Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument. Date published...
Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. Date published...
Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. Date published : 2006-01-16 http://www.securityfocus.com/bid/16233 http://www.securityfocus.com/archive/1/421916/100/0/threaded
SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password....
Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php....
The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment...
Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL...
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects...
admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter. Date published :...
Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. NOTE: this issue might be resultant...
Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. Date published : 2006-01-15...
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022). Date published : 2006-01-14...
BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI and anonymous admin lookup enabled, allows remote attackers to obtain configuration information by accessing MBeanHome via the Java Naming and Directory Interface...
SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Date published : 2006-01-13 http://www.securityfocus.com/bid/16310 http://phlymail.de/forum/viewtopic.php?t=842