SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow. Date published : 2005-05-27 http://www.securityfocus.com/bid/9519 http://marc.info/?l=bugtraq&m=107530924723559&w=2
Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows remote attackers to execute arbitrary script as other users via the query string to ISAPISkeleton.dll. Date published : 2005-05-27 http://www.securityfocus.com/bid/9516 http://marc.info/?l=bugtraq&m=107531020924977&w=2
Directory traversal vulnerability in Web Blog 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file variable. Date published : 2005-05-27 http://www.securityfocus.com/bid/9517 http://marc.info/?l=bugtraq&m=107531194527602&w=2
The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure permissions for .INI files such as (1) blackice.ini, (2) firewall.ini, (3) protect.ini, or (4) sigs.ini, which allows local users to modify BlackICE configuration...
Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other versions before 3.6.ccb, with application protection off, allows local users to gain system privileges by modifying the .INI file to contain a long...
The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412....
Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E-Commerce ASP Engine allow remote attackers to inject arbitrary web script or HTML via the (1) level parameter of productdetail.asp, (2) searchKey parameter of searchresults.asp, and possibly...
Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra Forum allows remote attackers to inject arbitrary web script or HTML via the (1) use_last_read or (2) forum parameters. Date published : 2005-05-27 http://marc.info/?l=bugtraq&m=107497803617071&w=2 http://www.securitytracker.com/id?1008839
Multiple directory traversal vulnerabilities in Borland Web Server (BWS) 1.0b3 and earlier allow remote attackers to read and download arbitrary files via (1) multi-dot "……" sequences, or (2) "%5c%2e%2e" (encoded "..") sequences, in the...
Reptile Web Server allows remote attackers to cause a denial of service (CPU consumption) via multiple incomplete GET requests without the HTTP version. Date published : 2005-05-27 http://www.securityfocus.com/bid/9482 http://marc.info/?l=bugtraq&m=107497355713434&w=2
Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows remote attackers to inject arbitrary web script or HTML via the URL. Date published : 2005-05-27 http://www.securityfocus.com/bid/9485 http://marc.info/?l=bugtraq&m=107496530806730&w=2
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via a GET request with a long filename, possibly due to a buffer overflow. Date published : 2005-05-27 http://www.securityfocus.com/bid/9485 http://marc.info/?l=bugtraq&m=107496530806730&w=2
Tiny Server 1.1 allows remote attackers to cause a denial of service (crash) via malformed HTTP requests such as (1) a GET request without the HTTP version (HTTP/1.1), or (2) a request without GET...
Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL. Date published : 2005-05-27 http://www.securityfocus.com/bid/9485 http://marc.info/?l=bugtraq&m=107496530806730&w=2