Multiple cross-site scripting (XSS) vulnerabilities in Bitweaver 1.1 and 1.1.1 beta allow remote attackers to inject arbitrary web script or HTML via the (1) sort_mode parameter to (a) fisheye/list_galleries.php, (b) messages/message_box.php, and (c) users/my.php;...
SQL injection vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to execute arbitrary SQL commands via the SiteNodeID parameter. Date published : 2005-12-19 http://www.securityfocus.com/bid/15961 http://pridels0.blogspot.com/2005/12/baseline-cms-vuln.html
Cross-site scripting (XSS) vulnerability in Page.asp in Baseline CMS 1.95 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) PageID and (2) SiteNodeID parameters. Date published : 2005-12-19...
Directory traversal vulnerability in Amaxus 3 and earlier allows remote attackers to access arbitrary files via ".." sequences in the change parameter. Date published : 2005-12-19 http://pridels0.blogspot.com/2005/12/amaxus-vuln.html https://exchange.xforce.ibmcloud.com/vulnerabilities/40002
Cross-site scripting (XSS) vulnerability in Amaxus 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the change parameter. NOTE: it is possible that this is resultant from CVE-2005-4376. Date...
Multiple cross-site scripting (XSS) vulnerabilities in Allinta 2.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to faq.asp and (2) searchQuery parameter to search.asp. Date...
Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to obtain the full path of the application via an invalid mode parameter to community.html, which leaks the path in an error message. Date...
Cross-site scripting (XSS) vulnerability in account.html in Adaptive Website Framework (AWF) 2.10 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2005-12-19 http://www.securityfocus.com/bid/15937 http://www.awf-cms.org/news.html
Acidcat 2.1.13 and earlier stores the database under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a request to databases/acidcat.mdb. Date published : 2005-12-19 http://www.securityfocus.com/bid/15933 http://www.securityfocus.com/archive/1/419905/100/0/threaded
SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp. Date published : 2005-12-19 http://www.securityfocus.com/bid/15933 http://www.securityfocus.com/archive/1/419905/100/0/threaded
Cross-site scripting (XSS) vulnerability in Acuity CMS 2.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly strSearchKeywords to browse.asp. Date published : 2005-12-19 http://www.securityfocus.com/bid/15934 http://pridels0.blogspot.com/2005/12/acuity-cms-26x-asp-xss-vuln.html
roundcube webmail Alpha, with a default high verbose level ($rcmail_config[‘debug_level’] = 1), allows remote attackers to obtain the full path of the application via an invalid_task parameter, which leaks the path in an error...
Cross-site scripting (XSS) vulnerability in register_domain.php in DRZES HMS 3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the "Domain Availability" field. NOTE: this issue was later...
Multiple SQL injection vulnerabilities in DRZES HMS 3.2 allow remote attackers to execute arbitrary SQL commands via the (1) plan_id parameter to (a) domains.php, (b) viewusage.php, (c) pop_accounts.php, (d) databases.php, (e) ftp_users.php, (f) crons.php,...