Cross-site scripting (XSS) vulnerability in the administration panel in bBlog 0.7.2 allows remote authenticated users with superuser privileges to inject arbitrary web script or HTML via a blog name ($blogname). NOTE: if administrators are...
SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta allows remote attackers to execute arbitrary SQL commands via the restrict parameter to (1) member.php, (2) misc.php, or (3) today.php. Date published : 2005-05-10 http://www.securityfocus.com/bid/9983...
Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allow remote attackers to inject arbitrary web script or HTML via (1) the u2uheader parameter in editprofile.php, the...
Multiple cross-site scripting (XSS) vulnerabilities in Extreme Messageboard (XMB) 1.8 SP3 and 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) xmbuser parameter to xmb.php, (2) folder parameter...
Invision NetSupport School Pro uses a weak encryption algorithm to encrypt passwords, which allows local users to obtain passwords. Date published : 2005-05-10 http://www.securityfocus.com/bid/9981 http://marc.info/?l=bugtraq&m=108032304932321&w=2
Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 and R55 allows remote authenticated users to cause a denial of service (server disconnect) and possibly execute arbitrary code via a large...
Directory traversal vulnerability in Trend Micro Interscan Web Viruswall in InterScan VirusWall 3.5x allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Date published : 2005-05-10 http://www.securityfocus.com/bid/9966 http://marc.info/?l=bugtraq&m=108014604529316&w=2
HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of service (crash) via a malformed request, possibly due to a stricmp() error from an invalid use of the "$" character. Date published...
Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7.5.2546 allows remote authenticated attackers to read arbitrary files via a .. (dot dot) in the setinclude parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/9972 http://marc.info/?l=bugtraq&m=108016019623003&w=2
devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when no password is set, allows remote attackers to upload arbitrary files to the printer directory. Date published : 2005-05-10 http://www.securityfocus.com/bid/9971 http://marc.info/?l=bugtraq&m=108016019623003&w=2
Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack. Date published : 2005-05-10 http://www.securityfocus.com/bid/9960...
Buffer overflow in the logging function in Picophone 1.63 and earlier allows remote attackers to execute arbitrary code via a large packet. Date published : 2005-05-10 http://www.securityfocus.com/bid/9969 http://marc.info/?l=bugtraq&m=108016032220647&w=2
Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable. Date published : 2005-05-10 http://www.securityfocus.com/bid/9918 http://marc.info/?l=bugtraq&m=108016076221855&w=2
DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transmits the Blowfish encryption key in plaintext, which allows remote attackers to gain sensitive information. Date published : 2005-05-10 http://www.securityfocus.com/bid/9959 http://marc.info/?l=bugtraq&m=108016344224973&w=2