| OSVDB ID | Disclosure Date | Title |
|---|
|
18492
Description:
FlexPHPNews contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'usercheck.php' script not properly sanitizing user-supplied input to the 'username' and 'password' fields. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-07-24
|
FlexPHPNews usercheck.php Admin Login Multiple Field SQL Injection
|
|
18295
Description:
phpBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'admin' variable upon submission to the 'guestbook.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-22
|
phpBook guestbook.php admin Parameter XSS
|
|
18142
Description:
PHPSiteSearch contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-21
|
PHPSiteSearch search.php query Parameter XSS
|
|
18143
Description:
Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'css' variable upon submission to the send.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-21
|
Ultimate PHP Board (UPB) send.php css Parameter XSS
|
|
18144
Description:
Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'css' variable upon submission to the users.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-21
|
Ultimate PHP Board (UPB) users.php css Parameter XSS
|
|
18145
Description:
Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'css' variable upon submission to the top.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-21
|
Ultimate PHP Board (UPB) top.php css Parameter XSS
|
|
18146
Description:
Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'css' variable upon submission to the main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-21
|
Ultimate PHP Board (UPB) main.php css Parameter XSS
|
|
18147
Description:
Ultimate PHP Board (UPB) Gold contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'title' variable upon submission to the header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-21
|
Ultimate PHP Board (UPB) header.php title Parameter XSS
|
|
18227
Description:
Asn Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'version' variable upon submission to the 'header.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-20
|
Asn Guestbook header.php version Parameter XSS
|
|
18228
Description:
Asn Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'version' variable upon submission to the 'footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-20
|
Asn Guestbook footer.php version Parameter XSS
|
|
18080
Description:
CuteNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'archive' variable in the 'show_news.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2005-07-19
|
CuteNews show_news.php archive Variable Path Disclosure
|
|
18081
Description:
CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'lastusername' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-19
|
CuteNews index.php lastusername Parameter XSS
|
|
18082
Description:
CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'selected_search_arch' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-19
|
CuteNews search.php selected_search_arch Parameter XSS
|
|
18155
Description:
Website Generator contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a dierct request to the spaw_control.class.php script, which will disclose the installation path resulting in a loss of confidentiality.
|
2005-07-18
|
Website Generator spaw_control.class.php Direct Request Path Disclosure
|
|
18156
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'img_url' variable upon submission to the img_popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator img_popup.php img_url Parameter XSS
|
|
18157
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the colorpicker.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator colorpicker.php theme Parameter XSS
|
|
18158
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the table.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator table.php theme Parameter XSS
|
|
18159
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the td.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator td.php theme Parameter XSS
|
|
18160
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the confirm.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator confirm.php theme Parameter XSS
|
|
18161
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the a.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator a.php theme Parameter XSS
|
|
18162
Description:
Website Generator contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'theme' variable upon submission to the banner_library.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Website Generator banner_library.php theme Parameter XSS
|
|
18163
Description:
Unknown / Incomplete
|
2005-07-18
|
Website Generator img_library.php Image Upload Preview Arbitrary PHP Code Execution
|
|
18164
Description:
Form Sender contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'failed' variables upon submission to the 'processform.php3' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
Form Sender processform.php3 Multiple Parameter XSS
|
|
18065
Description:
PHPPageProtect contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
PHPPageProtect admin.php username Parameter XSS
|
|
18066
Description:
PHPPageProtect contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-18
|
PHPPageProtect login.php username Parameter XSS
|
|
18149
Description:
Mambo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "cur_template" variable upon submission to the "com_content" component. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-07-13
|
Mambo com_contents Component cur_template Parameter XSS
|
|
17129
Description:
602LAN SUITE contains a flaw that may allow remote manipulation of log data. The issue is triggered when a remote user submits an HTTP GET request for the string "</pre><!--". From that point, subsequent log entries will not be displayed when the administrator views the log file until the string " --><pre>" is encountered. This log manipulation can be used by a remote attacker to obfuscate records of other attack attempts, and will result in loss of log integrity for the service. Administrators can still see the log entries by viewing the HTML source of the logs.
|
2005-06-06
|
602LAN SUITE Log File Processing HTML Tag Obfuscation
|
