Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name. Date published : 2005-02-10 http://www.securityfocus.com/bid/12352 http://marc.info/?l=bugtraq&m=110661194108205&w=2
Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6)...
MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message....
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation. Date published : 2005-02-10 http://www.securityfocus.com/bid/12304 http://marc.info/?l=bugtraq&m=110627350616949&w=2
Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter. Date published :...
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header. Date published : 2005-02-10 http://marc.info/?l=bugtraq&m=110636597832556&w=2 http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program. Date published : 2005-02-10 http://marc.info/?l=bugtraq&m=110636597832556&w=2 http://www.comersus.org/forum/displayMessage.asp?mid=32753
Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter. Date published : 2005-02-10 http://www.securityfocus.com/bid/12319 http://marc.info/?l=bugtraq&m=110627201120011&w=2
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php. Date...
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information. Date published...
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges. Date published : 2005-02-10 http://marc.info/?l=bugtraq&m=110606477308492&w=2
** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the...
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges. Date published : 2005-02-10 http://www.securityfocus.com/bid/12280 http://marc.info/?l=bugtraq&m=110608422029555&w=2