PHPAUCTION Cross Site Scripting Vulnerability

No description provided by source. ======================================================================================== | Title : PHPAUCTION Cross Site Scripting Vulnerability | | Author : indoushka | | email : [email protected] | | Home : Souk Naamane - 04325 - Oum El Bouaghi - Algeria...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4250

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

CVE-2009-4250

Multiple cross-site scripting XSS vulnerabilities in CutePHP CuteNews 1.4.6 and UTF-8 CuteNews before 8b allow remote attackers to inject arbitrary web script or HTML via 1 the result parameter to register.php; 2 the user parameter to search.php; the 3 catmsg, 4 sourcemsg, 5 postponedselected, 6...

Unrestricted file upload

Unrestricted file upload vulnerability in Opial 1.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension as a User Image, then accessing it via a request to the file in userimages, related to register.php...

Nullam Blog 0.1.2 LFI / XSS / SQL Injection

-- Salvatore Fresta aka drosophila CWNP444351 Salvatore "drosophila" Fresta + Application: Nullam Blog + Version: 0.1.2 + Website: http://nullam.net/ + Bugs: A Local File Inclusion B File Disclosure C Multiple Blind SQL Injection D SQL Injection E Reflected XSS + Exploitation: Remote + Date: 10 S...

Cross site scripting

Cross-site scripting XSS vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks...

CVE-2008-7010

Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php...

CVE-2008-6924

CVE-2008-6924 affects eSyndiCat Directory 2.2, with XSS in register.php allowing remote injection of scripts via six parameters (username, email, password, password2, security_code, register). The initial data lists a MEDIUM base score (CVSS v2: 4.3) and mentions no exploitation details; no remed...

Opial 1.0 File Upload / XSS / SQL Injection

::::::::::::::::::::R3AL.RU:::::::::::::::::::: Opial 1.0 Arbitrary File Upload & XSS & SQL Injection genresparent Author: LMaster Greetz: r3al.ru Official Site with demo: http://www.opial.com --Arbitrary File UploadSQL InjectionXSSalertdocument.cookie; Demo: http://www.opial.com/demo/register.ph...

Sql injection

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2008-6805

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2008-6805

Multiple SQL injection vulnerabilities in MicBlog 0.0.3, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 cat parameter to category.php, the 2 user parameter to login.php, and the 3 site parameter to register.php...

CVE-2009-1228

Cross-site scripting XSS vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field username parameter...

CVE-2009-1228

CVE-2009-1228 is a documented cross-site scripting (XSS) vulnerability in the Arcadwy Arcade Script CMS, specifically in the register.php script where the username field (user_name parameter) can be injected with arbitrary web script or HTML by remote attackers. The NVD entry lists a CVSSv2 base ...

CVE-2009-1228

Cross-site scripting XSS vulnerability in register.php in Arcadwy Arcade Script CMS allows remote attackers to inject arbitrary web script or HTML via the username field username parameter...

BlogMan 0.45 Multiple Vulnerabilities

Salvatore "drosophila" Fresta Application: BlogMan http://sourceforge.net/projects/blogman/ Version: 0.45 Bug: Multiple SQL Injection Authentication Bypass Privilege Escalation Exploitation: Remote Date: 1 Mar 2009 Discovered by: Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta...

gamersfusion-xss.txt

--------------------------------------------------------- Portal Name: Gamers Fusion 2.5 Vendor : http://sourceforge.net/projects/gamers-fusion Vulnerable File : register.php Dork: Vallheru Team based on Gamers-Fusion 2.5 Author : PouyaServer , [email protected] Vulnerability : XSS Cross sit...

Unfixed XSS vulnerability at www.metavantecards.com

Security researcher PaPPy, has submitted on 10/05/2008 a cross-site-scripting XSS vulnerability affecting www.metavantecards.com, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 12/05/2008. It is current...

Vikingboard 0.2 Beta - 'register.php' SQL Column Truncation Unauthorized Access

source: https://www.securityfocus.com/bid/31408/info Vikingboard is prone to an unauthorized-access vulnerability. Successfully exploiting this issue can allow attackers to register and log in as existing users. Vikingboard 0.2 Beta is vulnerable; other versions may also be affected. The followin...