Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2005-08-16 http://www.securityfocus.com/bid/14440 http://marc.info/?l=bugtraq&m=112352059715868&w=2
doping.php in ePing plugin 1.02 and earlier for e107 portal allows remote attackers to execute arbitrary code or overwrite files via (1) shell metacharacters in the eping_count parameter or (2) restricted shell metacharacters such...
Stack-based buffer overflow in the init_syms function in MySQL 4.0 before 4.0.25, 4.1 before 4.1.13, and 5.0 before 5.0.7-beta allows remote authenticated users who can create user-defined functions to execute arbitrary code via a...
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. Date published :...
Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 through 7.0.2 and Acrobat 5.0 through 7.0.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown...
EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). Date published : 2005-08-16 http://www.securityfocus.com/bid/14487 http://www.idefense.com/application/poi/display?id=288&type=vulnerabilities&flashstatus=true
Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Date published : 2005-08-16 http://www.securityfocus.com/bid/14487 http://www.idefense.com/application/poi/display?id=288&type=vulnerabilities&flashstatus=true
Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an away message with a...
The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to cause a denial of service (application crash) via a filename that contains invalid UTF-8 characters. Date published : 2005-08-16 http://www.securityfocus.com/bid/14531 http://gaim.sourceforge.net/security/?id=21
xpdf and kpdf do not properly validate the "loca" table in PDF files, which allows local users to cause a denial of service (disk consumption and hang) via a PDF file with a "broken"...
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP...
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter...
The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 (patch 3) uses insecure permissions for the "Common FrameworkDb" folder, which allows local users to read arbitrary files by creating a subfolder in the...
The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel...