Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent’s frame page title. Date published : 2005-04-27 http://cvs.horde.org/diff.php/kronolith/docs/CHANGES?r1=1.69.2.39&r2=1.69.2.41&ty=h http://lists.horde.org/archives/kronolith/Week-of-Mon-20050418/005347.html
Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent’s frame page title. Date published : 2005-04-27 http://cvs.horde.org/diff.php/passwd/docs/CHANGES?r1=1.1.1.1.2.28&r2=1.1.1.1.2.33&ty=h http://lists.horde.org/archives/sork/Week-of-Mon-20050418/002147.html
PHP remote file inclusion vulnerability in Yappa-NG before 2.3.2 allows remote attackers to execute arbitrary PHP code via unknown vectors. Date published : 2005-04-27 http://www.securityfocus.com/bid/13371 http://sourceforge.net/project/shownotes.php?release_id=323206
Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Date published : 2005-04-27 http://www.securityfocus.com/bid/13372 http://sourceforge.net/project/shownotes.php?release_id=323206
SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. Date published : 2005-04-27 http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683 http://www.osvdb.org/15756
Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text. Date published : 2005-04-27 http://sourceforge.net/tracker/index.php?func=detail&aid=1188735&group_id=81992&atid=564683 http://www.osvdb.org/15754
SqWebMail allows remote attackers to inject arbitrary web script or HTML via CRLF sequences in the redirect parameter followed by the desired script or HTML. Date published : 2005-04-27 http://www.securityfocus.com/bid/13374 http://secunia.com/advisories/15119
Stack-based buffer overflow in the client for Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and Citrix MetaFrame Presentation Server client for WinCE before 8.33 allows remote attackers to execute arbitrary code via...
Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and MetaFrame Presentation Server client for WinCE before 8.33 allows remote servers to create arbitrary shortcuts on the client via a full UNC path in...
The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111445410220152&w=2
The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111445477910178&w=2
The citat.pl script allows remote attackers to read arbitrary files via a full pathname in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111445477910178&w=2
SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field. Date published : 2005-04-26 http://www.securityfocus.com/bid/13355 http://marc.info/?l=bugtraq&m=111444886429814&w=2
nProtect:Netizen 2005.3.17.1 does not properly verify that the update module is downloaded from an authorized site, which allows remote malicious web sites to write arbitrary files. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111444390329376&w=2 http://jvn.jp/jp/JVN%23AF02FB4B/index.html