Cross-site scripting (XSS) vulnerability in search.asp in MyTemplateSite 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. Date published : 2005-12-04 http://www.securityfocus.com/bid/15693 http://pridels0.blogspot.com/2005/12/mytemplatesite-xss-vuln.html
Multiple SQL injection vulnerabilities in Absolute Shopping Package Solutions (ASPS) Shopping Cart Professional 2.9d and earlier, and Lite 2.1 and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) srch_product_name parameter...
WebEOC before 6.0.2 uses the same secret key for all installations, which allows attackers with the key to decrypt data from any WebEOC installation. Date published : 2005-12-04 http://www.kb.cert.org/vuls/id/388282
Multiple SQL injection vulnerabilities in phpYellowTM Pro Edition and Lite Edition 5.33 allow remote attackers to execute arbitrary SQL commands via the (1) haystack parameter to search_result.php or (2) ckey parameter to print_me.php. Date...
Cross-site scripting (XSS) vulnerability in archive.asp in SiteBeater News System 4.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the sKeywords parameter. Date published : 2005-12-04 http://www.securityfocus.com/bid/15697 http://pridels0.blogspot.com/2005/12/sitebeater-news-system-xss-vuln.html
Cross-site scripting (XSS) vulnerability in Search.asp in SiteBeater MP3 Catalog 2.03 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. Date published : 2005-12-04 http://www.securityfocus.com/bid/15696 http://pridels0.blogspot.com/2005/12/sitebeater-mp3-catalog-xss-vuln.html
Cross-site scripting (XSS) vulnerability in search.asp in Solupress News 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter. Date published : 2005-12-04 http://www.securityfocus.com/bid/15695 http://pridels0.blogspot.com/2005/12/solupress-news-xss-vuln.html
Zen Cart 1.2.6d and earlier, under certain PHP configurations, allows remote attackers to obtain sensitive information via direct requests to files in the admin/includes directory, including (1) graphs/banner_daily.php, (2) graphs/banner_infobox.php, (3) graphs/banner_yearly.php, (4) graphs/banner_monthly.php,...
SQL injection vulnerability in admin/password_forgotten.php in Zen Cart 1.2.6d and earlier allows remote attackers to execute arbitrary SQL commands via the admin_email parameter. Date published : 2005-12-04 http://www.securityfocus.com/bid/15690 http://www.securityfocus.com/archive/1/418517/100/0/threaded
Format string vulnerability in the dosyslog function in the OBEX server (obexsrv.c) for Sobexsrv before 1.0.0-pre4, when the syslog (-S) function is enabled, allows remote attackers to execute arbitrary code via format string specifiers...
Multiple unspecified vulnerabilities in MailEnable Professional 1.6 and earlier and Enterprise 1.1 and earlier allow attackers to cause a denial of service (crash) via invalid IMAP commands. Date published : 2005-12-04 http://www.mailenable.com/hotfix/ http://www.osvdb.org/21388
Multiple buffer overflows in WinEggDropShell remote access trojan (RAT) 1.7 allow remote attackers to execute arbitrary code via (1) a long GET request to the HTTP server, or a long (2) USER or (3)...
Multiple cross-site scripting (XSS) vulnerabilities in phpMyChat 0.14.6 allow remote attackers to inject arbitrary web script or HTML via the medium parameter to (1) start_page.css.php and (2) style.css.php; or the From parameter to users_popupL.php....
Memory leak in Avaya TN2602AP IP Media Resource 320 circuit pack before vintage 9 firmware allows remote attackers to cause a denial of service (memory consumption) via crafted VoIP packets. Date published : 2005-12-04...