SQL injection vulnerability in ZPanel 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) uname parameter to index.php or (2) page parameter to zpanel.php. Date published : 2005-03-20 http://www.securityfocus.com/bid/12809 http://marc.info/?l=bugtraq&m=111090324111053&w=2
Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew 2.0.4-pr1, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the refresh parameter. Date published : 2005-03-20 http://www.securityfocus.com/bid/12803 http://marc.info/?l=bugtraq&m=111083286926490&w=2
phpAdsNew 2.0.4 allows remote attackers to obtain sensitive information via a direct request to (1) lib-xmlrpcs.inc.php, (2) maintenance-activation.php, (3) maintenance-cleantables.php, (4) maintenance-autotargeting.php, (5) maintenance-reports.php, (6) phpads.php, (7) remotehtmlview.php, (8) click.php, (9) adcontent.php, which reveal...
Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a magnet request. Date published : 2005-03-20 http://marc.info/?l=bugtraq&m=111082448213238&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml
LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary files by specifying the full pathname in a Gnutella GET request. Date published : 2005-03-20 http://marc.info/?l=bugtraq&m=111082448213238&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-37.xml
Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords. Date published : 2005-03-20 http://www.securityfocus.com/bid/12791 http://marc.info/?l=bugtraq&m=111082537009842&w=2
SQL injection vulnerability in gb_new.inc in SimpGB allows remote attackers to execute arbitrary SQL commands via the quote parameter to guestbook.php. Date published : 2005-03-20 http://www.securityfocus.com/bid/12801 http://marc.info/?l=bugtraq&m=111082702422979&w=2
Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Date published : 2005-03-20 http://www.securityfocus.com/bid/12756 http://marc.info/?l=bugtraq&m=111083400601759&w=2
Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user’s...
Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. Date published : 2005-03-20 http://www.securityfocus.com/bid/12800 http://marc.info/?l=bugtraq&m=111083279031544&w=2
Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php. Date published :...
SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php. Date published : 2005-03-20 http://www.securityfocus.com/bid/12788 http://marc.info/?l=bugtraq&m=111065796525043&w=2
paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) auth.php, (2) login.php, (3) category.php, (4) file.php, (5) team.php, (6) license.php, (7) custom.php, (8) admins.php, or (9)...
PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a (backslash) in the username. Date published : 2005-03-20 http://www.securityfocus.com/bid/12790 http://marc.info/?l=bugtraq&m=111066232415249&w=2