Invision Gallery 2.0.6 ( SQL Injection )

left Invision Gallery 2.0.6 SQL Injection File :- modules/gallery/post.php Line :- 943 Bug By :- Devil-00 Welcome Back Security4arab Arabian Security WebSites www.s4a.cc www.securitygurus.net php $this-ipsclass-DB-simpleconstruct array 'select' = 'COUNT AS total', 'from' = 'galleryimages', 'where...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 tname or 2 fpost parameters to a post.php; 3 fullname, 4 emailadd, 5 country, 6 sig, or 7 otherav parameters to b editac.php; or 8 fullname, 9 emailadd, or 10...

CVE-2006-1638

Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the 1 Username parameter to a accounts.php, b changep.php, c editac.php, d feedback.php, e fpass.php, f login.php, g post.php, h reply.php, or i replylog.php; 2 p parameter to j...

CVE-2006-1637

Multiple cross-site scripting XSS vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 tname or 2 fpost parameters to a post.php; 3 fullname, 4 emailadd, 5 country, 6 sig, or 7 otherav parameters to b editac.php; or 8 fullname, 9 emailadd, or 10...

CVE-2006-1637

Multiple cross-site scripting XSS vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 tname or 2 fpost parameters to a post.php; 3 fullname, 4 emailadd, 5 country, 6 sig, or 7 otherav parameters to b editac.php; or 8 fullname, 9 emailadd, or 10...

CVE-2006-1572

SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action...

CVE-2006-1572

CVE-2006-1572 is an SQL injection vulnerability in Oxygen 1.1.3, exploitable via the fid parameter in a newthread action of post.php. The affected component is Oxygen’s post.php handler; the root cause is unsafely handled user input leading to SQL command execution. This CVE entry has corroborati...

O2PHP Oxygen 1.01.1 - post.php SQL Injection

O2PHP Oxygen 1.01.1 - post.php SQL Injection source: https://www.securityfocus.com/bid/17324/info Oxygen is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit cou...

Cross site scripting

Cross-site scripting XSS vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field possibly messaggio parameter when posting a new message in post.php...

CVE-2006-1157

CVE-2006-1157: XSS vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier. An attacker can inject arbitrary web script/HTML via the Subject field (possibly the messaggio parameter) when posting a new message in post.php. Reported with CVSSv2 metrics: AV:N/AC:M/Au:N/C:N/I:P/A:N; base score 4.3 (M...

CVE-2006-1157

Cross-site scripting XSS vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field possibly messaggio parameter when posting a new message in post.php...

CVE-2006-0941

Multiple cross-site scripting XSS vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages...

CVE-2006-0941

ShoutLIVE 1.1.0 is affected, with multiple XSS in the post.php script when posting new messages due to unsanitized input in certain variables. The underlying issue is improper sanitization of user-supplied data, allowing remote attackers to inject arbitrary web script or HTML. An exploit is liste...

CVE-2006-0941

Multiple cross-site scripting XSS vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages...

CVE-2005-4724

PhpTagCool 1.0.3 contains an SQL injection in post.php, exploitable via the X-Forwarded-For HTTP header, allowing remote SQL command execution. The vulnerability’s impact is described as partial confidentiality, integrity, and availability loss. No explicit exploit code or in-the-wild details are...

[CORRECTIONS AND ADDITIONS ]Azbb v1.1.00 Cross-Site Scripting

PoC : -------------------- 1 This flaw exists because the application does not validate the "nickname" variable upon submission to the post.php script via the POST method. hp://www.target/post.php?nickname="scriptalert'XSS'/script!-- --------------------...

CVE-2006-0407

CVE-2006-0407 affects AZ Bulletin Board (AZbb) 1.1.00 and earlier. The vulnerability is a cross-site scripting (XSS) flaw in post.php, exploitable via the nickname parameter and an iframe tag in the topic parameter, enabling injection of arbitrary HTML/JavaScript by an attacker. The description n...

Cross site scripting

Cross-site scripting XSS vulnerability in post.php in NavBoard V16 Stable2.6.0 and V17beta2 allows remote attackers to inject arbitrary web script or HTML via the 1 b, 2 textlarge, and 3 url bbcode tags...

CVE-2006-0140

NavBoard CVE-2006-0140 is a cross-site scripting (XSS) vulnerability in post.php for NavBoard v16 Stable (2.6.0) and v17beta2. The issue allows remote attackers to inject arbitrary web script or HTML via the (1) b, (2) textlarge, and (3) url bbcode tags. Connected documents confirm the affected c...