Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID...
Directory traversal vulnerability in admin/templates_boxes_layout.php in osCommerce 3.0a3 allows remote attackers to include and execute arbitrary PHP files via a .. (dot dot) in the filter parameter. NOTE: this issue can be leveraged to...
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp,...
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. Date published :...
The Chatroom Module before 4.7.x.-1.0 for Drupal displays private messages in a chatroom’s last messages overview, which allows remote attackers to obtain sensitive information by reading the overview. Date published : 2006-12-13 http://drupal.org/node/102614http://secunia.com/advisories/23343
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors’ session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. Date published : 2006-12-13 http://drupal.org/node/102614http://secunia.com/advisories/23343
PHP remote file inclusion vulnerability in guest.php in Gizzar 03162002 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the basePath parameter. NOTE: the provenance of this information is...
SQL injection vulnerability in vdateUsr.asp in EzHRS HR Assist 1.05 and earlier allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: The provenance of this information is unknown; the details...
Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. NOTE: some...
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.