Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via 1 the catid parameter to search.php or the 2 typ parameter to register.php...

Unfixed XSS vulnerability at www.klansavaslari.net

Security researcher KaBuS, has submitted on 26/07/2007 a cross-site-scripting XSS vulnerability affecting www.klansavaslari.net, which at the time of submission ranked 6071 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/08/2007. It is...

MyEvent1.6 (template.php) Remote File Inclusion Vulnerability

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

PBSite - PHP Bulletin Site | CMS ====> RFI

.-" "-. / | TiTaNiC | |, .-. .-. ,| | o/ o | |/ / | @ ^^ |IIIIII|/ @8@8|-IIIIII/-| / HaCkEr / @ script:PBSite - PHP Bulletin Site | CMS ==== RFI url:http://sourceforge.net/project/showfiles.php?groupid=88114 authot:titanichacker [email protected] contact: hack-teach.com & mohandko.com...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-2914

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

CVE-2007-2914

Multiple cross-site scripting XSS vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 awards.php, 2 login.php, 3 register.php, 4 weapons.php, and possibly other unspecified files...

RedLevel Advisory #017 - PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities

PsychoStats v3.0.6b Multiple Cross-Site Scripting Vulnerabilities PsychoStats contains multiple cross-site scripting vulnerabilities that may be exploited through the URI. Vulnerable Files: awards.php, login.php, register.php, weapons.php - other files may also be susceptible to this vulnerabilit...

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...

nuclearbb-sql.txt

NuclearBB Alpha 1 - Multiple Blind SQL/XPath Injection Vulnerabilities Vulnerable: NuclearBB Alpha 1 Google d0rk: "This forum is powered by NuclearBB" ============= String Inputs ============= ---------------------------- login.php - $POST'submit' ---------------------------- username=xyz...

NuclearBB Alpha 1 - Multiple SQL Injections

source: https://www.securityfocus.com/bid/23555/info NuclearBB is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or...

CVE-2007-1443

Multiple cross-site scripting XSS vulnerabilities in register.php in Woltlab Burning Board wBB 2.3.6 and Burning Board Lite 1.0.2pl3e allow remote attackers to inject arbitrary web script or HTML via the 1 rusername, 2 remail, 3 rpassword, 4 rconfirmpassword, 5 rhomepage, 6 ricq, 7 raim, 8 ryim, ...

CVE-2007-1443

CVE-2007-1443 covers multiple reflected cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) 2.3.6 and Burning Board Lite 1.0.2pl3e, exploitable via the register.php form fields (r_username, r_email, r_password, r_confirmpassword, r_homepage, …, r_timezoneoffset, r_usewysiwyg...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

CVE-2007-1291

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

CVE-2007-1291

Multiple cross-site scripting XSS vulnerabilities in Tyger Bug Tracking System TygerBT 1.1.3 allow remote attackers to inject arbitrary web script or HTML via the PATHINFO to 1 Login.php and 2 Register.php...

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

CVE-2006-7072

Cross-site scripting XSS vulnerability in GeoClassifieds Enterprise 2.0.5.2 and earlier allows remote attackers to inject arbitrary web script and HTML via the 1 busername and 2 c parameters to a index.php, the busername parameter to b admin/index.php, and 3 cphone parameter to register.php...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the 1 login or 2 mailaddress field in Register.php, or the 3 searchauthor, 4 mode, 5 startyear, 6 endyear, or 7 datetype field in Search.php, a different...

CVE-2006-7036

PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not b...