CVE-2006-6808

Cross-site scripting XSS vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the getfiledescription function in wp-admin/admin-functions.php...

CVE-2006-6363

CVE-2006-6363 describes a Cross-site scripting (XSS) vulnerability in admin.pl of BlueSocket Secure Controller (BSC) prior to version 5.2, or without the 5.1.1-BluePatch. An attacker can inject arbitrary web script or HTML via the ad_name parameter. The CVSS data indicates a network-accessible, l...

EUVD-2006-5958

Multiple cross-site scripting XSS vulnerabilities in comments.asp in BlogMe 3.0 allow remote attackers to inject arbitrary web script or HTML via the 1 Name, 2 URL, or 3 Comments field...

EUVD-2006-5927

Cross-site scripting XSS vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager CSM allows remote attackers to inject arbitrary web script or HTML via the s parameter...

PT-2006-6609 · Mginternet · Mginternet Car Site Manager

Name of the Vulnerable Software and Affected Versions: MGinternet Car Site Manager CSM affected versions not specified Description: A cross-site scripting XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the s parameter in the /csm/asp/listings.asp API...

EUVD-2006-4196

Cross-site scripting XSS vulnerability in calendar.asp in ASPPlayground.NET Forum Advanced Edition 2.4.5 Unicode, and possibly other versions before October 15, 2006, allows remote attackers to inject arbitrary web script or HTML via the calendarID parameter...

CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

DEBIAN-CVE-2006-4067

Cross-site scripting XSS vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 "Not Found" error page. NOTE: some of these details are obtained from third party information...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

DEBIAN-CVE-2006-3810

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

security flaw

Cross-site scripting XSS vulnerability in Mozilla Firefox 1.5 before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows remote attackers to inject arbitrary web script or HTML via the XPCNativeWrapperwindow.Function construct...

mospray.txt

Kurdish Security MoSpray Remote File Include Vulnerability Original Advisory : http://kurdishsecurity.blogspot.com/2006/07/kurdish-security-14-mospray-basedir.html Freedom For Ocalan Contact : irc.gigachat.net kurdhack & www.PatrioticHackers.com Rish : High Class : Remote Script : MoSpray Site :...

CVE-2006-3681

Multiple cross-site scripting XSS vulnerabilities in awstats.pl in AWStats 6.5 build 1.857 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 refererpagesfilter, 2 refererpagesfilterex, 3 urlfilterex, 4 urlfilter, 5 hostfilter, or 6 hostfilterex parameters, a...

CVE-2006-3624

CVE-2006-3624 documents multiple cross-site scripting (XSS) vulnerabilities in FLV Players 8 . The issue is triggered by the url parameter to either player.php or popup.php , allowing remote injection of arbitrary script/HTML. NVD reports a CVSSv2 base score of 4.3 (MEDIUM) with network attack ve...

EUVD-2006-3566

Multiple cross-site scripting XSS vulnerabilities in interna/hilfe.php in Papoo 3 RC3 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 titel or 2 ausgabe parameters...

PT-2006-4443 · Unknown · Fantastic Guestbook

Name of the Vulnerable Software and Affected Versions: Fantastic Guestbook versions 2.0.1 and earlier Description: The issue allows remote attackers to inject arbitrary web script or HTML via the first name, last name, or nickname parameters in the guestbook.php file. Recommendations: For Fantast...

PT-2006-4289 · Taskjitsu · Taskjitsu

Name of the Vulnerable Software and Affected Versions: Taskjitsu versions prior to 2.0.1 Description: The issue allows remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the title and description parameters when creating a task. Recommendations:...

cpanel10.txt

A new vulnerability was found in Cpanel V.10; It happen cause the variable &File of the select.html file in the edit-zone just filter the 's labels and the possibility can by open to other labels like Server Side Include, HMTL labels... including Javascript expressed in other ways An attacker can...

mybloggie221.txt

Milli-Harekat Advisory www.milli-harekat.org MyBloggie = 2.1.1 version - Remote File Include Vulnerabilities Risk : meduim Class: Remote Script : MyBloggie 2.1.1 version Msn : erne at ernealizm.com Credits : ERNE Thanks : DjReMix,Eskobar,Blackened,TRIP,ßy KorsaN,OsL3m7,Poizonbox,Dilejyoner and Al...