3025 matches found
CVE-2005-4364
Cross-site scripting XSS vulnerability in index.cfm in Hot Banana Web Content Management Suite 5.3 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter...
CVE-2005-4204
Cross-site scripting XSS vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this issue is distinct from the msg DoS...
CVE-2005-4072
Cross-site scripting XSS vulnerability in CFMagic Magic Forum Personal 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the Words parameter in searchforums.cfm, as used in the "Search For:" field...
CVE-2005-3977
CVE-2005-3977 describes a cross-site scripting (XSS) vulnerability in QualityEBiz Quality PPC 1553. The issue is triggered via the REQ parameter to the search module, allowing remote attackers to inject web script or HTML. The core detail across sources confirms the vulnerable component is the se...
CVE-2005-3866
CVE-2005-3866 involves a cross-site scripting (XSS) vulnerability in the SearchFeed Search Engine 1.3.2 and earlier . The flaw, likely exploitable via the REQ parameter used during a search, could allow remote attackers to inject arbitrary HTML and web script. The connected documents confirm the ...
KLA10399 Multiple vulnerabilities in Winmail
Multiple serious vulnerabilities have been found in Winmail Server. Malicious users can exploit these vulnerabilities to inject scripts or overwrite local files. Below is a complete list of vulnerabilities 1. A directory traversal can be exploited remotely via a side parameter; 2. An XSS...
CVE-2005-3412
Cross-site scripting XSS vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an tag...
CVE-2005-3202
Multiple cross-site scripting XSS vulnerabilities in Oracle HTML DB HTMLDB 1.3 through 1.3.6 allow remote attackers to inject arbitrary web script or HTML, and subsequently execute SQL statements via the 1 p or 2 pt02 parameters...
CVE-2005-2557
Cross-site scripting XSS vulnerability in viewallset.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug0005959, and a different vulnerability than CVE-2005-3090...
CVE-2005-2886
CVE-2005-2886 affects MAXdev MD-Pro 1.0.73 (and possibly earlier) with multiple XSS vulnerabilities. The issue allows remote attackers to inject arbitrary web script or HTML via: (1) the print parameter to the print module, (2) the sitename parameter to the bb_smilies module, (3) the sitename par...
CVE-2005-2869
Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.6.4 allow remote attackers to inject arbitrary web script or HTML via 1 the Username to libraries/auth/cookie.auth.lib.php or 2 the error parameter to error.php...
CVE-2005-2820
CVE-2005-2820 is an XSS vulnerability in SqWebMail courier (Conditional Comments in Internet Explorer). The root cause is missing input sanitising in the courier/sqwebmail handling of HTML in emails, allowing remote attackers to inject script via crafted messages. Affected: SqWebMail courier depl...
CVE-2005-2336
Cross-site scripting XSS vulnerability in Hiki 0.8.0 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via "missing pages" in which the page name is not properly escaped, a different vulnerability than CVE-2005-2803...
CVE-2005-2803
Cross-site scripting XSS vulnerability in Hiki 0.8.1 to 0.8.2 allows remote attackers to inject arbitrary web script or HTML via a page name in a Login link, a different vulnerability than CVE-2005-2336...
Simple Machines Forum < 1.0.7 Code Injection
Binary data 3198.prm...
phpAdsNew / phpPgAds < 2.0.6 Multiple Vulnerabilities
The remote host is running phpAdsNew / phpPgAds, an open source banner ad server. The version of phpAdsNews / phpPgAds installed on the remote host suffers from several flaws : - Remote PHP Code Injection Vulnerability The XML-RPC library bundled with the application allows an attacker to inject...
CVE-2005-2542
Technical details about CVE-2005-2542 are not publicly available in the provided connected documents. Monitor for updates; sources do not specify affected versions, impact, vectors, or remediation beyond the IPB 1.0.3 issue.
[SECURITY] [DSA 768-1] New phpbb2 packages fix cross-site scripting
-------------------------------------------------------------------------- Debian Security Advisory DSA 768-1 [email protected] http://www.debian.org/security/ Martin Schulze July 27th, 2005 http://www.debian.org/security/faq -...
CVE-2005-2396
Cross-site scripting XSS vulnerability in MediaWiki 1.4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via a parameter to the page move template...
CVE-2005-2379
Oracle Reports 9.0.2 is affected by multiple cross-site scripting (XSS) vulnerabilities that allow remote attackers to inject arbitrary web script or HTML. The weaknesses are triggered via specific parameters: (1) debug in showenv, (2) test in parsequery, or (3) delimiter, and (4) CELLWRAPPER in ...