SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Date published : 2005-10-27 http://www.securityfocus.com/bid/15171 http://www.ebase.co.jp/company/security
PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter. Date published : 2005-10-27 http://www.securityfocus.com/bid/15207
viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2005-10-27 http://www.securityfocus.com/bid/15180 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=335188
The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS...
Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation. Date published :...
PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter. Date published : 2005-10-27 http://www.securityfocus.com/bid/15175 http://marc.info/?l=bugtraq&m=113017630505223&w=2
Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational...
SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter. Date published : 2005-10-27 http://www.securityfocus.com/bid/15204 http://www.securityfocus.com/archive/1/414672
Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products,...
SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter. Date published : 2005-10-27 http://www.securityfocus.com/bid/15198 http://appindex.net/products/changelog/?product=mwchat&version=6.9
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality. Date published : 2005-10-27 http://www.securityfocus.com/bid/15082 http://www.zope.org/Products/Zope/Hotfix_2005-10-09/security_alert
Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL). Date published : 2005-10-27 http://www.securityfocus.com/bid/15165 http://www.novell.com/linux/security/advisories/2005_24_sr.html
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop...
Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script. Date published : 2005-10-27 http://www.securityfocus.com/bid/15186 http://www.securityfocus.com/archive/1/414396