Monthly Archive: April 2005

Cross-site scripting (XSS) vulnerability in the inserter.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111444807013846&w=2

The inserter.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111444807013846&w=2

The inserter.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111444807013846&w=2

Cross-site scripting (XSS) vulnerability in the include.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111445189816161&w=2

include.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111445189816161&w=2

include.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111445189816161&w=2

The affix_sock_register in the Affix Bluetooth Protocol Stack for Linux might allow local users to gain privileges via a socket call with a negative protocol value, which is used as an array index. Date...

Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter. Date...

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp...

Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) addToCart.asp or (2) productDetails.asp, the (3) priceFrom, (4) idCategory, or (5) priceTo...

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3)...

index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111428818425864&w=2 http://securitytracker.com/id?1013780

inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie. Date published : 2005-04-26 http://marc.info/?l=bugtraq&m=111428190921388&w=2 http://www.osvdb.org/15787

Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to member.asp, (2) forum parameter to forum.asp, or (3) various parameters in register.asp....