H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such as username and password in plaintext in world-readable log files, which allows local users to gain privileges. Date published : 2005-05-16 http://www.securityfocus.com/bid/13559 http://www.psoft.net/misc/hsphere_winbox_security_update_passwd.html
Cross-site scripting (XSS) vulnerability in the guestbook for SiteStudio 1.6 allows remote attackers to inject arbitrary web script or HTML via the name field to (1) psoft.guestbook.GuestBookServ in Standalone Site Studio or (2) E-Guest_sign.pl...
PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code....
NiteEnterprises Remote File Manager 1.0 allows remote attackers to cause a denial of service (crash) via a crafted string to TCP port 7080. Date published : 2005-05-16 http://www.securityfocus.com/bid/13550 http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0129.html
SQL injection vulnerability in login.asp for Net56 Browser Based File Manager 1.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field. Date published : 2005-05-16 http://www.securityfocus.com/bid/13547 http://archives.neohapsis.com/archives/fulldisclosure/2005-05/0134.html
MRO Maximo Self Service 4 and 5 stores certain information under the web document root using file extensions that are not processed by Tomcat, which allows remote attackers to obtain sensitive information via a...
A "mathematical flaw" in the implementation of the El Gamal signature algorithm for LibTomCrypt 1.0 to 1.0.2 allows attackers to generate valid signatures without having the private key. Date published : 2005-05-16 http://www.securityfocus.com/bid/13473 http://www.securityfocus.org/archive/1/397649
Cross-site scripting (XSS) vulnerability in Kryloff Technologies Subject Search Server (SSServer) 1.1 allows remote attackers to inject arbitrary web script or HTML via the "Search For" field. Date published : 2005-05-16 http://www.securityfocus.com/bid/13574 http://securitytracker.com/id?1013938
SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via a crafted cookie password hash (pass_hash) that modifies the internal $pid variable. Date published...
Cross-site scripting (XSS) vulnerability in (1) search.php and (2) topics.php for Invision Power Board (IPB) 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlite parameter. Date published...
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter....
CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request. Date published : 2005-05-16 http://www.securityfocus.com/bid/13560 http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html
SQL injection vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2005-05-16 http://www.securityfocus.com/bid/13560 http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html
Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ShoppingCart 1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2005-05-16 http://www.securityfocus.com/bid/13560 http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html