WMNews wmcomments.php ArtID Variable XSS
WMNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ArtID' variable upon submission to the wmcomments.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
WMNews footer.php ctrrowcol Variable XSS
WMNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ctrrowcol' variable upon submission to the footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
WMNews wmview.php ArtCat Variable XSS
WMNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ArtCat' variable upon submission to the wmview.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Dwarf HTTP Crafted Request Script Source Disclosure
Dwarf HTTP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a specially crafted request using dot, space, slash and NULL characters which will disclose script source code resulting in a loss of confidentiality.. Read more.
Dwarf HTTP Error Message XSS
Dwarf HTTP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the server via the URL, which is displayed via the error page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
QwikiWiki index.php Multiple Variable XSS
Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'from', or 'help' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
QwikiWiki login.php Multiple Variable XSS
Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'action', 'page', 'debug', 'help', 'username' or 'password' variables upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
QwikiWiki pageindex.php help Variable XSS
Qwikiwiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'help' variables upon submission to the pageindex.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
JiRos Banner System Professional addadmin.asp Unauthenticated Privileged Account Creation
JiRos Banner System Professional contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a failure in the application to properly perform authentication before granting administrator access. By making a direct request to the addadmin.asp script, an unauthenticated user may create a new account and set any privileges (including administrative).. Read more.
