Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages. Date published : 2005-03-31 http://www.debian.org/security/2005/dsa-700 http://secunia.com/advisories/14777
Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb. Date published : 2005-03-30 http://marc.info/?l=bugtraq&m=111214393101387&w=2 http://www.persianhacker.net/news/news-2945.html
Some futex functions in futex.c for Linux kernel 2.6.x perform get_user calls while holding the mmap_sem semaphore, which could allow local users to cause a deadlock condition in do_page_fault by triggering get_user faults while...
Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2005-03-29 http://www.securityfocus.com/bid/12904 http://marc.info/?l=bugtraq&m=111221890614271&w=2
Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php. Date published : 2005-03-29...
Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors. Date published : 2005-03-29 http://wackowiki.com/WackoDownload/InEnglish#h4828-4 http://secunia.com/advisories/14720
Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter. Date published : 2005-03-29 http://www.securityfocus.com/bid/12917 SOC 2 Price: A Guide to Costs, Factors,...
Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or...
PHP remote file inclusion vulnerability in The Includer 1.0 and 1.1 allows remote attackers to execute arbitrary PHP code. Date published : 2005-03-29 http://www.securityfocus.com/bid/12926
Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php. Date...
SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters...
Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or .. sequences. Date published : 2005-03-29 http://sourceforge.net/project/shownotes.php?release_id=316038 http://www.web-app.org/cgi-bin/index.cgi?action=viewnews&id=195
Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names. Date published : 2005-03-29 http://sylpheed.good-day.net/changelog.html.en