Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) postdays parameter to viewtopic.php or (2) topicdays parameter to viewforum.php. Date published...
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack. Date published : 2005-05-10 http://www.securityfocus.com/bid/9850 http://marc.info/?l=bugtraq&m=107910934926062&w=2
Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to inject arbitrary web script or HTML via the URL. Date published : 2005-05-10 http://www.securityfocus.com/bid/9856 http://marc.info/?l=bugtraq&m=107911090901744&w=2
SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remote attackers to execute SQL commands via the (1) category_id, (2) product_id, or (3) feature_id parameters. Date published : 2005-05-10 http://www.securityfocus.com/bid/9854 http://marc.info/?l=bugtraq&m=107911090901744&w=2
Format string vulnerability in games using the Epic Games Unreal Engine 436 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in class names....
wMCam server 2.1.348 allows remote attackers to cause a denial of service (no new connections) via multiple malformed HTTP requests without the GET command. Date published : 2005-05-10 http://www.securityfocus.com/bid/9839 http://marc.info/?l=bugtraq&m=107894337524376&w=2
Chat Anywhere 2.72 and earlier allows remote attackers to hide their IP address by using %00 before the nickname, which causes the IP address to be displayed as $IP$ on the administration web page....
Directory traversal vulnerability in PWebServer 0.3.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Date published : 2005-05-10 http://www.securityfocus.com/bid/9817 http://marc.info/?l=bugtraq&m=107876388211413&w=2
Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier versions allows remote attackers to gain access via a crafted URL and a certain cookie. Date published : 2005-05-10 http://www.securityfocus.com/bid/9380 http://www.sysbotz.com/press/sdupdate402.htm
PF in certain OpenBSD versions, when stateful filtering is enabled, does not limit packets for a session to the original interface, which allows remote attackers to bypass intended packet filters via spoofed packets to...
RealOne player 6.0.11.868 allows remote attackers to execute arbitrary script in the "My Computer" zone via a Synchronized Multimedia Integration Language (SMIL) presentation with a "file:javascript:" URL, which is executed in the security context...
Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/9359 http://www.freznoshop.com/changelog_en.htm
PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier allows remote attackers to execute arbitrary PHP code via the (1) config[header] parameter to hotnews-engine.inc.php3 or (2) config[incdir] parameter to hnmain.inc.php3. Date published :...
Info Touch Surfnet kiosk allows local users to access the underlying filesystem via a ‘; URI. Date published : 2005-05-10 http://www.securityfocus.com/bid/9346