CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to the CommonName organization and possibly other web servers for name resolution, which allows those organizations to obtain internal server names. Date published : 2005-06-28 http://www.securityfocus.com/bid/5878...
PHP remote file inclusion vulnerability in customize.php for phpMyNewsletter 0.6.10 allows remote attackers to execute arbitrary PHP code via the l parameter. Date published : 2005-06-28 http://www.securityfocus.com/bid/5886 http://archives.neohapsis.com/archives/bugtraq/2002-10/0060.html
TightAuction 3.0 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain the database username and password. Date published : 2005-06-28 http://www.securityfocus.com/bid/5850 http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlogger (PPhlogger) 2.0.9 through 2.2.2 allows remote attackers to execute arbitrary PHP code via the rel_path parameter. Date published : 2005-06-28 http://www.securityfocus.com/bid/5860 http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
index.php in Py-Membres 3.1 allows remote attackers to log in as an administrator by setting the pymembs parameter to "admin". Date published : 2005-06-28 http://www.securityfocus.com/bid/5849 http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the Designer, opens port 7358 for interprocess communication, which allows remote attackers to open arbitrary HTML pages and cause a denial of service....
Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business Suite 11i 11.1 through 11.6 allows remote attackers to bypass user authentication checks via unknown attack vectors. Date published : 2005-06-28 http://www.securityfocus.com/bid/5901 http://www.oracle.com/technology/deploy/security/pdf/2002alert44rev1.pdf
Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attackers to cause a denial of service (web browser crash) via malformed content in a Flash Shockwave (.SWF) file, as demonstrated by by ROT13 encoding...
LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by modifying the pmid parameter to pm.php. Date published : 2005-06-28 http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html http://www.ifrance.com/kitetoua/tuto/LokwaBB.txt
SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers to execute arbitrary SQL commands via the (1) member parameter to member.php or (2) loser parameter to misc.php. Date published : 2005-06-28 http://www.securityfocus.com/bid/4981 http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html
PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote attackers to execute arbitrary PHP code via the inc_dir parameter. Date published : 2005-06-28 http://www.securityfocus.com/bid/4977 http://archives.neohapsis.com/archives/bugtraq/2002-06/0055.html
NETGEAR FM114P allows remote attackers to bypass access restrictions for web sites via a URL that uses the IP address instead of the hostname. Date published : 2005-06-28 http://www.securityfocus.com/bid/5667 http://online.securityfocus.com/archive/1/290849
Microsoft Exchange 2000 allows remote authenticated attackers to cause a denial of service via a large number of rapid requests, which consumes all of the licenses that are granted to Exchange by IIS. Date...
Entercept Agent 2.5 agent for Windows, released before May 21, 2002, allows local administrative users to obtain the entercept agent password, which could allow the administrators to log on as the entercept_agent account and...