Lucene search
K

3017 matches found

CVE
CVE
added 2005/06/28 4:0 a.m.57 views

CVE-2002-1954

CVE-2002-1954 is an XSS in the PHP 4.2.3 phpinfo function. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the query string argument, demonstrated using soinfo.php. Affected software: PHP 4.2.3; vulnerable component: phpinfo output handling. Root cause: unsani...

4.3CVSS6AI score0.11853EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.23 views

CVE-2002-1802

Cross-site scripting XSS vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news...

5.7AI score0.01724EPSS
Exploits1References4
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.23 views

CVE-2002-1965

Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...

5.7AI score0.01733EPSS
Exploits1References3
CVE
CVE
added 2005/06/21 4:0 a.m.45 views

CVE-2002-1732

Actinic Catalog 4.7.0 is affected by multiple XSS vulnerabilities (CVE-2002-1732). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) query string arguments to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) the PRODREF parameter to ss000007.pl, or ...

4.3CVSS6AI score0.0137EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2005/06/01 4:0 a.m.46 views

CVE-2005-1811

Technical details for CVE-2005-1811 are not publicly available in the provided documents. Monitor for updates.

4.3CVSS6AI score0.0127EPSS
Exploits1References4Affected Software1
FreeBSD
FreeBSD
added 2005/05/27 12:0 a.m.57 views

postnuke -- multiple vulnerabilities

Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...

7.5CVSS7.2AI score0.79071EPSS
Exploits6References4
Exploit DB
Exploit DB
added 2005/05/26 12:0 a.m.26 views

Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)

-----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0, 20050418 Next: -----------------Code Start-----Version 1.36, 2.0, 20050418 Next-------------- pass1: pass2: Id: Member Key:...

7.4AI score
Exploits0
CVE
CVE
added 2005/05/24 4:0 a.m.51 views

CVE-2005-1695

CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...

2.6CVSS5.8AI score0.01158EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/05/23 12:0 a.m.32 views

PostNuke <= 0.760 RC4a Multiple Vulnerabilities

The remote host is running PostNuke version 0.760 RC4a or older. These versions suffer from several vulnerabilities, among them : - Multiple Remote Code Injection Vulnerabilities An attacker can read arbitrary files on the remote and possibly inject arbitrary PHP code remotely. - SQL Injection...

7.5CVSS6.6AI score0.01686EPSS
Exploits0References10
Cvelist
Cvelist
added 2005/05/10 4:0 a.m.22 views

CVE-2004-1926

Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to inject arbitrary code via the 1 Theme, 2 Country, 3 Real Name, or 4 Displayed time zone fields in a User Profile, or the 5 Name, 6 Description, 7 URL, or 8 Country fields in a Directory/Add Site operation...

7AI score0.07466EPSS
Exploits3References4
Exploit DB
Exploit DB
added 2005/05/03 12:0 a.m.24 views

osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities

source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion of remote code that could be run...

7.4AI score
Exploits0
NVD
NVD
added 2005/05/02 4:0 a.m.16 views

CVE-2005-1181

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...

7.5CVSS8.1AI score0.02523EPSS
Exploits0References3
Cvelist
Cvelist
added 2005/04/24 4:0 a.m.22 views

CVE-2005-1231

Cross-site scripting XSS vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the 1 term or 2 description...

5.7AI score0.01939EPSS
Exploits1References3
CVE
CVE
added 2005/04/19 4:0 a.m.47 views

CVE-2005-1181

Ariadne CMS 2.4 is cited as affected by a PHP remote code injection in loader.php via the ariadne parameter referencing a remote URL. The vendor disputes the issue, arguing loader.php must include ariadne.inc (defining $ariadne) and cannot be modified by an attacker; CVE personnel have partially ...

7.5CVSS8.5AI score0.02523EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2005/04/19 4:0 a.m.19 views

CVE-2005-1181

NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...

8.1AI score0.02523EPSS
Exploits0References3
CVE
CVE
added 2005/04/12 4:0 a.m.45 views

CVE-2005-1049

Summary: CVE-2005-1049 describes multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC3 (and related RC4 variants) where an attacker can inject arbitrary HTML/JavaScript via the module parameter to admin.php or the op parameter to user.php. The issue is noted to exist when the ...

2.6CVSS6.1AI score0.0354EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2005/04/09 4:0 a.m.41 views

CVE-2005-1030

CVE-2005-1030 affects the Active Auction House ASP application. The vulnerability is described as multiple cross-site scripting (XSS) flaws that allow remote attackers to inject arbitrary web script or HTML via parameters such as ReturnURL, password, username, and other fields (e.g., ReturnURL to...

4.3CVSS5.8AI score0.0509EPSS
Exploits1References12Affected Software1
NVD
NVD
added 2005/03/29 5:0 a.m.16 views

CVE-2005-0919

Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject arbitrary web script or HTML into the chat space, which leaves other users vulnerable to cross-site scripting XSS attacks...

4.3CVSS5.7AI score0.01374EPSS
Exploits0References7
Cvelist
Cvelist
added 2005/03/09 5:0 a.m.18 views

CVE-2005-0548

Cross-site scripting XSS vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the Search function...

5.6AI score0.01685EPSS
Exploits4References3
Cvelist
Cvelist
added 2005/03/04 5:0 a.m.24 views

CVE-2005-0645

Cross-site scripting XSS vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the 1 CLIENT-IP or 2 X-FORWARDED-FOR header in an HTTP POST request to shownews.php...

6.1AI score0.00938EPSS
Exploits0References2
Rows per page
Query Builder