02.05.06 Cross-Site Scripting Vulnerability in DirectAdmin 1.x  Input passed to the "domain" parameter in "HTM_PASSWD" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.  Original source |
02.05.06 SQL Injection in PHP Pro Publish 2.x 1. Input passed to the "email" and "password" parameters in admin/login.php, to the "find_str" parameter in search.php, and to the "catid" parameter in cat.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
02.05.06 Cross-Site Scripting Vulnerability in CPS 3.x Input passed to the "pos" parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
02.05.06 Cross-Site Scripting Vulnerabilities in OrbitHYIP Input passed to the "referral" parameter in signup.php and to the "id" parameter in members.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
02.05.06 SQL Injection in MaxTrade 1.x Input passed to the "categori" parameter is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
02.05.06 Cross-Site Scripting Vulnerability in SunShop Shopping Cart Input passed to the "action", "id", "prevaction","previd","prevstart", and "itemid" parameters in index.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
02.05.06 Multiple Vulnerabilities in Leadhound 1. Input passed to the "banner" and "offset" parameters in agent_links.pl, to the "offset" parameter in agent_transactions.pl, agent_subaffiliates.pl and agent_summary.pl, to the "camp_id" parameter in agent_subaffiliates.pl and agent_camp_det.pl, and to the "agent_id" parameter in agent_commission_statement.pl isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
02.05.06 SQL Injection in MyBB formerly MyBulletinBoard 1.x Input passed to the "querystring" parameter in admin/adminfunctions.php and to the "setid", "expand", "title", and "sid2" parameters in admin/templates.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
02.05.06 Script Insertion Vulnerability in francl.de Gästebuch 1.x Input passed to the "Kommentar" form field parameter in guestbook_newentry.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when malicious entry is viewed. Original source |
02.05.06 Cross-Site Scripting Vulnerabilities in Kamgaing Email System Input passed to the "id" and "ordner" parameters in main.php, the "draft" parameter in compose.php, the "ordner" parameter in webdisk.php, and to the "m" and "y" parameters in calendar.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browsers session in context of an affected site. Original source |
02.05.06 Cross-Site Scripting Vulnerability in DevBB Input passed to the "member" parameter in "member.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
02.05.06 Cross-Site Scripting Vulnerability in Jax Guestbook 3.x Input passed to the "page" parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
11.04.06 Cross-Site Scripting Vulnerability in Groupmax World Wide Web Input passed to unspecified parameters isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. - Groupmax World Wide Web Desktop Version 5 and 6 - Groupmax World Wide Web Desktop for Jichitai - Groupmax World Wide Web for Scheduler Version 2 and 3 - Groupmax World Wide Web Desktop for Scheduler Version 5 Original source |
11.04.06 SQL Injection in Oxygen Input passed to the "fid" parameter in "post.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
11.04.06 Multiple Vulnerabilities in QLnews 1.x 1. Input passed to the "autorx" and "newsx" parameters is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is viewed. Tresc: [XSS] Original source |
11.04.06 SQL Injection in qliteNews Input passed to the "username" parameter in "loginprocess.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Username: ' or 1/* Password: any Original source |
11.04.06 Multiple Vulnerabilities in RedCMS 0.x 1. Input passed to the "Email", "Location", and "Website" fields in register.php isn't sanitised before being stored in the member's profile. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website when a malicious user profile is viewed. Original source |
11.04.06 Cross-Site Scripting Vulnerability in Esqlanelapse 2.x Input passed to unspecified parameters isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
11.04.06 Cross-Site Scripting Vulnerabilities in Mantis Input passed to the "start_day", "start_year", and "start_month" parameters in "view_all_set.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
04.04.06 Cross-Site Scripting Vulnerabilities in SiteSearch Indexer 3.x Input passed to the "searchField" parameter is not properly sanitised before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site. Original source |
04.04.06 Multiple Vulnerabilities in Claroline 1.x 1. Input passed to the "file" parameter in "rqmkhtml.php" isn't properly sanitised before being used to view files. This can be exploited to disclose the content of arbitrary files via directory traversal attacks. Original source |
04.04.06 SQL Injection in X-Changer 0.x Input passed to the "from", "into", and "id" parameters in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 Multiple Vulnerabilities in Fabien Gauharou Explorer XP 1. Input passed to the "chemin" parameter in "dir.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://server/dir.php?chemin=../../../ http://server/dir.php?chemin=[XSS] Original source |
04.04.06 Multiple Vulnerabilities in VBook 2.x 1. Input passed to the "autor", "email", "www", "temat", and "tresc" parameters is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when malicious content is viewed. Original source |
04.04.06 SQL Injection in EzASPSite 2.x Input passed to the "scheme" parameter in default.asp isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 Multiple Vulnerabilities in VNews 1.x 1. Input passed to the "loginvar" parameter in "admin/admin.php", the "news" parameter in "news.php", and the "nom" parameter in "news.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 SQL Injection in phpNewsManager 1.x User input passed to parameters in various scripts is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. gallery.php, groups.php, news.php, newspic.php newspix.php, partners.php, pictures.php, pnews.php poll.php, smileys.php, stories.php, user.php weather.php Original source |
04.04.06 SQL Injection in NetOffice 2.x Input passed to the "User Name" field in "/general/sendpassword.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 SQL Injection in PHPCollab 2.x Input passed to the "User Name" field in "/general/sendpassword.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 SQL Injection in Tilde CMS Input passed to the "id" parameter in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 SQL Injection in OneOrZero Helpdesk 1.x Input passed to the "id" parameter in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
04.04.06 Cross-Site Scripting Vulnerability in Arab Portal 2.x Input passed to the "title" parameter in online.php and download.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
04.04.06 Multiple Vulnerabilities in PHP Script Index 1. Input passed to the "search" parameter in "search.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
04.04.06 Cross-Site Scripting Vulnerability in PHP Classifieds 6.x Input passed to the "searchword" parameter in "search.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
04.04.06 Multiple Vulnerabilities in Cholod Mysql based message board 1. Input passed to the "Name", "Subject", and "Message" parameters in "mb.cgi" when posting a message isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. Original source |
29.03.06 SQL Injection in vCounter 1.x Input passed to the "url" parameter using "_SERVER['REQUEST_URI']" in "vCounter.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.03.06 SQL Injection in Null news Input passed to the "user_username" parameter in "sub.php" and "unsub.php", and to the "user_email" parameter in "lostpass.php", "sub.php", and "unsub.php" is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.03.06 Cross-Site Scripting Vulnerabilities in CONTROLzx HMS 3.x Input passed to the "dedicatedPlanID" parameter in "dedicated_order.php", the "sharedPlanID" parameter in "shared_order.php", the "plan_id" parameter in "customers/server_management.php", and the "customerEmailAddress" parameter in "customers/forgotpass.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 Cross-Site Scripting Vulnerability in ActiveCampaign SupportTrio 2.x Input passed to the "terms" parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 Cross-Site Scripting Vulnerability in couponZONE 4.x Input passed to the "srchfor" and "srchby" parameters in "local.cfm" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 Cross-Site Scripting Vulnerability in realestateZONE 4.x Input passed to the "bamin", "bemin", "pmin", and "state" parameters in "index.cfm" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 Cross-Site Scripting Vulnerability in classifiedZONE 1.x Input passed to the "rtn" parameter in "accountlogon.cfm" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 SQL Injection in Pixel Motion Blog 1.x Input passed to the "user" and "pass" parameters in "/admin/index.php", and to the "date" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.03.06 Multiple Vulnerabilities in VSNS Lemon 3.x 1. Input passed to the "name" parameter when adding a comment is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site when the malicious data is viewed. Original source |
29.03.06 Cross-Site Scripting Vulnerability in phpCOIN 1.x Input passed to the "fs" parameter in "mod.php" and "mod_print.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 Cross-Site Scripting Vulnerability in phpmyfamily 1.x Input passed to the "name" parameter in "track.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 SQL Injection in Mambo AkoComment Module Input passed to the "acname" and "contentid" parameters when posting a comment isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.03.06 SQL Injection in Nuked-Klan 1.x Input passed to the "m" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.03.06 Source Code Disclosure Vulnerability in Blazix Web Server The vulnerability is caused due to a validation error of the filename extension supplied by the user in the URL. This can be exploited to retrieve the source code of JSP files from the server via specially crafted requests containing dot, space, and slash characters. Original source |
29.03.06 Cross-Site Scripting Vulnerability in Web Quiz Pro 1.x Input passed to the "exam" parameter in "prequiz.asp" and to the "msg" parameter in "student.asp" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 Cross-Site Scripting Vulnerability in G-Book 1.x Input passed to the "g_message" parameter in guestbook.php isn't sanitised before being stored as a guestbook entry. This can be exploited to execute arbitrary HTML and script code in the administrator user's and the user's browser session in context of an affected website when a malicious guestbook entry is viewed. Original source |
29.03.06 SQL Injection in PHP Ticket 0.x Input passed to the "frm_search_in" parameter in "search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.03.06 Local File Disclosure Vulnerability in Vihor Design 1.x Input passed to the "page" parameter isn't properly verified, before it is used to display files. This can be exploited to display arbitrary files from local resources via directory traversal attacks. Original source |
29.03.06 Cross-Site Scripting Vulnerability in Toast Forums 1.x Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.03.06 File Inclusion Vulnerability in WEBalbum 2.x Input passed to the "skin2" cookie parameter isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. |
29.03.06 Cross-Site Scripting Vulnerability in ssCMS 2.x Input passed to the "keywords" parameter in the search functionality is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
24.03.06 File Inclusion Vulnerability in vBulletin ImpEx Module Input passed to the "systempath" parameter in ImpExData.php isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. Original source |
24.03.06 SQL Injection in AdMan 1.x Input passed to the "transactions_offset" parameter in "viewStatement.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. &start_date_date_day=01&start_date_date_year=2008&start_date _time_hour=12&start_date_time_min=00&start_date_time_amPm=AM &end_date_date_month=&end_date_date_day=&end_date_date_year= &end_date_time_hour=&end_date_time_min=&end_date_time_amPm=& _submit=&transactions_offset=[SQL_injection] Original source |
24.03.06 Cross-Site Scripting Vulnerability in PHP Live! 3.x Input passed to the "base_url" parameter in "js/status_image.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
24.03.06 Cross-Site Scripting Vulnerability in IBM Tivoli Business Systems Manager 3.x Input passed to the "skin" parameter in "apwc_win_main.jsp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 Cross-Site Scripting Vulnerability in TOPo 2.x Input passed to the "gTopNombre" parameter in "code/inc_header.php" is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 Multiple Vulnerabilities in N8cms 1.x 1. Input passed to the "dir" and "page_id" parameters in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
07.03.06 Script Insertion Vulnerability in StoreBot 2002 Standard Edition Input passed to the "ShipMethod" parameter in "manage.asp" isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. ShipBase1=0.00&ShipUnit2=1&ShipUnit1=0.00&ShipPrice2=0.00&ShipPrice1=0.00&B1=Add Original source |
07.03.06 SQL Injection in sendcard Some unspecified input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
07.03.06 Cross-Site Scripting Vulnerabilities in WordPress Input passed to the "Name" and "Website" parameters in wp-comments-post.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 Cross-Site Scripting Vulnerability in bttlxeForum 2.x Input passed to the "err_txt" parameter in "failure.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 Cross-Site Scripting Vulnerability in PunBB 1.x Input passed to the path name in "header.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 SQL Injection in StoreBot 2005 Professional Edition Input passed to the "Pwd" parameter in "MgrLogin.asp" during login isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
07.03.06 Cross-Site Scripting Vulnerability in Thomson SpeedTouch 500 Series Input passed to the "name" parameter in the LocalNetwork page isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 Cross-Site Scripting Vulnerabilities in CGI Calendar 2.x Input passed to the "year" parameter is not properly sanitised by "index.cgi" and "viewday.cgi" before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 SQL Injection in d3jeeb Pro 3.x Input passed to the "catid" parameter in "fastlinks.php" and "catogary.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
07.03.06 SQL Injection in EKINboard 1.x Input passed to the "$_COOKIE['username']" and "$_COOKIE['password']" variables in config.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code e.g. making it possible to bypass the user authentication. Original source |
07.03.06 Cross-Site Scripting Vulnerability in Parodia 6.x Input passed to the "AG_ID" parameter in "agencyprofile.asp" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 Cross-Site Scripting Vulnerability in MyPHPNuke Input passed to the "letter" parameter in reviews.php and "dcategory" parameter in download.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
07.03.06 SQL Injection in Pentacle In-Out Board 6.x Input passed to the "username" and "userpassword" parameters in login.asp and to the "newsid" parameter in newsdetails.asp isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
07.03.06 SQL Injection in PwsPHP 1.x Input passed to the "id" parameter in the "sondage" module is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
07.03.06 Script Insertion Vulnerability in ArGoSoft Mail Server 1.8.x Input passed in various e-mail headers e.g. "subject" and "from" is not properly sanitised before being displayed by the "View Headers" functionality. This can be exploited to insert arbitrary HTML and script code, which is executed in a user's browser session in context of a vulnerable site when viewing the headers of a malicious e-mail. Original source |
07.03.06 Script Insertion Vulnerability in Calcium 3.x Input passed to the "EventText" parameter when adding a new event isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious event is viewed. Original source |
07.03.06 Script Insertion Vulnerability in iCal 3.x Input passed to the "Calendar Text" field when adding a new event isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. Original source |
07.03.06 SQL Injection in Oi Email Marketing System 3.x Input passed to the "myname" parameters in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
28.02.06 Script Insertion Vulnerability in DEV web management system 1.x Input passed to the "City/Region" field when registering for an account isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in an administrator's browser session in context of an affected site when the malicious user data is viewed. Original source |
28.02.06 Cross-Site Scripting Vulnerability in Runcms 1.x Input passed to the "lid" parameter in "ratefile.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
27.02.06 Script Insertion Vulnerability in Easy Forum 2.x Input passed to the image URL when registering isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. Original source |
27.02.06 Multiple Vulnerabilities in VistaPortal Standard Edition 2.x 1. Some unspecified input validation errors can be exploited to disclose the content of arbitrary files via directory directory traversal attacks by requesting specially crafted URLs. Original source |
27.02.06 Referer Header Script Insertion Vulnerability in E-Blah Platinum 9.x Input passed to the "Referer" HTTP header in "Blah.pl" isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in an administrator's browser session in context of an affected site when the malicious user data is viewed when opening "Click Log". Host: [server name] Referer: [XSS] Original source |
27.02.06 Multiple Vulnerabilities in Skate Board 0.x 1. Input passed to the "usern", "passwd", and "sf_cookie" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
26.02.06 Cross-Site Scripting Vulnerabilities in CPG Dragonfly CMS 9.x Some input isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
26.02.06 SQL Injection in Web Calendar Pro 4.x Input passed to the "tabls" parameter in dropbase.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
26.02.06 Cross-Site Scripting Vulnerabilities in SquirrelMail 1. Input passed to the "right_main" parameter in "webmail.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
26.02.06 Multiple Vulnerabilities in Geeklog 1.x 1. Input passed in cookies to users.php and lib-sessions.php isn't properly sanitised before being used in a SQL query. This can be exploited by manipulate SQL queries by injecting arbitrary SQL code. Original source |
26.02.06 Cross-Site Scripting Vulnerability in CuteNews Input passed to the "show" parameter in "show_news.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
26.02.06 SQL Injection in PHP-Nuke Input passed to the "user_id" parameter in the "Your_Home" functionality of the "Your_Account" module isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be further exploited with vulnerability #1 to inject arbitrary HTML and script code into arbitrary user's personal menu. Original source |
26.02.06 Cross-Site Scripting Vulnerability in CPG Dragonfly CMS Some unspecified input passed in "linking.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
26.02.06 Cross-Site Scripting Vulnerabilities in PHP-Fusion Input passed to the "shout_name" field in "shoutbox_panel.php" and certain fields in "comments_include.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
26.02.06 Multiple Vulnerabilities in PostNuke 1. Input passed to the "htmltext" parameter in user.php and to the "language" parameter in the NS-Languages module isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. http://server/user.php?op=edituser&htmltext=[XSS] http://server/admin.php?module=NS-Languages&op=missing&language=[XSS] Original source |
27.01.06 SQL Injection in AndoNET Blog Input passed to the "entrada" parameter in comentarios.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.01.06 Cross-Site Scripting Vulnerabilities in MyBB Input passed to the "sortby" and "sortordr" parameters in "search.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
27.01.06 SQL Injection in NewsPHP Input passed to the "discuss", "tim", "id", "last", and "limit" parameters in index.php isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.01.06 Script Insertion Vulnerabilities in CheesyBlog 1.x Input passed to various fields when posting a comment isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious comment is viewed. Original source |
27.01.06 Referer Script Insertion Vulnerability in ExpressionEngine Input passed to the "referer" HTTP header isn't properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in an administrator's or user's browser session in context of an affected site when the malicious user data is viewed via the referer statistics. Host: host Referer: http://[XSS]/ Original source |
27.01.06 SQL Injection in Phpclanwebsite Input passed to the "par" and "poll_id" parameters in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.01.06 SQL Injection in miniBloggie Input passed to the "user" parameter in "login.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.01.06 Script Insertion Vulnerability in MyBB The vulnerability is caused due to the application allowing users to perform certain actions via HTTP POST requests without performing any validity checks to verify the user's request. This can e.g. be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed. Original source |
27.01.06 SQL Injection in e-moBLOG Input passed to the "monthy" parameter in index.php and the "login" parameter in admin/index.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.01.06 Cross-Site Scripting Vulnerability in AZ Bulletin Board Input passed to the "topic" and "nickname" parameters in post.php isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
27.01.06 SQL Injection in Zoph Some unspecified input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.01.06 SQL Injection in WebspotBlogging Input passed to the "username" parameter in "login.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
30.12.05 SQL Injection in PHP Support Tickets Input passed to the username and password fields when logging in and the "ID" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
30.12.05 Cross-Site Scripting Vulnerability in Absolute Image Gallery Input passed to the "text" parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
30.12.05 Multiple Vulnerabilities in toendaCMS 1. Input passed to the "id" parameter in "index.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
30.12.05 Cross-Site Scripting Vulnerability in Alkacon OpenCms Input passed to the user name field in the login page isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected site. Original source |
30.12.05 Cross-Site Scripting Vulnerability in PDEstore PDEstore contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module parameter and "product" "cart_id" parameters in "pdestore.cgi" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. |
30.12.05 Cross-Site Scripting Vulnerability in The CITY Shop The CITY Shop contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to search module parameters isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Original source |
30.12.05 Cross-Site Scripting Vulnerability in StaticStore StaticStore contains a flaw that allows a remote cross site scripting attack. This flaw exists because input passed to parameter in "search.cgi" isn't properly sanitised before being returned to the user. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. Original source |
30.12.05 Cross-Site Scripting Vulnerability in Zaygo HostingCart Input passed to the "root" parameter in "zaygo.cgi" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
30.12.05 Cross-Site Scripting Vulnerability in Zaygo DomainCart Input passed to the "root" parameter in "zaygo.cgi" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 SQL Injection in PlexCart X3 Input passed to some parameters e.g. "s_itemname", "s_orderby" in "plexcart.pl" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
29.12.05 Cross-Site Scripting Vulnerability in PPCal Shopping Cart Input passed to the "user" and "stop" parameters in "ppcal.cgi" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Cross-Site Scripting Vulnerability in ECTOOLS Onlineshop Input passed to the "product", "category", and "uid" parameters in "cart.cgi" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Cross-Site Scripting Vulnerability in ECW-Cart Input passed to the "kword", "max", "min", "comp", and "f" parameters when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Cross-Site Scripting Vulnerability in CommerceSQL Shopping Cart Input passed to the "keywords" parameter in the Quick Find feature isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Cross-Site Scripting Vulnerability in ClickCartPro Input passed to the "affl" parameter in "cp-app.cgi" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Multiple Vulnerabilities in mcGalleryPRO 1. Input passed to the "language" parameter in "index.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from local resources. Original source |
29.12.05 Multiple Vulnerabilities in VCD-db 1. Input passed to the "batch" parameter in "index.php" and the "title" parameter when performing a detailed search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Cross-Site Scripting Vulnerability in Link Up Gold Input passed to the "link" parameter in "tell_friend.php" and to the "phrase[0]" parameter in "search.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
29.12.05 Multiple Vulnerabilities in phpCOIN 1. Input passed to the "_CCFG[_PKG_PATH_DBSE]" parameter in "config.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. Original source |
29.12.05 Cross-Site Scripting Vulnerability in WHMCompleteSolution Input passed to the "search" parameter in "knowledgebase.php" when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
27.12.05 Multiple Vulnerabilities in Snipe Gallery 1. Input passed to the "gallery_id" parameter in "view.php" and the "image_id" parameter in "image.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.12.05 SQL Injection in EncapsGallery Input passed to the "id" parameter in "gallery.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.12.05 Cross-Site Scripting Vulnerability in PHP JackKnife Gallery System Input passed to the "sKeywords" parameter in "DisplayResults.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. iSearchID=292&sKeywords=[XSS] Original source |
27.12.05 SQL Injection in PhpWebGallery Input passed to the "sort_by" and "items_number" parameter in "comments.php" and the "image_id" parameter in "picture.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.12.05 Cross-Site Scripting Vulnerability in Mantis Input passed to the "target_field" parameter in "view_filters_page.php" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. _field=[XSS] Original source |
27.12.05 Cross-Site Scripting Vulnerability in WikkaWiki Input passed to the "phrase" parameter in the text search feature isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. |
27.12.05 SQL Injection in Dream Poll Input passed to the "id" parameter in "view_Results.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
27.12.05 SQL Injection in Jamit Job Board Input passed to the "cat" parameter in "index.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
22.12.05 Cross-Site Scripting Vulnerability in MySQL Auction Input passed to the "keyword" parameter when performing a search isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
22.12.05 SQL Injection in myBloggie Some input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
22.12.05 SQL Injection in e107 Some input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
22.12.05 Cross-Site Scripting Vulnerability in EveryAuction Input passed to the "searchstring" parameter isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |
22.12.05 SQL Injection in phpWebThings Some input isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Original source |
22.12.05 Cross-Site Scripting Vulnerability in Apache mod_imap Input passed to the image map "Referer" directive in "mod_imap" isn't properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Original source |