Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php. Date published...
Multiple SQL injection vulnerabilities in QuickPayPro 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) popupid parameter in popups.edit.php; (2) so, (3) sb, and (4) nr parameters in customer.tickets.view.php; (5) subrackingid...
Cross-site scripting (XSS) vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters. Date published : 2005-12-14 http://www.securityfocus.com/bid/15845 http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html
Multiple SQL injection vulnerabilities in mcGallery PRO 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) start, and (3) rand parameters to show.php, and the (4) album...
Directory traversal vulnerability in mcGallery PRO 2.2 and earlier allows remote attackers to read arbitrary files via the language parameter. Date published : 2005-12-14 http://pridels0.blogspot.com/2005/12/mcgallery-pro-vuln.html http://www.osvdb.org/21718
Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15839 http://pridels0.blogspot.com/2005/12/plogger-sqlxss-vuln.html
SQL injection vulnerability in Plogger Beta 2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to index.php and (2) page parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15839 http://masendav.com/~duke/PloggerChanges_files/FileComparisonReport5.html
Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15844 http://pridels0.blogspot.com/2005/12/snipe-gallery-sqlxss-vuln.html
SQL injection vulnerability in Snipe Gallery 3.1.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) gallery_id parameter to view.php and (2) image_id parameter to image.php. Date published : 2005-12-14...
Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data. Date published :...
Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15840 http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html
SQL injection vulnerability in search.php in VCD-db 0.98 and earlier allows remote attackers to execute arbitrary SQL commands via the by parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15840 http://pridels0.blogspot.com/2005/12/vcd-db-vuln.html
Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKeywords parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15841...
Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter. Date published : 2005-12-14 http://www.securityfocus.com/bid/15842 http://www.debian.org/security/2005/dsa-944