Kadu 0.4.2 and 0.5.0pre allows remote attackers to cause a denial of service (crash or generated traffic) via a malformed message, possibly with incomplete information. Date published : 2005-12-01 http://www.securityfocus.com/bid/15620 http://www.securityfocus.com/archive/1/417920/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in FreeWebStat 1.0 rev37 allow remote attackers to inject arbitrary web script or HTML via the (1) site, (2) jsref, (3) jsres, and (4) jscolor parameters to pixel.php, which...
SQL injection vulnerability in index.php in Entergal MX 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) idcat parameter in a showcat action and (2) the action parameter. Date published :...
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors. Date published : 2005-12-01 http://www.securityfocus.com/bid/15624 http://www.dotclear.net/forum/viewtopic.php?id=12895
Multiple SQL injection vulnerabilities in index.php in DMANews 0.904 and 0.910 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in a comments action and the (2) sortorder and (3)...
Multiple cross-site scripting (XSS) vulnerabilities in MagpieRSS 7.1, as used in (a) blogBuddiesv 0.3, (b) Jaws 0.6.2, and possibly other products, allow remote attackers to inject arbitrary web script or HTML via the (1)...
Cross-site scripting (XSS) vulnerability in blogBuddies 0.3 allows remote attackers to inject arbitrary web script or HTML via the u parameter to index.php. Date published : 2005-12-01 http://www.securityfocus.com/bid/15555 http://sourceforge.net/forum/forum.php?forum_id=514600
SQL injection vulnerability in Bedeng PSP 1.1 allows remote attackers to execute arbitrary SQL commands via the cwhere parameter to (1) index.php and (2) download.php, or (3) ckode parameter to baca.php. Date published :...
SQL injection vulnerability in PHP Labs Top Auction allows remote attackers to execute arbitrary SQL commands via the (1) category and (2) type parameters to viewcat.php, or (3) certain search parameters. NOTE: later a...
SQL injection vulnerability in survey.php in PHP Labs Survey Wizard allows remote attackers to execute arbitrary SQL commands via the sid parameter. Date published : 2005-12-01 http://pridels0.blogspot.com/2005/11/survey-wizard-sid-sql-injection-vuln.html http://www.osvdb.org/21104
nuauth in NuFW 1.0.x before 1.0.16 and 1.1 allows authenticated users to cause a denial of service via malformed packets. Date published : 2005-12-01 http://www.securityfocus.com/bid/15645 http://www.nufw.org/+NUFW-1-16-minor-security-fix+.html
Multiple SQL injection vulnerabilities in WebCalendar 1.0.1 allow remote attackers to execute arbitrary SQL commands via the (1) startid parameter to activity_log.php, (2) startid parameter to admin_handler.php, (3) template parameter to edit_template.php, and (4)...
Directory traversal vulnerability in main.php in PHPAlbum 0.2.3 and earlier allows remote attackers to read arbitrary files via the (1) cmd and (2) var1 parameters. Date published : 2005-12-01 http://www.securityfocus.com/bid/15651 http://www.phpalbum.net/dw
Directory traversal vulnerability in index.php in PHP Upload Center allows remote attackers to read arbitrary files via "../" sequences in the filename parameter. Date published : 2005-12-01 http://www.securityfocus.com/bid/15621 http://www.securityfocus.com/bid/15626