3014 matches found
CVE-2007-2625
CVE-2007-2625 is an XSS vulnerability in All In One Control Panel (AIOCP) prior to 1.3.016. The flaw resides in shared/code/cp_authorization.php and allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. The entry notes that details are from third-party sources...
CVE-2006-7196
Cross-site scripting (XSS) vulnerability in the calendar example (cal2.jsp) of Apache Tomcat affects 4.0.0–4.0.6, 4.1.0–4.1.31, 5.0.0–5.0.30, and 5.5.0–5.5.15. An attacker can inject arbitrary script via the time parameter to cal2.jsp (and possibly other vectors). This enables script execution in...
CVE-2007-2472
CVE-2007-2472 is an XSS vulnerability in Sendcard 3.4.1 and earlier, affecting sendcard.php where the form parameter can be exploited to inject arbitrary script/HTML. The description notes the vulnerability details come from third-party sources with unknown provenance. Connected documents confirm...
CVE-2007-2245
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via 1 the fieldkey parameter to browseforeigners.php or 2 certain input to the PMAsanitize function...
Input validation
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-2145
The imagecomments function in classes.php in MiniGal b13 allows remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the input parameter. NOTE: some of these details are obtained from third party information...
CVE-2007-2146
The imagecomments function in classes.php in MiniGal b13 allow remote attackers to inject arbitrary PHP code into a file in the thumbs/ directory via the 1 name or 2 email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2007-2146
CVE-2007-2146 affects MiniGal b13: the imagecomments function in classes.php lets remote attackers inject arbitrary PHP code into a file under thumbs/ by supplying the name or email parameter. This is a client-controlled input vulnerability in a PHP application function, enabling code injection w...
ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
No description provided by source. ?/ File: shoutbox.php Affects: ShoutPro 1.5.2 may affect earlier versions Date: 17th April 2007 Issue Description: =========================================================================== ShoutPro 1.5.2 fails to fully sanitize user input $shout that it writes...
ShoutPro 1.5.2 - shout.php Remote Code Injection
ShoutPro 1.5.2 - shout.php Remote Code Injection ?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "...
ShoutPro <= 1.5.2 (shout.php) Remote Code Injection Exploit
Exploit for unknown platform in category web applications =========================================================== ShoutPro ?php echo "...
ShoutPro 1.5.2 - 'shout.php' Remote Code Injection
?php echo "\n"; echo " Special Greetings To - Timq,Warpboy,The-Maggot \n"; echo "\n\n\n"; //Writes Files - Under 100 bytes to meet requirements $temppayload = "%3C%3F%24a%3D...
CVE-2007-1927
Cross-site scripting XSS vulnerability in signup.asp in CmailServer WebMail 5.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the POP3Mail parameter...
CVE-2007-1848
Cross-site scripting XSS vulnerability in admin/classes/ui.dta.php in Drake CMS allows remote attackers to inject arbitrary web script or HTML via the desctitle field. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports vali...
CVE-2006-7187
Cross-site scripting XSS vulnerability in the showrecentsearches function in cgi-lib/user-lib/search.pl in web-app.net WebAPP before 20060909 allows remote attackers to inject arbitrary web script or HTML via the srch variable...
CVE-2007-1780
The CVE-2007-1780 has concrete details across connected sources: Overlay Weaver’s DHT shell (owdhtshell) versions 0.5.9–0.5.11 are affected by a cross-site scripting (XSS) vulnerability when invoked with the -x option, allowing remote attackers to inject arbitrary web script or HTML via certain i...
CVE-2007-1636
Directory traversal vulnerability in index.php in RoseOnlineCMS 3 B1 allows remote attackers to include arbitrary files via a .. dot dot sequence in the op parameter, as demonstrated by injecting PHP code into Apache log files via the URL and User-Agent HTTP header...
CVE-2007-1524
CVE-2007-1524 affects ZomPlog up to version 3.7.6, specifically the themes/default/ handling. The vulnerability is a directory traversal flaw where an attacker can use the settings[skin] parameter to include local files; by injecting PHP code into an Apache log file, that code can be included via...
CVE-2007-1405
Cross-site scripting XSS vulnerability in the "download wiki page as text" feature in Trac before 0.10.3.1, when Microsoft Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via unspecified parameters...
CVE-2007-1241
CVE-2007-1241 is an XSS vulnerability reported in Audins Audiens 3.3, specifically in setup.php, exploitable through PATH_INFO to inject arbitrary script/HTML. Concretely, multiple sources (NVD, CVE lists, Prion, Vulners) describe the same issue; the root cause is not elaborated beyond the PATH_I...