SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters. Date published : 2005-03-26 http://www.securityfocus.com/bid/12880 http://birdblog.sourceforge.net/ChangeLog
Cross-site scripting (XSS) vulnerability in articles.newcomment for Interspire ArticleLive 2005 allows remote attackers to inject arbitrary web script or HTML via the Articleld parameter. Date published : 2005-03-26 http://www.securityfocus.com/bid/12879 http://www.securityfocus.com/archive/1/394069
content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message. Date published : 2005-03-26 http://archives.neohapsis.com/archives/bugtraq/2005-03/0405.html https://exchange.xforce.ibmcloud.com/vulnerabilities/19811
PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter. Date published : 2005-03-26 http://www.securityfocus.com/bid/12878...
Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the title field of a PM (private message). Date published : 2005-03-26 http://www.securityfocus.com/bid/12872 http://secunia.com/advisories/14679
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq. Date published : 2005-03-26 http://www.securityfocus.com/bid/12897 http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file. Date published : 2005-03-26 http://www.securityfocus.com/bid/12897 http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response...
Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in...
Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter. Date published :...
Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter. Date published : 2005-03-26 http://marc.info/?l=bugtraq&m=111168190630576&w=2 http://securitytracker.com/id?1013554
calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message. Date...
Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or...
phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in...