Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information. Date published : 2005-09-08 http://marc.info/?l=bugtraq&m=112552683829473&w=2 http://marc.info/?l=bugtraq&m=112559982413287&w=2
Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function...
Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php. Date published : 2005-09-08 http://www.securityfocus.com/bid/14692 http://marc.info/?l=bugtraq&m=112534893423213&w=2
Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before 4.9.0 allows remote attackers to execute arbitrary code via the username. Date published : 2005-09-08 http://www.securityfocus.com/bid/14707 http://www.kb.cert.org/vuls/id/170905
Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and...
Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700. Date published : 2005-09-08 http://www.idefense.com/application/poi/display?id=300&type=vulnerabilities&flashstatus=true...
Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier have unknown impact and unspecified attack vectors, in one or more of the (1) Download, (2) Search, (3) Web links, (4) Blocks, (5) Messages, (6)...
Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro 1.0.72 allow remote attackers to inject arbitrary web script or HTML via (1) dl-search.php or (2) wl-search.php. Date published : 2005-09-07 http://securitytracker.com/id?1014847
SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. Date published : 2005-09-07 http://www.securityfocus.com/bid/14739 http://marc.info/?l=bugtraq&m=112607358831963&w=2
Multiple eval injection vulnerabilities in PlainBlack Software WebGUI before 6.7.3 allow remote attackers to execute arbitrary Perl code via (1) Help.pm, (2) International.pm, or (3) WebGUI.pm. Date published : 2005-09-07 http://www.securityfocus.com/bid/14732 http://www.plainblack.com/getwebgui/advisories/security-exploit-found-in-6.x-versions
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in...
Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows remote attackers to inject arbitrary web script or HTML via an e-mail message containing Internet Explorer "Conditional Comments" such as "[if]" and "[endif]". Date published :...
DownFile 1.3 allows remote attackers to gain administrator privileges via a direct request to (1) update.php, (2) del.php, and (3) add_form.php. Date published : 2005-09-07 http://www.securityfocus.com/bid/14714 http://securitytracker.com/id?1014827
Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote attackers to inject arbitrary web script or HTML via the id parameter to (1) email.php,(2) index.php, (3) del.php, or (4) add_form.php. Date published : 2005-09-07...