Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters. Date published : 2006-04-13 http://www.securityfocus.com/bid/17519 http://www.securityfocus.com/archive/1/431029/100/0/threaded
Hosting Controller 6.1 stores forum/db/forum.mdb under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as user name and password credentials. NOTE: the provenance of this...
Multiple SQL injection vulnerabilities in index.php in blur6ex 0.3.452 allows remote attackers to execute arbitrary SQL commands via the ID parameter in a (1) g_reply or (2) g_permaPost action to the blog shard (engine/shards/blog.php),...
Directory traversal vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to include arbitrary files via the shard parameter. NOTE: this issue can be exploited to produce resultant XSS when the parameter has XSS...
Cross-site scripting vulnerability in index.php in blur6ex 0.3.452 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter, which is not sanitized in the error message. NOTE: the vector in...
Multiple cross-site scripting (XSS) vulnerabilities in JetPhoto allow remote attackers to inject arbitrary web script or HTML via the page parameter in (1) Classic.view/thumbnail.php, (2) Classic.view/gallery.php, (3) Classic.view/detail.php, or (4) Orange.view/detail.php; or (5) the...
Cross-site scripting (XSS) vulnerability in allgemein_transfer.php in SWSoft Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the jahr parameter. Date published : 2006-04-12 http://www.securityfocus.com/bid/17466 http://www.securityfocus.com/archive/1/430596/100/0/threaded
SQL injection vulnerability in index.php in Vegadns 0.99 allows remote attackers to execute arbitrary SQL commands via the cid parameter. Date published : 2006-04-12 http://www.securityfocus.com/bid/17433 http://www.securityfocus.com/archive/1/430474/100/0/threaded
Cross-site scripting (XSS) vulnerability in index.php in Vegadns 0.99 allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2006-04-12 http://www.securityfocus.com/bid/17433 http://www.securityfocus.com/archive/1/430474/100/0/threaded
MD News 1 allows remote attackers to bypass authentication via a direct request to a script in the Administration Area. Date published : 2006-04-12 http://www.securityfocus.com/bid/17394 http://www.securityfocus.com/archive/1/431429/100/0/threaded
SQL injection vulnerability in admin.php in MD News 1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-04-12 http://www.securityfocus.com/bid/17394 http://www.securityfocus.com/archive/1/431429/100/0/threaded
SQL injection vulnerability in index.php in SWSoft Confixx 3.0.6, 3.0.8, and 3.1.2 allows remote attackers to execute arbitrary SQL commands via the SID parameter. Date published : 2006-04-12 http://www.securityfocus.com/bid/17476 http://www.securityfocus.com/archive/1/430671/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in the backend in MvBlog before 1.6 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) body fields in a comment. Date...
Multiple SQL injection vulnerabilities in MvBlog before 1.6 allow remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2006-04-12 http://www.securityfocus.com/bid/17481 http://dev.mvblog.org/cgi-bin/trac.cgi/ticket/54