Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.61 allow remote attackers to inject arbitrary web script or HTML via the (1) country parameter to view_user.php, (2) show parameter to view_forum.php, (3) letter parameter...
asycpict.dll, as used in Microsoft products such as Front Page 97 and 98, allows remote attackers to cause a denial of service (hang) via a JPEG image with maximum height and width values. Date...
SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2005-07-10 http://www.securityfocus.com/bid/11428 http://sourceforge.net/project/shownotes.php?release_id=273104
Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Date published : 2005-07-10 http://www.securityfocus.com/bid/11428 http://sourceforge.net/project/shownotes.php?release_id=273104
The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is configured by default to trust sessmgr.exe, which allows local users to use sessmgr.exe to create a local listening port that bypasses the ICF...
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow remote attackers to execute arbitrary SQL commands via the (1) product parameter to showproduct.php or (2) cat parameter to showcat.php. Date published : 2005-07-10 http://www.securityfocus.com/bid/9574...
Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ProductCart allows remote attackers to inject arbitrary Javascript via the redirectUrl parameter. Date published : 2005-07-10 http://www.securityfocus.com/bid/9669 http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html
SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductCart allows remote attackers to execute arbitrary SQL commands via the priceUntil parameter. Date published : 2005-07-10 http://www.securityfocus.com/bid/9669 http://www.securityfocus.com/archive/1/354288
EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack. Date published : 2005-07-10 http://www.securityfocus.com/bid/9669 http://www.securityfocus.com/archive/1/354288
Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly quoted in the resulting error page. Date published :...
Directory traversal vulnerability in sample_showcode.html in Caravan 2.00/03d and earlier allows remote attackers to read arbitrary files via the fname parameter. Date published : 2005-07-10 http://www.securityfocus.com/bid/9555 http://members.lycos.co.uk/r34ct/main/Caravan/Caravan.txt
Application Access Server (A-A-S) 1.0.37 and earlier allows remote authenticated users to cause a denial of service (application crash) via a long file request. Date published : 2005-07-10 http://members.lycos.co.uk/r34ct/main/A-A-S/AAS1_0_3.TXT http://www.secunia.com/advisories/10762/
BaSoMail 1.24 allows remote attackers to cause a denial of service (CPU consumption) via multiple connections to TCP port (1) 25 (SMTP) or (2) 110 (POP3). Date published : 2005-07-10 http://members.lycos.co.uk/r34ct/main/Baso_mail/Baso_1.24.txt http://www.osvdb.org/3789
Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand. Date published : 2005-07-10 http://www.securityfocus.com/bid/11233...