SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. Date published : 2005-05-03 http://www.securityfocus.com/bid/13404 http://www.osvdb.org/15968
edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files. Date published : 2005-05-03 http://securitytracker.com/id?1013830 https://exchange.xforce.ibmcloud.com/vulnerabilities/20314
Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb. Date published : 2005-05-03 http://www.osvdb.org/15994 http://securitytracker.com/id?1013830
Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb). Date published : 2005-05-03...
Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb. Date published : 2005-05-03 http://www.securityfocus.com/archive/1/456240/100/0/threaded https://www.exploit-db.com/exploits/8609
StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information. Date published : 2005-05-03 http://www.securityfocus.com/bid/13443 http://www.osvdb.org/14686
Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via .. sequences in the A parameter....
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html. Date published : 2005-05-03 http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt...
Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request. Date published : 2005-05-03 http://www.autistici.org/fdonato/advisory/VideoCamServer1.0.0-adv.txt http://securitytracker.com/id?1013860
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space). Date published : 2005-05-03...
SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter. Date published : 2005-05-03 http://archives.neohapsis.com/archives/bugtraq/2005-04/0491.html http://www.osvdb.org/15959
NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges. Date published : 2005-05-03 http://www.securityfocus.com/bid/13442 http://www.osvdb.org/14687
Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp,...
Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder. Date published : 2005-05-03 http://www.soft3304.net/04WebServer/Security.html http://osvdb.org/ref/16/16067-04webserver.txt