Dev-Editor 3.0 allows remote attackers to access any directory outside the web root whose name is a substring of the web root directory name. Date published : 2005-12-20 http://www.securityfocus.com/bid/15393 http://devedit.sourceforge.net/changelog.shtml
Cross-site scripting (XSS) vulnerability in Honeycomb Archive Enterprise 3.0 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the keyword parameter in search.cfm. Date published : 2005-12-20 http://www.securityfocus.com/bid/15995...
Multiple SQL injection vulnerabilities in CategoryResults.cfm in Honeycomb Archive and Honeycomb Archive Enterprise 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) series, (2) cat_parent, (3) cat, and (4) div parameters....
The default configuration of Widcomm Bluetooth for Windows (BTW) 4.0.1.1500 and earlier, as installed on Belkin Bluetooth Software 1.4.2 Build 10 and ANYCOM Blue USB-130-250 Software 4.0.1.1500, and possibly other devices, sets null Authentication...
SQL injection vulnerability in index.php in TML CMS 0.5 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2005-12-20 http://www.securityfocus.com/bid/15876 http://packetstormsecurity.org/0512-exploits/ztml.txt
Cross-site scripting (XSS) vulnerability in index.php in TML CMS 0.5 allows remote attackers to inject arbitrary web script or HTML via the form parameter. Date published : 2005-12-20 http://www.securityfocus.com/bid/15876 http://packetstormsecurity.org/0512-exploits/ztml.txt
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug." Date published : 2005-12-20 http://freshmeat.net/projects/teamwork/?branch_id=57178&release_id=214639 http://www.osvdb.org/21745
Multiple cross-site scripting (XSS) vulnerabilities in sample scripts in IBM WebSphere Application Server 6 allow remote attackers to inject arbitrary web script or HTML via the (1) E-mail address field to (a) PlantsByWebSphere/login.jsp, (2)...
Citrix Program Neighborhood client before 9.150 caches the user password in plaintext in the GUI while asterisks are used to visually obfuscate the password, which allows attackers with access to the session to obtain...
Buffer overflow in Mercury Mail Transport System 4.01b allows remote attackers to execute arbitrary code via a long request to TCP port 105. Date published : 2005-12-20 http://www.securityfocus.com/bid/16396 https://www.exploit-db.com/exploits/1375
Cross-site scripting (XSS) vulnerability in NQcontent 3 allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters, possibly the text parameter. Date published : 2005-12-20 http://www.securityfocus.com/bid/15989 http://pridels0.blogspot.com/2005/12/nqcontent-v3-xss-vuln.html
Cross-site scripting (XSS) vulnerability in MMBase 1.7.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified search parameters. Date published : 2005-12-20 http://www.securityfocus.com/bid/15955 http://pridels0.blogspot.com/2005/12/mmbase-xss-vuln.html
Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) id parameter to newsitem.php, and (3) cat parameter...
Cross-site scripting (XSS) vulnerability in index.cfm in Mercury CMS 4.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) content and (2) criteria parameters. Date published : 2005-12-20...