Directory traversal vulnerability in the file server in ActivePost Standard 3.1 allows remote authenticated users to upload arbitrary files via a .. (dot dot) in the filename. Date published : 2005-02-20 http://www.securityfocus.com/bid/11244 http://marc.info/?l=bugtraq&m=109597139011373&w=2
The file server in ActivePost Standard 3.1 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long filename, possibly triggering a buffer overflow. Date published : 2005-02-20...
Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to cause a denial of service (application crash) via a long (1) SAML, SOML, SEND, or MAIL command to the SMTP server or (2) LIST...
UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.hwp, which allows remote attackers to upload and execute arbitrary code. Date...
Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1.120-cvs and earlier allows remote attackers to execute arbitrary web script as other users via the query parameter. Date published : 2005-02-19 http://www.securityfocus.com/bid/11746 http://marc.info/?l=bugtraq&m=110135663220831&w=2
Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cvs and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the path parameter. Date published : 2005-02-19 http://www.securityfocus.com/bid/11744 http://marc.info/?l=bugtraq&m=110132543805873&w=2
Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows remote attackers to cause a denial of service (server or client crash) via a long (1) query or (2) reply. Date published...
SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share. Date published...
ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versions, with HTTP Remote Administration enabled, does not require a password to access rpFWUpload.html, which allows remote attackers to reset the router configuration...
Halo: Combat Evolved 1.05 and earlier allows remote game servers to cause a denial of service (client crash) via a long value in a game server reply, which triggers a NULL dereference. Date published...
SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2005-02-19 http://www.securityfocus.com/bid/11725 http://marc.info/?l=bugtraq&m=110117116115493&w=2
Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 through 1.6.1 allows remote attackers to execute arbitrary web script via the img parameter. Date published : 2005-02-19 http://www.securityfocus.com/bid/11725 http://marc.info/?l=bugtraq&m=110117116115493&w=2
SQL injection vulnerability in index.php in the ibProArcade module for Invision Power Board (IPB) 1.x and 2.x allows remote attackers to execute arbitrary SQL commands via the cat parameter. Date published : 2005-02-19 http://www.securityfocus.com/bid/11719...
PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote...