SQL injection vulnerability in index.php in Invision Power Board 1.3.1 Final and earlier allows remote attackers to execute arbitrary SQL commands via the st parameter. Date published : 2005-04-12 http://www.securityfocus.com/bid/13097 http://www.securityfocus.com/archive/1/395515
Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page." Date published : 2005-04-12 http://sourceforge.net/project/shownotes.php?release_id=318346 http://securitytracker.com/id?1013659
Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags. Date published : 2005-04-12 http://www.securityfocus.com/bid/13041 http://sourceforge.net/project/shownotes.php?release_id=318346
Vulnerability in Access_user Class before 1.75 allows local users to gain access as other users via the password "new". Date published : 2005-04-12 http://freshmeat.net/projects/access_user/?branch_id=53852&release_id=192770 http://www.osvdb.org/15348
Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack. Date published : 2005-04-12 http://msgs.securepoint.com/cgi-bin/get/bugtraq0504/126.html http://www.osvdb.org/15456
tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory. Date published : 2005-04-12 http://www.securityfocus.com/bid/13072 http://lists.suse.com/archive/suse-security-announce/2005-Apr/0002.html
The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 changes the ownership of files that a symlink points to rather than the symlink itself, which allows local users to obtain access to arbitrary...
Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets. Date published : 2005-04-12 http://www.securityfocus.com/bid/13067...
Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html. Date published : 2005-04-12 http://www.securityfocus.com/bid/13051 http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-04/0148.html
Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote...
Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." Date published : 2005-04-12 http://www.cisco.com/warp/public/707/cisco-sa-20050406-xauth.shtml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5852
Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service. Date published : 2005-04-12 http://www.securityfocus.com/bid/13029 http://www.securityfocus.com/advisories/8372
TowerBlog 0.6 and earlier stores the login data file under the web root, which allows remote attackers to obtain the MD5 checksums of the username and password via a direct request to the _dat/login...
PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server...