633 matches found
Sql injection
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...
CVE-2006-2565
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...
CVE-2006-2565
SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via 1 the authorid parameter in profile.php and 2 the autid parameter in userarticles.php. NOTE: the autid vector can produce resultant path disclosure if the SQL manipulati...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ulocation or 2 uhobbies parameters...
CVE-2006-1916
Multiple cross-site scripting XSS vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ulocation or 2 uhobbies parameters...
CVE-2006-1916
Multiple cross-site scripting XSS vulnerabilities in profile.php in DbbS 2.0-alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 ulocation or 2 uhobbies parameters...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Ralph Capper Tiny PHP Forum TPF 3.6 allow remote attackers to inject arbitrary web script or HTML via 1 the uname parameter in a view action in profile.php and 2 a login name. NOTE: the "Access to hash password" issue is already covered by...
CVE-2006-1898
Multiple cross-site scripting XSS vulnerabilities in Ralph Capper Tiny PHP Forum TPF 3.6 allow remote attackers to inject arbitrary web script or HTML via 1 the uname parameter in a view action in profile.php and 2 a login name. NOTE: the "Access to hash password" issue is already covered by...
CVE-2006-1775
Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...
CVE-2006-1775
Multiple cross-site scripting XSS vulnerabilities in phpBB 2.0.19 allow remote attackers to inject arbitrary web script or HTML via the 1 Site Description field in a adminboard.php, the 2 Group name and 3 Group description fields in b admingroups.php and c groupcp.php, the 4 Theme Name field in d...
CVE-2006-1603
Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2006-1603
Cross-site scripting XSS vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the curpassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters to a login.php or b register.php; or 3 u parameter to c profile.php...
CVE-2006-1569
Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the 1 username or 2 password parameters to a login.php or b register.php; or 3 u parameter to c profile.php...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in txtForum 1.0.4-dev and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 prev, 2 next, and 3 rand5 parameters in a index.php; the 4 rusername and 5 rloc parameters in b newtopic.php; the 6 rnum, 7 rfamilyname, 8...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
CVE-2006-1133
Multiple cross-site scripting XSS vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to 1 comment.php or 2 contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441...
Cross site scripting
Cross-site scripting XSS vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php...
CVE-2006-1040
Cross-site scripting XSS vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php...
CVE-2006-1040
CVE-2006-1040 affects vBulletin versions 3.0.12 and 3.5.3. The vulnerability is a cross-site scripting (XSS) flaw where user-supplied content placed in the email field is injected into profile.php but not sanitized in sendmsg.php, enabling remote attackers to inject arbitrary web script or HTML t...