SunnComm MediaMax DRM 5.0.21.0, as used by Sony BMG, assigns insecure Everyone/Full Control permissions to the "SunnComm Shared" directory, which allows local users to gain privileges by modifying programs installed in that directory, such...
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors. Date published : 2005-12-07 http://www-1.ibm.com/support/docview.wss?uid=isg1IY75283 http://www-1.ibm.com/support/docview.wss?uid=isg1IY75294
Total Commander 6.53 uses weak encryption to store FTP usernames and passwords in WCX_FTP.INI, which allows local users to decrypt the passwords and gain access to FTP servers, as possibly demonstrated by the W32.Gudeb...
SQL injection vulnerability in the search module in Edgewall Trac before 0.9.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2005-12-07 http://www.securityfocus.com/bid/15720 http://projects.edgewall.com/trac/wiki/ChangeLog
Multiple SQL injection vulnerabilities in A-FAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) faqid parameter to faqDspItem.asp and (2) catcode parameter to faqDsp.asp. Date published : 2005-12-07 http://www.securityfocus.com/bid/15741 http://pridels0.blogspot.com/2005/12/faq-sql-inj-vuln.html
Multiple cross-site scripting (XSS) vulnerabilities in NetAuctionHelp 3.0 and earlier allow remote attackers to inject arbitrary HTML and web script via the (1) L, (2) sort, (3) category, (4) categoryname parameters to search.asp. Date...
Cross-site scripting (XSS) vulnerability in CPSearch.asp in XcClassified 3.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. Date published : 2005-12-07 http://www.securityfocus.com/bid/15738 http://pridels0.blogspot.com/2005/12/xcclassified-v3x-xss-vuln.html
Cross-site scripting (XSS) vulnerability in PASearch.asp in XcPhotoAlbum 1.x allows remote attackers to inject arbitrary web script or HTML via the search parameters. Date published : 2005-12-07 http://www.securityfocus.com/bid/15739 http://pridels0.blogspot.com/2005/12/xcphotoalbum-v1x-xss-vuln.html
Cross-site scripting (XSS) vulnerability in search.asp in rwAuction Pro 4.0 and 5.0 allows remote attackers to inject arbitrary web script or HTML via the searchtxt parameter. Date published : 2005-12-07 http://www.securityfocus.com/bid/15740 http://pridels-team.blogspot.com/2007/06/rwauction-pro-xss-vuln.html
SQL injection vulnerability in searchdb.asp in LocazoList 1.03c and earlier allows remote attackers to execute arbitrary SQL commands via the q parameter. Date published : 2005-12-07 http://www.securityfocus.com/bid/15812 http://locazo.net:81/applications/
SQL injection vulnerability in saralblog 1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to viewprofile.php. Date published : 2005-12-07 http://evuln.com/vulns/40/summary.html http://pridels0.blogspot.com/2005/12/saralblog-v1-sql-inj-vuln.html
Cross-site scripting (XSS) vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to inject arbitrary web script or HTML via the (1) Location, (2) Last Name, and (3) First Name parameters. Date published...
SQL injection vulnerability in search.php in PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the (1) Location, (2) Last Name, and (3) First Name parameters. Date published : 2005-12-07 http://www.securityfocus.com/bid/15724...
SQL injection vulnerability in index.php in Cars Portal 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) page and (2) car parameters. Date published : 2005-12-07 http://www.securityfocus.com/bid/15747 http://pridels0.blogspot.com/2005/12/cars-portal-v1x-sql-injection.html