Multiple cross-site scripting (XSS) vulnerabilities in Horde Application Framework before 3.0.8 allow remote authenticated users to inject arbitrary web script or HTML via multiple vectors, as demonstrated by (1) the identity field, (2) Category...
Multiple cross-site scripting (XSS) vulnerabilities in Horde Kronolith H3 before 2.0.6 allow remote authenticated users to inject arbitrary web script or HTML via (1) the Calendar name field when creating calendars, (2) event title...
Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using...
The thread termination routine in the kernel for Windows NT 4.0 and 2000 (NTOSKRNL.EXE) allows local users to modify kernel memory and execution flow via steps in which a terminating thread causes Asynchronous Procedure...
Buffer overflow in Dropbear server before 0.47 allows authenticated users to execute arbitrary code via unspecified inputs that cause insufficient memory to be allocated due to an incorrect expression that does not enforce the...
Cross-site scripting (XSS) vulnerability in book.cfm in Magic Book Personal and Professional 2.0 allows remote attackers to inject arbitrary web script or HTML via the StartRow parameter. Date published : 2005-12-11 http://www.securityfocus.com/bid/15805 http://pridels0.blogspot.com/2005/12/magic-book-v20-professional-vuln.html
AWARD Bios Modular 4.50pg does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. Date published...
Insyde BIOS V190 does not clear the keyboard buffer after reading the BIOS password during system startup, which allows local administrators or users to read the password directly from physical memory. Date published :...
eFiction 1.0, 1.1, and 2.0, in unspecified environments, might allow remote attackers to conduct unauthorized operations by directly accessing (1) install.php or (2) upgrade.php. NOTE: it is unclear whether this is a vulnerability in...
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information by accessing phpinfo.php, which executes the PHP phpinfo function. Date published : 2005-12-11 http://www.securityfocus.com/bid/15568 http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html
eFiction 1.0, 1.1, and 2.0 allows remote attackers to obtain sensitive information via a direct request to storyblock.php without arguments, which leaks the full pathname in the resulting PHP error message. Date published :...
The "Upload new image" command in the "Manage Images" eFiction 1.1, when members are allowed to upload images, allows remote attackers to execute arbitrary PHP code by uploading a filename with a .php extension...
SQL injection vulnerability in eFiction 1.1 allows remote attackers to execute arbitrary SQL commands via the uid parameter to viewuser.php. Date published : 2005-12-11 http://www.securityfocus.com/bid/15568 http://archives.neohapsis.com/archives/bugtraq/2005-11/0301.html
Multiple SQL injection vulnerabilities in eFiction 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) let parameter in a viewlist action to authors.php and (2) sid parameter to viewstory.php. Date published...