CVE-2006-2491

Cross-site scripting XSS vulnerability in 1 index.php and 2 bmc/admin.php in BoastMachine bMachine 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $SERVER"PHPSELF" variable...

EUVD-2006-2491

Cross-site scripting XSS vulnerability in 1 index.php and 2 bmc/admin.php in BoastMachine bMachine 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $SERVER"PHPSELF" variable...

CVE-2006-2148

Multiple buffer overflows in client.c in CGI:IRC CGIIRC before 0.5.8 might allow remote attackers to execute arbitrary code via 1 cookies or 2 the query string...

Buffer overflow

Multiple buffer overflows in client.c in CGI:IRC CGIIRC before 0.5.8 might allow remote attackers to execute arbitrary code via 1 cookies or 2 the query string...

CVE-2006-2148

CVE-2006-2148 affects CGIIRC in which multiple buffer overflows in the file client.c allow remote code execution via (1) cookies or (2) the query string. OpenVAS/Debian advisories document the issue and cite that vulnerable versions are prior to 0.5.8; Debian/Ubuntu advisories recommend upgrading...

Cross site scripting

Cross-site scripting XSS vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 SID parameter, or 3 ilang parameter...

CVE-2006-1980

Cross-site scripting XSS vulnerability in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the 1 query string, 2 SID parameter, or 3 ilang parameter...

CVE-2006-1980

CVE-2006-1980 is an XSS vulnerability in W2B Online Banking. The vulnerability allows remote attackers to inject arbitrary script via (1) query string, (2) SID parameter, or (3) ilang parameter. The NVD entry reports a CVSS v2.0 base score of 2.6 (low) with Network attack vector, high attack comp...

CVE-2006-1293

Cross-site scripting XSS vulnerability in index.php in Contrexx CMS 1.0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string PHPSELF...

Cross site scripting

Cross-site scripting XSS vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php...

CVE-2006-1121

Cross-site scripting XSS vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php...

CVE-2006-1121

Cross-site scripting XSS vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php...

Sql injection

PHP-Nuke 7.8 Patched 3.2 allows remote attackers to bypass SQL injection protection mechanisms via /%2a / sequences with the "adclick" word in the query string, as demonstrated via the kala parameter...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

Cross site scripting

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

CVE-2006-0703

Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting XSS vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter...

More on the workaround for the unpatched Oracle PLSQL Gateway flaw

According to Oracle, the workaround I posted, that prevents exploitation of a critical vulnerability that Oracle has so far failed to fix, breaks certain applications that sits atop their PLSQL Gateway. Though my workaround prevents exploitation of the critical flaw and thus protects vulnerable...

CVE-2006-0341

Cross-site scripting XSS vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string...

CVE-2006-0342

RockLiffe MailSite HTTP Mail management agent httpma 7.0.3.1 allows remote attackers to cause a denial of service CPU consumption and crash via a malformed query string containing special characters such as "|"...