Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID...
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to...
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp,...
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. Date published :...
SQL injection vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2006-12-13 http://drupal.org/node/102605 http://secunia.com/advisories/23295
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom’s last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. Date published : 2006-12-13 http://drupal.org/node/102614 http://secunia.com/advisories/23343
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors’ session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. Date published : 2006-12-13 http://drupal.org/node/102614 http://secunia.com/advisories/23343
PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is...
PHP remote file inclusion vulnerability in index.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. Date published : 2006-12-13 http://www.securityfocus.com/bid/21524 http://www.securityfocus.com/archive/1/466032/100/0/threaded
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information is unknown; the details...
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the Uname (UserName) parameter. Date published : 2006-12-13 https://www.exploit-db.com/exploits/2909 http://secunia.com/advisories/23304
Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. Date published : 2006-12-13 http://www.securityfocus.com/bid/21497 http://www.securityfocus.com/archive/1/453888/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some...
SQL injection vulnerability in lire-avis.php in Messageriescripthp 2.0 allows remote attackers to execute arbitrary SQL commands via the aa parameter. Date published : 2006-12-13 http://www.securityfocus.com/bid/21513 http://www.securityfocus.com/archive/1/453965/100/0/threaded