38 matches found
Ez Ringtone Manager Multiple Remote File Disclosure Vulnerabilities
No description provided by source. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Ez Ringtone Manager Multiple Vulnerabilities + + + + Discovered by b3hz4d + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++...
Ez Ringtone Manager - Multiple Remote File Disclosure Vulnerabilities
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + Ez Ringtone Manager Multiple Vulnerabilities + + + + Discovered by b3hz4d + + + + WwW.DeltaHacking.Net + + + + + + + ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ APA Center of Yazd University...
Directory traversal
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. dot dot in the 1 te and 2 dir parameters in a tempedit action...
CVE-2008-2116
Multiple directory traversal vulnerabilities in editor.php in ScriptsEZ.net Power Editor 2.0 allow remote attackers to read arbitrary local files via a .. dot dot in the 1 te and 2 dir parameters in a tempedit action...
CVE-2008-2116
CVE-2008-2116 affects ScriptsEZ.net Power Editor 2.0: directory traversal in editor.php allows reading arbitrary local files via a .. sequence in the te and dir parameters of the tempedit action. Root cause is improper input handling of path traversal; impact is partial confidentiality/integrity/...
CVE-2008-2115
CVE-2008-2115 concerns multiple cross-site scripting (XSS) vulnerabilities in editor.php of ScriptsEZ.net Power Editor 2.0. The flaws allow remote attackers to inject arbitrary web script or HTML via the te and dir parameters in a tempedit action. NVD records a base score of 4.3 (MEDIUM) with net...
CVE-2006-7059
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...
CVE-2006-7060
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message...
CVE-2006-7060
The CVE-2006-7060 entry concerns the Scriptsez.net E-Dating System, specifically the file/component cindex.php. Affected behavior is a remote disclosure where an invalid id parameter in a dologin action causes an error message that reveals the full filesystem path, leading to potential informatio...
CVE-2006-7059
CVE-2006-7059 affects Scriptsez.net E-Dating System. The issue is multiple cross-site scripting (XSS) vulnerabilities that let remote attackers inject arbitrary script/HTML via encoded entities (') in IMG tags to (1) messages, (2) profile fields, or (3) the id parameter in a dologin opera...
CVE-2006-7060
cindex.php in Scriptsez.net E-Dating System allows remote attackers to obtain the full path via an invalid id parameter in a dologin action, which leaks the path in an error message...
CVE-2006-7061
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting XSS attacks...
CVE-2006-7061
CVE-2006-7061 affects Scriptsez.net E-Dating System. The vulnerability stems from storing data files with predictable names under the web document root and insufficient access control, enabling remote attackers to read private messages and potentially leverage them for XSS. The connected document...
CVE-2006-7059
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net E-Dating System allow remote attackers to inject arbitrary web script or HTML via encoded entities &0000039 in IMG tags to 1 messages, 2 profile fields, or 3 the id parameter in a dologin operation to cindex.php...
CVE-2007-0952
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the 1 t and 2 yr parameters, and the 3 sho parameter when the m parameter is outside the intended range...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the 1 t and 2 yr parameters, and the 3 sho parameter when the m parameter is outside the intended range...
CVE-2007-0952
Multiple cross-site scripting XSS vulnerabilities in Scriptsez.net Virtual Calendar allow remote attackers to inject arbitrary web script or HTML via the 1 t and 2 yr parameters, and the 3 sho parameter when the m parameter is outside the intended range...
E-Dating System from scriptsez.net - XSS
E-Dating System Homepage: http://www.scriptsez.net/ Effected files: Input boxes. cindex.php Description: A Professional dating system that uses flatfiles instead of MySQL. XSS Vulnerabilities PoC: The input boxes of sending a message, and editing your profile do not properally filter user input...