Unfixed XSS vulnerability at www.dll-files.com

Security researcher Vagrant, has submitted on 18/03/2007 a cross-site-scripting XSS vulnerability affecting www.dll-files.com, which at the time of submission ranked 15436 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 18/03/2007. It is...

[Full-disclosure] Horde IMP Webmail Client version H3 (4.1.4) fixes multiple XSS issues

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Horde IMP Webmail Client version H3 4.1.4 was released a few hours ago. It contains fixes for 2 XSS issues compared to 4.1.4 RC1. 1. Script injection through email subject lines in threaded view Subject lines of emails, when displayed in vulnerabl...

Unfixed XSS vulnerability at thecrack.us

Security researcher St@rExT, has submitted on 03/03/2007 a cross-site-scripting XSS vulnerability affecting thecrack.us, which at the time of submission ranked 247262 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 05/03/2007. It is currently...

Unfixed XSS vulnerability at www.araba.com

Security researcher zuppergazi, has submitted on 24/02/2007 a cross-site-scripting XSS vulnerability affecting www.araba.com, which at the time of submission ranked 2152 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 04/03/2007. It is currentl...

CVE-2006-5080

Cross-site scripting XSS vulnerability in the search function in Six Apart Movable Type 3.3 to 3.32, and Movable Type Enterprise 1.01 and 1.02, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

JetBox cms (search_function.php) Remote File Include

Found by : CarcaBot -- E-mail : CarcaBotx at Yahoo dot com -- $relativescriptpath.'/libs/htmlheader.php -- Exploit -- Google Dork: powered by Jetbox CMS -- http://www.sitename.com/path/includes/phpdig/libs/searchfunction.php?relative scriptpath=Evil Code -- Greets goes to : CarcaBot Administrator...

jetboxCMSinclude.txt

Jetbox CMS searchfunction.php Remote File Include F0und by : D3nGeR E-mail : [email protected] the code include $relativescriptpath.'/libs/htmlheader.php The Expl dork : powered by Jetbox CMS www.sitename.com/path/includes/phpdig/libs/searchfunction.php?relativescriptpath=Evil Code...

[Full-disclosure] Content Management Framework "G3" - XSS Vulnerability in Search Function

Content Management Framework "G3" - XSS Vulnerability in Search Function INTRO According to the manufacturer, "G3" is a classic content-management-system, allowing customers to manage their own websites without knowing much about webpublishing. Information about the product is available at:...

CVE-2006-3905

SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the 1 postid parameter in index.php and 2 search function...

CVE-2006-3905

SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the 1 postid parameter in index.php and 2 search function...

D-Link Router UPNP Stack Overflow

D-Link Router UPNP Stack Overflow Release Date: July 13, 2006 Date Reported: February 27, 2006 Patch Development Time In Days: 136 Severity: High Remote Code Execution Vendor: D-Link Routers Affected: DI-524 Rev A DI-524 Rev C DI-524 Rev D DI-604 Rev E DI-624 Rev C DI-624 Rev D DI-784 Rev A...

XSS in GardenWeb

use the searchbox with "scriptalert'XSS'/script eg url: http://search.gardenweb.com/search/nph-ind.cgi?term=223E3Cscript3Ealert2827XSS27293C2Fscript3E...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in Clansys aka Clanpage System 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function...

CVE-2006-2367

Cross-site scripting XSS vulnerability in index.php in Clansys aka Clanpage System 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function...

CVE-2006-2367

Cross-site scripting XSS vulnerability in index.php in Clansys aka Clanpage System 1.0 and 1.1 allows remote attackers to inject arbitrary web script or HTML via the func parameter in a search function...

CVE-2006-2367

CVE-2006-2367 is a cross-site scripting (XSS) vulnerability in Clansys (Clanpage System) versions 1.0 and 1.1. The flaw resides in index.php where the search function passes a user-controlled func parameter, enabling remote attackers to inject arbitrary web script or HTML. The published entries c...

tpb-dyn0.txt

ThePirateBay XSS ----------- Desc: XSS In ThePirateBay search function Risk: no risk, just cool, you might be able to steal the admins cookie Discovered by : dyn0 codeslagatgmail.com http://0xdeadface.co.uk TPB blurb : If you dont know that ThePirateBay is then where the fuck have you been for th...

CVE-2005-4315

SQL injection vulnerability in the search function in Plexum PLEXCART X3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly involving the 1 sitemname and 2 sorderby parameters to plexcart.pl...

CMSimple index.php search Function XSS

The remote host is running CMSimple, a CMS written in PHP. The version of CMSimple installed on the remote host is prone to cross-site scripting attacks due to its failure to sanitize user-supplied input to the search field. %NASLMINLEVEL 70300 Josh Zlatin-Amishav josh at ramat dot cc GPLv2 Chang...

CVE-2005-2439

SQL injection vulnerability in UseBB 0.5.1 and earlier, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function...