CVE-2006-2997
Cross-site scripting (XSS) vulnerability in ZMS 2.9 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the raw parameter in the search field. Date published :...
Monthly Archive: June 2006
CVE-2006-2996
PHP remote file inclusion vulnerability in inc/design.inc.php in LoveCompass aePartner 0.8.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dir[data] parameter. Date published : 2006-06-12 http://www.securityfocus.com/bid/18370 https://www.exploit-db.com/exploits/1896
CVE-2006-2995
Multiple PHP remote file inclusion vulnerabilities in WebprojectDB 0.1.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the INCDIR parameter in (1) include/nav.php and (2) include/lang.php. Date published...
CVE-2006-2994
Multiple cross-site scripting (XSS) vulnerabilities in index.php in phazizGuestbook 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, (3) url fields, and (4) text field (content...
CVE-2006-2993
Multiple SQL injection vulnerabilities in My Photo Scrapbook 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the key parameter in (1) Displayview.asp and (2) Details_Photo_bv.asp. Date published : 2006-06-12 http://www.securityfocus.com/bid/18418...
CVE-2006-2992
Cross-site scripting (XSS) vulnerability in display.asp in My Photo Scrapbook 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the key_m parameter. Date published : 2006-06-12 http://www.securityfocus.com/bid/18418 http://pridels0.blogspot.com/2006/06/my-photo-scrapbook-vuln.html
CVE-2006-2991
Multiple cross-site scripting (XSS) vulnerabilities in Ringlink 3.2 allow remote attackers to inject arbitrary web script or HTML via a JavaScript URI in the SRC attribute of an IMG element, and possibly other manipulations,...
CVE-2006-2990
Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. Date published : 2006-06-12 http://www.securityfocus.com/bid/18368 http://pridels0.blogspot.com/2006/06/vanillasoft-helpdesk-xss-vuln.html
CVE-2006-2989
Cross-site scripting (XSS) vulnerability in listpics.asp in ASP ListPics 4.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the info parameter. Date published : 2006-06-12 http://www.securityfocus.com/bid/18438 http://pridels0.blogspot.com/2006/06/asp-listpics-43-xss-vuln.html
CVE-2006-2988
Cross-site scripting (XSS) vulnerability in dictionary.php in Chemical Dictionary allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a browse action. Date published : 2006-06-12 http://www.securityfocus.com/bid/18337 http://www.securityfocus.com/archive/1/436412/100/0/threaded
CVE-2006-2987
Multiple SQL injection vulnerabilities in Dominios Europa PICRATE (aka TAL RateMyPic) 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) voteid, and (3) vfiel parameters to (a) index.php, and...
CVE-2006-2986
Multiple cross-site scripting (XSS) vulnerabilities in Baby Katie Media (a) very Simple Car Lister (vSCAL) 1.0 and (b) very simple Realty Lister (vsREAL) 1.0 allow remote attackers to inject arbitrary web script or HTML...
CVE-2006-2985
SQL injection vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to execute arbitrary SQL commands via double-encoded "’" characters in the STYLE_URL parameter. Date published : 2006-06-12 http://www.securityfocus.com/archive/1/436457/100/0/threaded http://securityreason.com/securityalert/1085
CVE-2006-2984
Cross-site scripting (XSS) vulnerability in index.php in IntegraMOD 1.4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the STYLE_URL parameter. NOTE: it is possible that this issue is resultant...