Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier allow remote attackers to conduct unauthorized activities. Date published : 2002-08-31 http://online.securityfocus.com/archive/1/284229 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
Multiple cross-site scripting vulnerabilities in ezContents 1.41 and earlier allow remote attackers to execute script and steal cookies via the diary and other capabilities. Date published : 2002-08-31 http://online.securityfocus.com/archive/1/284229 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
The VerifyLogin function in ezContents 1.41 and earlier does not properly halt program execution if a user fails to log in properly, which allows remote attackers to modify and view restricted information via HTTP...
Directory traversal vulnerabilities in ezContents 1.41 and earlier allow remote attackers to cause ezContents to (1) create directories using the Maintain Images:Add New:Create Subdirectory item, or (2) list directories using the Maintain Images file...
The Image Upload capability for ezContents 1.40 and earlier allows remote attackers to cause ezContents to perform operations on local files as if they were uploaded. Date published : 2002-08-31 http://online.securityfocus.com/archive/1/284229 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0040.html
The Administration console for Abyss Web Server 1.0.3 before Patch 2 allows remote attackers to gain privileges and modify server configuration via direct requests to CHL files such as (1) srvstatus.chl, (2) consport.chl, (3)...
Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters. Date published : 2002-08-31 http://www.securityfocus.com/bid/5345 http://online.securityfocus.com/archive/1/284904
IPSwitch IMail Web Calendaring service (iwebcal) allows remote attackers to cause a denial of service (crash) via an HTTP POST request without a Content-Length field. Date published : 2002-08-31 http://www.securityfocus.com/bid/5365 http://archives.neohapsis.com/archives/bugtraq/2002-07/0399.html
Buffer overflow in Pegasus mail client 4.01 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long (1) To or (2) From headers. Date published...
Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password. Date published : 2002-08-31 http://www.securityfocus.com/bid/5261 http://archives.neohapsis.com/archives/bugtraq/2002-07/0195.html
ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows remote attackers to cause a denial of service via an oversized, fragmented "jolt" style ICMP packet. Date published : 2002-08-31 http://www.securityfocus.com/bid/5292 http://online.securityfocus.com/archive/1/283999
ZyXEL Prestige 642R allows remote attackers to cause a denial of service in the Telnet, FTP, and DHCP services (crash) via a TCP packet with both the SYN and ACK flags set. Date published...
Cross-site scripting vulnerability in PHPWiki Postnuke wiki module allows remote attackers to execute script as other PHPWiki users via the pagename parameter. Date published : 2002-08-31 http://www.securityfocus.com/bid/5254 http://archives.neohapsis.com/archives/bugtraq/2002-07/0190.html
The remote administration capability for the D-Link DI-804 router 4.68 allows remote attackers to bypass authentication and release DHCP addresses or obtain sensitive information via a direct web request to the pages (1) release.htm,...