40 matches found
CVE-2002-2376
Cross-site scripting XSS vulnerability in E-Guestsign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the 1 full name, 2 email, 3 homepage, and 4 location parameters. NOTE: this issue might overlap CVE-2005-1605...
CVE-2024-40069
Sourcecodester Online ID Generator System 1.0 was discovered to contain Stored Cross Site Scripting XSS via idgenerator/classes/Users.php?f=save, and the point of vulnerability is in the POST parameter 'firstname' and 'lastname'...
CVE-2023-38916
SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields...
CVE-2023-38916
SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields...
CVE-2023-38916
SQL Injection vulnerability in eVotingSystem-PHP v.1.0 allows a remote attacker to execute arbitrary code and obtain sensitive information via the user input fields...
Time Slot Booking Calendar 1.8 Cross Site Scripting
┌┌───────────────────────────────────────────────────────────────────────────────────────┐ ││ C r a C k E r ┌┘ ┌┘ T H E C R A C K O F E T E R N A L M I G H T ││ └───────────────────────────────────────────────────────────────────────────────────────┘┘ ┌──── From The Ashes and Dust Rises An...
PT-2023-16486 · Unknown · Sourcecodester Online Eyewear Shop
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the function registration of the file oews/classes/Users.php of the component POST Request Handler. The manipulation of the arguments firstname,...
AKCP sensorProbe Cross-Site Scripting Vulnerability
The AKCP sensorProbe is a platform-independent environmental and safety monitoring device from AKCP USA. Simply assign an IP address and connect to the embedded web server. A cross-site scripting vulnerability exists in versions prior to SP480-20210624 of the AKCP sensorProbe Embedded Web Server...
CVE-2018-15182
PHP Scripts Mall Car Rental Script 2.0.8 has XSS via the FirstName and LastName fields...
CVE-2018-14541
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...
CVE-2018-14541
PHP Scripts Mall Basic B2B Script 2.0.0 has Reflected and Stored XSS via the First name, Last name, Address 1, City, State, and Company name fields...
FreePBX 13.0.188 - Remote Command Execution (Metasploit)
FreePBX 13.0.188 - Remote Command Execution Metasploit Title : Freepbx =begin Freepbx 13.x are vulnerable to Remote command execution due to the insuffecient sanitization of the user input fields language,destination and also due to the lack of good authentication checking Technical details...
Format string
Multiple format string vulnerabilities in Battlefront Dropteam 1.3.3 and earlier allow remote attackers to execute arbitrary code via format string specifiers in the 1 username, 2 password, and 3 nickname fields in a "0x01" packet...
CVE-2005-4507
Multiple cross-site scripting XSS vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields...
CVE-2005-4507
Multiple cross-site scripting XSS vulnerabilities in Nexus Concepts Dev Hound 2.24 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple unspecified user input fields...
[Full-disclosure] XAMPP
------------------------------------------------------------ - EXPL-A-2005-006 exploitlabs.com Advisory 034 - ------------------------------------------------------------ - XAMPP - OVERVIEW ======== XAMPP is an easy to install Apache distribution containing MySQL, PHP and Perl. XAMPP is really ve...
Liferay Cross Site Scripting Flaw
Advisory Name: Liferay Cross Site Scripting flaw Release Date: 05/22/2004 Application: Liferay www.liferay.com Author: Sandeep Giri Vendor Status: Notified 4 months ago Overview: Taken from http://www.liferay.com/products/index.jsp Liferay Enterprise Portal was designed to: Provide organizations...
ISC guestbook script injection vulnerability.
This advisory can be found at www.blacktigerz.org Date: 08.04.2003 Subject: ISC guestbook script injection vulnerability. Description: Free, easy to use asp powered guestbook. Main fetures are: web-based administration, bad word filtering. Vendor: http://www.isc-online.at Download:...
Sakki's guestbook V.1.01 script injection vulnerability.
This advisory can be found at www.blacktigerz.org. Description: Easy to manage and configure asp powered guestbook. Works with MS Access database or without it. Vendor: http://www.sakki.net Vulnerability: gb.asp neglects filtering user input allowing for script injection to the guestbook via "nam...
CVE-2002-0732
Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as 1 user name or 2 comments...