Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view arbitrary files via an HTTP request for the disk_c virtual folder. Date published : 2005-02-26 http://www.securityfocus.com/bid/11034 http://marc.info/?l=bugtraq&m=109341398102863&w=2
Directory traversal vulnerability in WebAPP 0.9.9 allows remote attackers to view arbitrary files via a .. (dot dot) in the viewcat parameter. Date published : 2005-02-26 http://www.securityfocus.com/bid/11028 http://marc.info/?l=bugtraq&m=109336268002879&w=2
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cause a denial of service (crash) by calling LOAD with a binary file as an argument, then calling SHOWLIST. Date published : 2005-02-26 http://www.securityfocus.com/bid/11006...
Music daemon (musicd) 0.0.3 and earlier allows remote attackers to read arbitrary files by calling LOAD with a full pathname, then calling SHOWLIST. Date published : 2005-02-26 http://www.securityfocus.com/bid/11006 http://marc.info/?l=bugtraq&m=109329098806595&w=2
Bird Chat 1.61 allows remote attackers to cause a denial of service (crash) via invalid users. Date published : 2005-02-26 http://www.securityfocus.com/bid/11010 http://marc.info/?l=bugtraq&m=109327938924287&w=2
Cross-site scripting (XSS) vulnerability in page.php in JShop allows remote attackers to inject arbitrary web script or HTML via the xPage parameter. Date published : 2005-02-26 http://marc.info/?l=bugtraq&m=109327547026265&w=2 http://indohack.sourceforge.net/drponidi/jshop-vuln.txt
SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password parameters. Date published : 2005-02-26 http://www.securityfocus.com/bid/10960 http://marc.info/?l=bugtraq&m=109272483621038&w=2
Cacti 0.8.5a allows remote attackers to gain sensitive information via an HTTP request to (1) auth.php, (2) auth_login.php, (3) auth_changepassword.php, and possibly other php files, which reveal the installation path in a PHP error...
Cross-site scripting (XSS) vulnerability in the create list option in Sympa 4.1.x and earlier allows remote authenticated users to inject arbitrary web script or HTML via the description field. Date published : 2005-02-26 http://www.securityfocus.com/bid/10992...
PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remote attackers to execute arbitrary PHP code by modifying the (1) t_core_path parameter to bug_api.php or (2) t_core_dir parameter to relationship_api.php to reference a URL...
Directory traversal vulnerability in MyDMS 1.4.2 and other versions allows remote registered users to read arbitrary files via .. (dot dot) sequences in the URL. Date published : 2005-02-26 http://www.securityfocus.com/bid/10996 http://marc.info/?l=bugtraq&m=109314495007280&w=2
SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4.2 allows remote attackers to execute arbitrary SQL commands via the folderid parameter. Date published : 2005-02-26 http://www.securityfocus.com/bid/10996 http://marc.info/?l=bugtraq&m=109314495007280&w=2
signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. Date published : 2005-02-26 http://www.securityfocus.com/bid/10995 http://marc.info/?l=bugtraq&m=109312225727345&w=2
Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows remote attackers to inject arbitrary web script or HTML via (1) the return parameter to login_page.php, (2) e-mail field in signup.php, (3) action parameter to login_select_proj_page.php,...