ADP Forum 2.0 through 2.0.3 stores sensitive information in plaintext files under the web document root with insufficient access control, which allows remote attackers to obtain user credentials via r...

Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers....

Cross-site scripting (XSS) vulnerability in index.php in Plogger Beta 2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter.

Cross-site scripting (XSS) vulnerability in search.php in Snipe Gallery 3.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter.

Multiple cross-site scripting (XSS) vulnerabilities in Horde Turba H3 2.0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the address book and (2) contact data.

Cross-site scripting (XSS) vulnerability in the category page in VCD-db 0.98 and earlier allows remote attackers to inject arbitrary web script or HTML via the batch parameter.

Cross-site scripting (XSS) vulnerability in Search/DisplayResults.php in PHP JackKnife 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via URL-encoded values in the sKe...

Cross-site scripting (XSS) vulnerability in view_filters_page.php in Mantis 1.0.0rc3 and earlier allows remote attackers to inject arbitrary web script or HTML via the target_field parameter.

Cross-site scripting (XSS) vulnerability in MySQL Auction 3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search module parameters, possibly the keyword ...

Cross-site scripting (XSS) vulnerability in search.php in CKGOLD allows remote attackers to inject arbitrary web script or HTML via the search parameters.

Cross-site scripting (XSS) vulnerability in knowledgebase.php in WHMCompleteSolution 2.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameters.

Cross-site scripting (XSS) vulnerability in Link Up Gold 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) link parameter to tell_friend.php, (2) phrase[] paramete...

Cross-site scripting (XSS) vulnerability in auction.pl in EveryAuction 1.53 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. NOTE: the provena...

Multiple cross-site scripting (XSS) vulnerabilities in guestbook.cgi in Lars Ellingsen Guestserver 4.13 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified messag...

setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting...

phpCOIN 1.2.2 allows remote attackers to obtain the installation path via a direct request to config.php, which leaks the path in an error message because the _CCFG['_PKG_PATH_DBSE'] variable is not d...

Directory traversal vulnerability in coin_includes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." (dot dot) sequences in the $_CCFG[_PKG_PATH_DBSE] variable.

Opera before 8.51, when running on Windows with Input Method Editor (IME) installed, allows remote attackers to cause a denial of service (persistent application crash) by bookmarking a site with a lo...

WorldClient webmail in Alt-N MDaemon 8.1.3 allows remote attackers to prevent arbitrary users from accessing their inboxes via script tags in the Subject header of an e-mail message, which prevents th...

Directory traversal vulnerability in Flatnuke 2.5.6 allows remote attackers to access arbitrary files via a .. (dot dot) and null byte (%00) in the id parameter of the read module.

Cross-site scripting (XSS) vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter.

Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original resea...

Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "..." (triple dot), and (3) "..//" sequences in the URL, (4...

Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via ".../" (triple dot) sequences in unspecified vectors.