phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message. Date...
Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter. Date published : 2005-02-17 http://marc.info/?l=bugtraq&m=110851122614995&w=2
Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory. Date published :...
Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers...
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. Date published : 2005-02-17...
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with...
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter. Date published...
Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters...
The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not properly handle control characters, which allows remote attackers to obtain the source code for CGI and FastCGI scripts via a URL with a %00...
Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject arbitrary HTML or web script via Unicode representations for ASCII fullwidth characters that are converted...
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.