Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Newsletter Manager plugin 1.0.2 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change an email address or 2 conduct script insertion attacks. NOTE: the provenance o...

CVE-2011-1682

Multiple cross-site request forgery CSRF vulnerabilities in phpList 2.10.13 and earlier allow remote attackers to hijack the authentication of administrators for requests that 1 create a list or 2 insert cross-site scripting XSS sequences. NOTE: this issue exists because of an incomplete fix for...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in BBSXP 2008 SP2 allow remote attackers to inject arbitrary web script or HTML via the URI in a request to 1 AddPost.asp, 2 AddTopic.asp, 3 AdminDefault.asp, 4 Bank.asp, 5 Manage.asp, and 6 ShowPost.asp. NOTE: the provenance of this information i...

Sql injection

Multiple SQL injection vulnerabilities in ActiveWebSoftwares Active Bids allow remote attackers to execute arbitrary SQL commands via 1 the catid parameter in the PATHINFO to the default URI or 2 the catid parameter to default.asp. NOTE: this might overlap CVE-2009-0429.3. NOTE: the provenance of...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in @lex Guestbook 4.0.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 languagesetup parameter to setup.php or 2 test parameter to index.php. NOTE: the provenance of this information is unknown; the details are...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the default URI in Chris LaPointe RedGalaxy Download Center 1.2 allow remote attackers to inject arbitrary web script or HTML via the 1 file parameter, 2 message parameter in a login action, 3 category parameter in a browse action, 4 now...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Web Help Desk 9.1.22 evaluation version allow remote attackers to inject arbitrary web script or HTML via the 1 Report Name, 2 Asset No., and 3 Full Name fields in a Models action. NOTE: the provenance of this information is unknown; the detail...

Cross site scripting

Cross-site scripting XSS vulnerability in password.php in Scripts for Sites EZ Reminder allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the u2 parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...

Sql injection

SQL injection vulnerability in index.php in EACOMM DO-CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the p parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Cross site scripting

Cross-site scripting XSS vulnerability in FlatnuX CMS aka Flatnuke3 2008-12-11 allows remote attackers to inject arbitrary web script or HTML via the name parameter in an updaterecord action to index.php in the 08Files module. NOTE: the provenance of this information is unknown; the details are...

Stack overflow

Stack-based buffer overflow in the VSFlexGrid.VSFlexGridL ActiveX control in ComponentOne VSFlexGrid 7.0.1.151 and 8.0.20072.239 allows remote attackers to execute arbitrary code via a long first argument to the Archive method. NOTE: the provenance of this information is unknown; the details are...

Null pointer dereference

The WordClient interface in Alt-N Technologies MDaemon 9.6.5 allows remote attackers to cause a denial of service NULL pointer dereference and application crash via a crafted HTTP POST request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

Cross site scripting

Cross-site scripting XSS vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party informati...

CVE-2008-1342

Multiple cross-site scripting XSS vulnerabilities in the search feature in Polymita BPM-Suite and CollagePortal allow remote attackers to inject arbitrary web script or HTML via the 1 q and 2 luceneindexfieldvalue parameters. NOTE: the provenance of this information is unknown; the details are...

Sql injection

SQL injection vulnerability in loginform.asp in Instant Softwares Dating Site allows remote attackers to execute arbitrary SQL commands via the Username parameter, a different vulnerability than CVE-2007-6671. NOTE: the provenance of this information is unknown; the details are obtained solely fr...

CVE-2007-6142

Multiple cross-site scripting XSS vulnerabilities in ph03y3nk just another flat file JAF CMS 4.0 RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 show parameter to index.php and the 2 print parameter to print.php. NOTE: the provenance of this information is unknown; the...

CVE-2007-5235

Cross-site scripting XSS vulnerability in index.php in Uebimiau 2.7.2 through 2.7.10 allows remote attackers to inject arbitrary web script or HTML via the femail parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Sql injection

SQL injection vulnerability in virlogin.asp in iExpress Property Pro allows remote attackers to execute arbitrary SQL commands via the Password parameter. NOTE: the Username parameter is covered by CVE-2006-6029. NOTE: the provenance of this information is unknown; the details are obtained solely...

CVE-2007-3276

Cross-site scripting XSS vulnerability in index.php in Site@School S@S 2.4.10 allows remote attackers to inject arbitrary web script or HTML via the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...

Stack overflow

Stack-based buffer overflow in smtpdll.dll in the SMTP service in 602Pro LAN SUITE 2003 2003.0.03.0828 allows remote attackers to execute arbitrary code via an e-mail message with a long address. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...