...