93 matches found
CVE-2009-3252
Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the 1 year and 2 id parameters...
CVE-2009-1809
Multiple cross-site scripting XSS vulnerabilities in myColex 1.4.2 allow remote attackers to inject arbitrary web script or HTML via 1 the year parameter to modules/kalender.php, 2 the Page parameter in a List action to modules/ereignis.php, 3 the Kontext parameter in a Search action to...
CVE-2009-0337
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
Sql injection
SQL injection vulnerability in index.asp in Katy Whitton BlogIt! allows remote attackers to execute arbitrary SQL commands via the 1 month and 2 year parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information...
CVE-2008-3921
Multiple cross-site scripting XSS vulnerabilities in AWStats Totals 1.0 through 1.14 allow remote attackers to inject arbitrary web script or HTML via the 1 month and 2 year parameter...
CVE-2008-3348
Cross-site scripting XSS vulnerability in staticpages/easycalendar/index.php in MyioSoft EasyDynamicPages 3.0 trial edition tr allows remote attackers to inject arbitrary web script or HTML via the year parameter...
CVE-2007-3650
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via 1 an invalid year parameter to calendar.php, reached through index.php; 2 a direct request to common.php; and 3 a mode array parameter in the query string to login.php, which reveal the installation path in vario...
CVE-2008-1906
Cross-site scripting XSS vulnerability in calendar.php in cpCommerce 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the year parameter in a view.year action...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to 1 xml/index.php; or 2 the year parameter to view.page.inc.php, which is reachable through a view action to the top-level...
Sql injection
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to 1 view.page.inc.php, which is reachable through a view action to index.php; or 2 the year parameter to news.page.inc.php, which is reachabl...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in LetterGrade allow remote attackers to inject arbitrary web script or HTML via 1 a student's email address, 2 the year parameter to genbrws/Student/calmonth.php3, and other unspecified vectors related to the calendar. NOTE: the provenance of thi...
CVE-2007-3182
Multiple cross-site scripting XSS vulnerabilities in Calendarix 0.7.20070307, when registerglobals is enabled, allow remote attackers to inject arbitrary web script or HTML via the 1 year and 2 month parameters to calendar.php, and the 3 leftfooter parameter to calfooter.inc.php. NOTE: the ycyear...
Cross site scripting
Cross-site scripting XSS vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter...
CVE-2007-3064
Cross-site scripting XSS vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter...
CVE-2007-3003
Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 catid or 2 year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225...
CVE-2007-1894
Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...
DEBIAN-CVE-2007-1894
Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...
CVE-2007-1894
Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...
CVE-2007-1894
Cross-site scripting XSS vulnerability in wp-includes/general-template.php in WordPress before 20070309 allows remote attackers to inject arbitrary web script or HTML via the year parameter in the wptitle function...
CVE-2006-4224
Cross-site scripting XSS vulnerability in calendar.php in Virtual War VWar 1.5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the year parameter. NOTE: The page parameter vector is covered by CVE-2006-4009...