CVE-2006-5168

CVE-2006-5168 affects Simon Brown Pebble 2.0.0 RC1 and RC2, specifically the search functionality. The vulnerability is a cross-site scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML through the query string. The provided documents do not include exploitatio...

CVE-2006-5168

Cross-site scripting XSS vulnerability in the search functionality in Simon Brown Pebble 2.0.0 RC1 and RC2 allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

DEBIAN-CVE-2006-4798

SQL-Ledger before 2.4.4 stores a password in a query string, which might allow context-dependent attackers to obtain the password via a Referer field or browser history...

CVE-2006-4794

CVE-2006-4794 describes multiple XSS vulnerabilities in e107 0.7.5 via the PATH_INFO query string in numerous PHP pages (contact.php, download.php, admin.php, etc.). Connected records indicate a broader XSS family affecting e107 0.7.16 and earlier (admin/ and related files such as submitnews.php,...

CVE-2006-4794

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the query string PATHINFO in 1 contact.php, 2 download.php, 3 admin.php, 4 fpw.php, 5 news.php, 6 search.php, 7 signup.php, 8 submitnews.php, and 9 user.php. NOTE: the...

phpunity.postcard - 'gallery_path' Remote File Inclusion

phpunity.postcard phpunity-postcard.php Remote File Inclusion Exploit Affected Software .: phpunity.postcard Vendor ............: http://www.perlunity.de/ Class .............: Remote File Inclusion Risk ..............: high Remote File Execution Found by ..........: Rivertam Contact ...........:...

CVE-2006-3585

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...

CVE-2006-3585

Multiple cross-site scripting XSS vulnerabilities in Jetbox CMS 2.1 SR1 allow remote attackers to inject arbitrary web script or HTML via the 1 login parameter in admin/cms/index.php, 2 unspecified parameters in the "Supply news" page in formmail.php, 3 the URL in the "Site statistics" page, and...

Directory traversal

Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. dot dot in the query string...

CVE-2006-2813

Directory traversal vulnerability in easy-scart.cgi in iShopCart allows remote attackers to read arbitrary files via a .. dot dot in the query string...

Cross site scripting

Cross-site scripting XSS vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the 1 URL query string and the 2 Sort parameter...

CVE-2006-2610

Cross-site scripting XSS vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the 1 URL query string and the 2 Sort parameter...

CVE-2006-2610

Cross-site scripting XSS vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the 1 URL query string and the 2 Sort parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in 1 index.php and 2 bmc/admin.php in BoastMachine bMachine 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $SERVER"PHPSELF" variable...

CVE-2006-2490

Multiple cross-site scripting XSS vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in 1 the query string to help/help,...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in 1 the query string to help/help,...

CVE-2006-2490

Multiple cross-site scripting XSS vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in 1 the query string to help/help,...