3017 matches found
CVE-2002-1954
CVE-2002-1954 is an XSS in the PHP 4.2.3 phpinfo function. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the query string argument, demonstrated using soinfo.php. Affected software: PHP 4.2.3; vulnerable component: phpinfo output handling. Root cause: unsani...
CVE-2002-1802
Cross-site scripting XSS vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news...
CVE-2002-1965
Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...
CVE-2002-1732
Actinic Catalog 4.7.0 is affected by multiple XSS vulnerabilities (CVE-2002-1732). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) query string arguments to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) the PRODREF parameter to ss000007.pl, or ...
CVE-2005-1811
Technical details for CVE-2005-1811 are not publicly available in the provided documents. Monitor for updates.
postnuke -- multiple vulnerabilities
Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...
Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)
-----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0, 20050418 Next: -----------------Code Start-----Version 1.36, 2.0, 20050418 Next-------------- pass1: pass2: Id: Member Key:...
CVE-2005-1695
CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
The remote host is running PostNuke version 0.760 RC4a or older. These versions suffer from several vulnerabilities, among them : - Multiple Remote Code Injection Vulnerabilities An attacker can read arbitrary files on the remote and possibly inject arbitrary PHP code remotely. - SQL Injection...
CVE-2004-1926
Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to inject arbitrary code via the 1 Theme, 2 Country, 3 Real Name, or 4 Displayed time zone fields in a User Profile, or the 5 Name, 6 Description, 7 URL, or 8 Country fields in a Directory/Add Site operation...
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion of remote code that could be run...
CVE-2005-1181
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...
CVE-2005-1231
Cross-site scripting XSS vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the 1 term or 2 description...
CVE-2005-1181
Ariadne CMS 2.4 is cited as affected by a PHP remote code injection in loader.php via the ariadne parameter referencing a remote URL. The vendor disputes the issue, arguing loader.php must include ariadne.inc (defining $ariadne) and cannot be modified by an attacker; CVE personnel have partially ...
CVE-2005-1181
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...
CVE-2005-1049
Summary: CVE-2005-1049 describes multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC3 (and related RC4 variants) where an attacker can inject arbitrary HTML/JavaScript via the module parameter to admin.php or the op parameter to user.php. The issue is noted to exist when the ...
CVE-2005-1030
CVE-2005-1030 affects the Active Auction House ASP application. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via parameters such as ReturnURL, password, username, and other fields (e.g., ReturnURL to...
CVE-2005-0919
Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting XSS attacks...
CVE-2005-0548
Cross-site scripting XSS vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function...
CVE-2005-0645
Cross-site scripting XSS vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the 1 CLIENT-IP or 2 X-FORWARDED-FOR header in an HTTP POST request to shownews.php...