Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard. Date published : 2005-05-10 http://www.securityfocus.com/bid/9343 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2004-01/0006.html
Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote authenticated users to execute arbitrary code via a long message parameter in a SendMsg action to action.htm. Date published :...
swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a long packet with two CRLF sequences to the service management port (TCP 8000)....
The web management interface in Edimax AR-6004 ADSL Routers uses a default administrator name and password, which also appear as the default login text for the management interface, which allows remote attackers to gain...
Cross-site scripting (XSS) vulnerability in the web management interface in Edimax AR-6004 ADSL Routers allows remote attackers to inject arbitrary web script or HTML via the URL. Date published : 2005-05-10 http://www.securityfocus.com/bid/9374 http://www.securityfocus.com/archive/1/349089
Cross-site scripting (XSS) vulnerability in the web management interface in ZyWALL 10 4.07 allows remote attackers to inject arbitrary web script or HTML via the rpAuth_1 page. Date published : 2005-05-10 http://www.securityfocus.com/bid/9373 http://www.securityfocus.com/archive/1/349085
ASP-Nuke 1.3 and earlier places user credentials under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to main.mdb. Date published : 2005-05-10...
SQL injection vulnerability in PostCalendar 4.0.0 allows remote attackers to execute arbitrary SQL commands via search queries. Date published : 2005-05-10 http://www.securityfocus.com/bid/9372 http://news.postnuke.com/modules.php?op=modload&name=News&file=article&sid=2537
PortalApp places user credentials under the web root with insufficient access control, which allows remote attackers to gain access to sensitive information via a direct request to 8275.mdb. Date published : 2005-05-10 http://www.securityfocus.com/bid/9354 http://securitytracker.com/id?1008627
SQL injection vulnerability in calendar.php for Invision Power Board 1.3 allows remote attackers to execute arbitrary SQL commands via the m parameter, which sets the $this->chosen_month variable. Date published : 2005-05-10 http://www.securityfocus.com/bid/9353 http://www.securityfocus.com/archive/1/348821
Buffer overflow in the web server of Webcam Watchdog 3.63 allows remote attackers to execute arbitrary code via a long HTTP GET request. Date published : 2005-05-10 http://www.securityfocus.com/bid/9351 http://www.securityfocus.com/archive/1/348818
Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 allows remote attackers to read and create arbitrary files via a /.. (slash dot dot). Date published : 2005-05-10 http://www.securityfocus.com/bid/9350 http://www.securiteam.com/windowsntfocus/5FP051FBPQ.html
athenareg.php in Athena Web Registration allows remote attackers to execute arbitrary commands via shell metacharacters in the pass parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/9349 http://www.osvdb.org/16861
Info Touch Surfnet kiosk allows local users to crash Surfnet and access the underlying operating system via the CMD_CREDITCARD_CHARGE command. Date published : 2005-05-10 http://www.securityfocus.com/bid/9348