Cross-site scripting (XSS) vulnerability in LogiSphere 0.9.9j allows remote attackers to inject arbitrary Javascript via the msg command. NOTE: due to lack of appropriate details by the original researcher, it is unclear whether this...
LogiSphere 0.9.9j does not restrict the number of messages that can be sent, which allows remote attackers to cause a denial of service by sending a large number of messages via the msg command....
Multiple directory traversal vulnerabilities in LogiSphere 0.9.9j allow remote attackers to access arbitrary files via (1) .. (dot dot), (2) "…" (triple dot), and (3) "..//" sequences in the URL, (4) "../" sequences in...
Directory traversal vulnerability in My Album Online 1.0 allows remote attackers to access arbitrary files via "…/" (triple dot) sequences in unspecified vectors. Date published : 2005-12-13 http://www.securityfocus.com/bid/15800 http://www.ipomonis.com/advisories/myAlbumOnline.txt
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0 have unknown impact and attack vectors, a different set of vulnerabilities than those identified by CVE-2005-4199. Date published : 2005-12-13 http://www.securityfocus.com/bid/15793 http://community.mybboard.net/showthread.php?tid=5184&pid=30964#pid30964
Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) before 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) month, (2) day, and (3) year parameters in an addevent action in calendar.php; (4)...
SQL injection vulnerability in index.php in Netref 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this issue is unknown; the details were obtained solely from...
tunnelform.yaws in Nortel SSL VPN 4.2.1.6 allows remote attackers to execute arbitrary commands via a link in the a parameter, which is executed with extra privileges in a cryptographically signed Java Applet. Date published...
Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT–QuickSearch.php; (2) ParentId parameter in...
Multiple SQL injection vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the ParentId parameter in SPT–BrowseResources.php, (2) ResourceId parameter in SPT–FullRecord.php, (3) ResourceOffset...
Buffer overflow in MediaServerList.exe in Sights ‘n Sounds Streaming Media Server 2.0.3.a allows remote attackers to cause a denial of service (application crash) via a long query string. Date published : 2005-12-13 http://www.securityfocus.com/bid/15809 http://www.ipomonis.com/advisories/sws.txt
Cross-site scripting (XSS) vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[‘PHP_SELF’] variable. Date published : 2005-12-13 http://www.securityfocus.com/bid/15817 http://sourceforge.net/project/shownotes.php?release_id=377496&group_id=93103
Multiple cross-site scripting (XSS) vulnerabilities in templates/notepads/notepads.inc in Horde Mnemo Note Manager H3 before 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) the notepad’s name or (2) description,...
Multiple cross-site scripting (XSS) vulnerabilities in templates/tasklists/tasklists.inc in Horde Nag Task List Manager H3 before 2.0.4 allow remote authenticated users to inject arbitrary web script or HTML via (1) the tasklist’s name or (2)...