Multiple "javascript vulerabilities in BB code" in BirdBlog before 1.3.1 allow remote attackers to inject arbitrary Javascript. Date published : 2005-05-16 http://sourceforge.net/project/shownotes.php?release_id=324788 http://secunia.com/advisories/15206
Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (rpc.nisd disabled and NIS+ unavailable) via unknown vectors. Date published : 2005-05-16 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57780-1 http://www.vupen.com/english/advisories/2005/0492
The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows local users to disable password protection and access the administrative interface by finding and showing the "Altiris Client Service" hidden window, disabling the password protection,...
Pico Server (pServ) 3.2 and earlier allows local users to read arbitrary files as the pServ user via a symlink to a file outside of the web document root. Date published : 2005-05-16 http://marc.info/?l=full-disclosure&m=111625623909003&w=2...
Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain the source code for CGI scripts via "dirname/../cgi-bin" in a URL. Date published : 2005-05-16 http://www.securityfocus.com/bid/13638 http://sourceforge.net/project/shownotes.php?release_id=327708
Pico Server (pServ) 3.2 and earlier allows remote attackers to execute arbitrary commands via a URL with multiple leading "/" (slash) characters and ".." sequences. Date published : 2005-05-16 http://www.securityfocus.com/bid/13642 http://sourceforge.net/project/shownotes.php?release_id=327708
Buffer overflow in Apple iTunes before 4.8 allows remote attackers to execute arbitrary code via a crafted MPEG4 file. Date published : 2005-05-16 http://lists.apple.com/archives/security-announce/2005/May/msg00003.html http://www.securityfocus.com/bid/13565
The bbencode_second_pass and make_clickable functions in bbcode.php for phpBB before 2.0.15, as used in viewtopic.php, privmsg.php, and other scripts, allow remote attackers to execute arbitrary script via a BBcode tag with a (1) javascript:,...
** DISPUTED ** SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart...
Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter. Date published : 2005-05-14 http://www.securityfocus.com/bid/13599 http://opensolution.org/forum/?p=readTopic&nr=948
Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to...
Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to...
Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action. Date published : 2005-05-14 http://www.securityfocus.com/bid/13602 http://lostmon.blogspot.com/2005/05/quickforum-topic-field-xss-and-page.html
1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php. Date published : 2005-05-14...