Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) anzahl_beitraege parameter to jgs_portal.php, 2) year parameter to (jgs_portal_statistik.php, 3) year parameter to...
Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules before using the paths in the PYTHONPATH variable, which allows local users to execute arbitrary code via a malicious module in /tmp/. Date published...
booby.php in Booby 1.0.0 and earlier allows remote attackers to view private bookmarks by guessing item IDs. Date published : 2005-05-17 http://www.securityfocus.com/bid/13623 http://sourceforge.net/project/shownotes.php?release_id=326826
Unknown vulnerability in Attachment Mod before 2.3.13, related to a "serious issue with realnames," has unknown impact and attack vectors. Date published : 2005-05-17 http://sourceforge.net/project/shownotes.php?release_id=326408 http://secunia.com/advisories/15327
SQL injection vulnerability in member.php for Photopost PHP Pro allows remote attackers to execute arbitrary SQL commands via the verifykey parameter. Date published : 2005-05-17 http://www.securityfocus.com/bid/13620 http://seclists.org/lists/fulldisclosure/2005/May/0311.html
apage.cgi in WebAPP 0.9.9.2.1, and possibly earlier versions, allows remote attackers to execute arbitrary commands via shell metacharacters in the f parameter. Date published : 2005-05-17 http://www.securityfocus.com/bid/13637 http://www.securityfocus.com/archive/1/449517/100/200/threaded
Unknown vulnerability in Viewglob before 2.0.1, related to "a potential security issue with the Viewglob display and ssh X forwarding," has unknown impact. Date published : 2005-05-17 http://sourceforge.net/project/shownotes.php?release_id=325574 http://www.osvdb.org/16170
Multiple buffer overflows in handlers.c for Pico Server (pServ) before 3.3 may allow attackers to execute arbitrary code. Date published : 2005-05-17 http://www.securityfocus.com/bid/13648 http://sourceforge.net/project/shownotes.php?release_id=327708
The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by...
The (1) stopserver.sh and (2) startserver.sh scripts in Adobe Version Cue on Mac OS X uses the current working directory to find and execute the productname.sh script, which allows local users to execute arbitrary...
Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space,...
The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allows local users to execute arbitrary commands by opening the AClient tray icon and using the View Log File option, a different vulnerability...
Cross-site scripting (XSS) vulnerability in productsByCategory.asp in MetaCart e-Shop allows remote attackers to inject arbitrary web script or HTML via the strCatalog_NAME parameter. Date published : 2005-05-16 http://marc.info/?l=bugtraq&m=111627073203176&w=2 http://echo.or.id/adv/adv13-theday-2005.txt
Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php. Date published...