8 matches found
EUVD-2006-2533
Malware in sbrugna...
Destiney Rated Images Script v0.5.0 - XSS Vulnv
Destiney Rated Images Script v0.5.0 Homepage: http://destiney.com/scripts Description: Destiney Rated Images script is continuation of the free phpRated script. Rated Images is a web application written in PHP for use with MySQL. Rated Images allows visitors to your site to list their pictures an...
Cross site scripting
Cross-site scripting XSS vulnerability in 1 addWeblog.php and 2 leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag...
CVE-2006-2533
Cross-site scripting XSS vulnerability in 1 addWeblog.php and 2 leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag...
CVE-2006-2532
stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was originally claimed to be SQL injection, but CVE analysis shows that the problem is related to an...
CVE-2006-2533
This CVE concerns Destiney Rated Images Script 0.5.0. The vulnerability is a Cross-site scripting (XSS) flaw in (1) addWeblog.php and (2) leaveComments.php caused by inadequate filtering of HTML tags, allowing remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. Im...
CVE-2006-2533
Cross-site scripting XSS vulnerability in 1 addWeblog.php and 2 leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag...
CVE-2006-2532
The CVE-2006-2532 entry concerns Destiney Rated Images Script 0.5.0. The affected component is stats.php where an invalid s parameter can cause an error message to reveal the installation path. The description notes this was initially claimed to be SQL injection, but CVE analysis attributes the i...