Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, as identified by bug#0005751 "thraxisp". Date published : 2005-09-28 http://www.securityfocus.com/bid/15227 http://www.mantisbt.org/changelog.php
Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the summary of the bug, which is not quoted when view_all_bug_page.php is...
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role...
Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers to execute arbitrary code via the RTF import mechanism. Date published : 2005-09-28 http://www.securityfocus.com/bid/14971 http://www.abiword.org/release-notes/2.2.10.phtml
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than...
The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and...
Directory traversal vulnerability in admin/about.php in contentServ 3.1 allows remote attackers to read or include arbitrary files via ".." sequences in the ctsWebsite parameter. Date published : 2005-09-27 http://www.securityfocus.com/bid/14943 http://archives.neohapsis.com/archives/fulldisclosure/2005-09/0650.html
Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters. Date published...
Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP 2.0 firmware allows remote attackers to cause a denial of service via a crafted TIFF image. Date published : 2005-09-27 http://pspupdates.qj.net/2005/09/20-overflow-found-and-working.html...
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2005-09-27 http://www.securityfocus.com/bid/14937 http://marc.info/?l=bugtraq&m=112785315518373&w=2
SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows remote attackers to execute arbitrary SQL commands via the user_pass_sha1 value in a cookie. Date published : 2005-09-27 http://www.securityfocus.com/bid/14936 http://marc.info/?l=bugtraq&m=112784905928282&w=2
wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the SITE command. Date published : 2005-09-27 http://www.securityfocus.com/bid/14935 http://www.debian.org/security/2006/dsa-1006
contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to read arbitrary files via the language field without a source field set. Date published : 2005-09-27 http://www.securityfocus.com/bid/14903 http://sourceforge.net/project/shownotes.php?release_id=358285
PunBB before 1.2.8 allows remote attackers to perform "code inclusion" via the user language selection. Date published : 2005-09-27 http://www.punbb.org/changelogs/1.2.7_to_1.2.8.txt http://secunia.com/advisories/16908