SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters. Date published : 2005-07-05 http://secunia.com/advisories/15818
The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change...
kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file. Date published : 2005-07-05 http://www.zataz.net/adviso/kpopper-06152005.txt
Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. Date published :...
Multiple unknown vulnerabilities in Real Estate Management Software 1.0 have unknown impact and attack vectors. Date published : 2005-07-01 http://www.securityfocus.com/bid/11304 http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html
Cross-site scripting (XSS) vulnerability in ‘raw’ page output mode for MediaWiki 1.3.4 and earlier allows remote attackers to inject arbitrary web script or HTML. Date published : 2005-07-01 http://www.securityfocus.com/bid/11302 http://sourceforge.net/project/shownotes.php?group_id=34373&release_id=271848
Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denial of service (memory consumption or application crash) via a very large data size. Date published : 2005-07-01 http://www.securityfocus.com/bid/11263 http://www.securityfocus.com/archive/1/376569
Nettica Corporation INTELLIPEER Email Server 1.01 displays different error messages for valid and invalid account names, which allows remote attackers to determine valid account names. Date published : 2005-07-01 http://www.securityfocus.com/bid/11257 http://www.osvdb.org/10349
Buffer overflow in the prepared statements API in libmysqlclient for MySQL 4.1.3 beta and 4.1.4 allows remote attackers to cause a denial of service via a large number of placeholders. Date published : 2005-07-01...
Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors. Date published : 2005-07-01 http://www.securityfocus.com/bid/11255 http://sourceforge.net/project/shownotes.php?release_id=269807
Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook allow attackers to cause a denial of service (crash) via malformed e-mail messages (1) without a body or (2) without a carriage return ("n") separating...
CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows attackers to conduct HTTP response splitting attacks via the fid parameter in a writenew action to thread-post.asp. Date published : 2005-07-01 http://marc.info/?l=bugtraq&m=109631200701134&w=2 http://www.pd9soft.com/megabbs/forums/thread-view.asp?tid=4924
SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows remote attackers to execute arbitrary SQL commands via the (1) sortdir or (2) criteria parameter to ladder-log.asp or the (3) memberid or (4)...
Baal Smart Forms before 3.2 allows remote attackers to bypass authentication and obtain system access via a direct request to regadmin.php. Date published : 2005-07-01 http://securitytracker.com/id?1011416 http://secunia.com/advisories/12649/