Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attackers to execute arbitrary code via a SOCKS4 request with a long username. Date published : 2005-06-28 http://www.securityfocus.com/bid/6012 http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0032.html
Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena paFileDB 1.1.3 through 3.0 allows remote attackers to inject arbitrary web script or HTML via the query string in the (1) rate, (2) email, or...
602Pro LAN SUITE 2002 allows remote attackers to view the directory tree via an HTTP GET request with a trailing "~" (tilde) or ".bak" extension. Date published : 2005-06-28 http://archives.neohapsis.com/archives/bugtraq/2002-10/0265.html http://www.iss.net/security_center/static/10450.php
Aquonics File Manager 1.5 allows users with edit privileges to modify user accounts by editing the userlist.cgi file. Date published : 2005-06-28 http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html https://exchange.xforce.ibmcloud.com/vulnerabilities/9930
Directory traversal vulnerability in source.php in Aquonics File Manager 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP query string. Date published : 2005-06-28 http://www.securityfocus.com/bid/5533 http://archives.neohapsis.com/archives/bugtraq/2002-08/0212.html
Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to cause a denial of service (crash) by via SYN, UDP, ICMP and TCP portscans when the administrator selects the Log tab of the Personal...
PowerChute plus 5.0.2 creates a "Pwrchute" directory during installation that is shared and world writeable, which could allow remote attackers to modify or create files in that directory. Date published : 2005-06-28 http://www.securityfocus.com/bid/5069 http://online.securityfocus.com/archive/1/277930
The default configuration in MySQL 3.20.32 through 3.23.52, when running on Windows, does not have logging enabled, which could allow remote attackers to conduct activities without detection. Date published : 2005-06-28 http://www.securityfocus.com/bid/5513 http://online.securityfocus.com/archive/1/288105
Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBulletin 2.0.0 through 2.2.8 allows remote attackers to inject arbitrary web script or HTML via the (1) $scriptpath or (2) $url variables. Date published : 2005-06-28...
The default configuration of MySQL 3.20.32 through 3.23.52, when running on Windows, does set the bind address to the loopback interface, which allows remote attackers to connect to the database. Date published : 2005-06-28...
Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial of service (crash) via a MKD command with a long directory name. Date published : 2005-06-28 http://www.securityfocus.com/bid/4862 http://online.securityfocus.com/archive/1/274279
SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username or (2) password fields. Date published : 2005-06-28 http://www.securityfocus.com/bid/4861 http://archives.neohapsis.com/archives/bugtraq/2002-05/0233.html
Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MDAC 2.5 through 2.7 allows remote attackers to have unknown impact with unknown attack vectors. NOTE: due to the lack of details available regarding...
CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC...