cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbitrary files via a symlink attack on the _private directory, which is created when Front Page extensions are enabled. Date published : 2005-02-20 http://marc.info/?l=bugtraq&m=109811762230326&w=2
cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or...
ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amount of time when a given username exists, which allows remote attackers to identify valid usernames by timing the server response. Date published :...
Directory traversal vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to access arbitrary files and execute local PHP scripts via a .. (dot dot) in the op parameter. Date published : 2005-02-20 http://www.securityfocus.com/bid/11437...
index.php in CoolPHP 1.0-stable allows remote attackers to gain sensitive information via an invalid op parameter, which reveals the path in an error message. Date published : 2005-02-20 http://marc.info/?l=bugtraq&m=109810941419669&w=2 http://securitytracker.com/id?1011748
Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-stable allows remote attackers to execute arbitrary web script or HTML via the (1) query or (2) nick parameters. Date published : 2005-02-20 http://www.securityfocus.com/bid/11437 http://marc.info/?l=bugtraq&m=109810941419669&w=2
Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read arbitrary files via a PDF file that contains an embedded Shockwave (swf) file that references files outside of the temporary directory. Date published...
RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote attackers to cause a denial of service (device reboot and possibly data corruption) via a calendar message with a long Location field, which...
The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remote attackers to gain sensitive information such as passwords and router settings via a direct HTTP request to app_sta.stm. Date published : 2005-02-20 http://www.securityfocus.com/bid/11408...
Buffer overflow in ShixxNote 6.net build 117 allows remote attackers to execute arbitrary code via a long font field. Date published : 2005-02-20 http://www.securityfocus.com/bid/11409 http://marc.info/?l=bugtraq&m=109778648232233&w=2
Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote attackers to execute arbitrary web script via an img src tag. Date published : 2005-02-20 http://www.securityfocus.com/bid/11393 http://marc.info/?l=bugtraq&m=109768460312168&w=2
Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode.uP in SCT Campus Pipeline allows remote attackers to inject arbitrary web script or HTML via the utf parameter. Date published : 2005-02-20 http://www.securityfocus.com/bid/11392 http://marc.info/?l=bugtraq&m=109768337007983&w=2
PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the req_path parameter to reference a URL on a remote web server...
The web interface for Micronet Wireless Broadband Router SP916BM running firmware before 1.9 08/04/2004 resets the password to the default password when the router is shut off, which could allow remote attackers to gain...