Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter. Date published : 2006-06-22 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.securityfocus.com/bid/18700
Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path[cb] parameter to (a) libraries/comment/postComment.php and (b) modules/poll/poll.php, (2) rel parameter...
Multiple PHP remote file inclusion vulnerabilities in Content*Builder 0.7.5 allow remote attackers to execute arbitrary PHP code via a URL with a trailing slash (/) character in the (1) lang_path parameter to (a) cms/plugins/col_man/column.inc.php,...
CRLF injection vulnerability in CS-Forum before 0.82 allows remote attackers to inject arbitrary email headers via a newline character in the email parameter to ajouter.php. Date published : 2006-06-22 http://www.comscripts.com/scripts/php.cs-forum.643.html http://www.acid-root.new.fr/advisories/csforum081.txt
CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message. Date published...
Multiple cross-site scripting (XSS) vulnerabilities in CS-Forum 0.81 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) msg_result and (2) rep_titre parameters in (a) read.php; and the (3)...
SQL injection vulnerability in CS-Forum before 0.82 allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) debut parameters in (a) read.php, and the (3) search and (4) debut parameters...
Free Realty before 2.9 allows remote attackers to obtain the full path and other sensitive information via unspecified manipulations that produce an error message. Date published : 2006-06-22 http://pridels0.blogspot.com/2006/06/free-realty-vuln.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27254
Cross-site scripting (XSS) vulnerability in propview.php in Free Realty 2.9-0.6 and earlier allows remote attackers to execute arbitrary web script or HTML via the sort parameter. Date published : 2006-06-22 http://pridels0.blogspot.com/2006/06/free-realty-vuln.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27253
SQL injection vulnerability in propview.php in Free Realty 2.9-0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the sort parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18531 http://pridels0.blogspot.com/2006/06/free-realty-vuln.html
SQL injection vulnerability in category.php in TPL Design tplShop 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the first_row parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18524 http://pridels0.blogspot.com/2006/06/tplshop-v-20-vuln.html
Multiple SQL injection vulnerabilities in galeria.php in IMGallery 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) start or (2) sort parameters. Date published : 2006-06-22 http://www.securityfocus.com/bid/18566 http://pridels0.blogspot.com/2006/06/imgallery-vuln.html
PHP remote file inclusion vulnerability in include/inc_foot.php in SmartSiteCMS 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18628 https://www.exploit-db.com/exploits/1936
SQL injection vulnerability in misc.php in SaphpLesson 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the action parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18501 http://www.securityfocus.com/archive/1/437659/100/0/threaded