Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to inject arbitrary HTML or web script via the feedback parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10821 http://marc.info/?l=bugtraq&m=109105610220965&w=2
SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and earlier allows remote attackers to execute arbitrary SQL via the (1) thread_id, (2) parent_id, or (3) mode parameters. Date published : 2005-05-10 http://www.securityfocus.com/bid/10821 http://marc.info/?l=bugtraq&m=109105610220965&w=2
RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use the show.pl script as an open proxy, or read arbitrary local files, by setting the url parameter to a (1) http://, (2) ftp://,...
ASPRunner 2.4 stores the database under the web root in the db directory, which may allow remote attackers to obtain the database via a direct request to the database filename, which is predictable based...
Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow remote attackers to inject arbitrary web script or HTML via the (1) SearchFor parameter in [TABLE-NAME]_search.asp, (2) SQL parameter in [TABLE-NAME]_edit.asp, (3) SearchFor parameter in [TABLE]_list.asp,...
ASPRunner 2.4 allows remote attackers to gain sensitive information via (1) hidden form fields or (2) error messages. Date published : 2005-05-10 http://www.securityfocus.com/bid/10799 http://marc.info/?l=bugtraq&m=109086977330418&w=2
SQL injection vulnerability in ASPRunner 2.4 allows remote attackers to execute arbitrary SQL statements. Date published : 2005-05-10 http://www.securityfocus.com/bid/10799 http://marc.info/?l=bugtraq&m=109086977330418&w=2
SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows remote attackers to execute arbitrary SQL statements via the itemid parameter. Date published : 2005-05-10 http://marc.info/?l=bugtraq&m=109087144509299&w=2 http://secunia.com/advisories/13136
Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 and 2.0.9 allows remote attackers to inject arbitrary HTMl or web script via the search_author parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10753 http://marc.info/?l=bugtraq&m=109034476122723&w=2
CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote attackers to perform HTTP Response Splitting attacks to modify expected HTML content from the server via (1) the mode parameter to privmsg.php or (2)...
PHP remote file inclusion vulnerability in index.php in EasyIns Stadtportal 4 allows remote attackers to execute arbitrary PHP code via the site parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10795 http://marc.info/?l=bugtraq&m=109069241512694&w=2
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accept any password that begins with the actual password, which makes it easier for users to conduct brute force password guessing. Date published : 2005-05-10...
The Phoenix browser in eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allows local users to read arbitrary files via a file:/// URL. Date published : 2005-05-10 http://www.securityfocus.com/bid/10794 http://marc.info/?l=bugtraq&m=109068491801021&w=2
eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow local users to gain privileges by pressing CTRL-SHIFT-ALT-DEL and entering the "maertsJ" password, which is hard-coded into lshell. Date published : 2005-05-10 http://www.securityfocus.com/bid/10794 http://marc.info/?l=bugtraq&m=109068491801021&w=2