SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter. Date published : 2006-01-04 http://pridels0.blogspot.com/2005/11/isupport-1x-includefile-sql-inj.html http://www.osvdb.org/21317
SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. Date published : 2006-01-04 http://pridels0.blogspot.com/2005/11/dapperdesk-30x-page-sql-inj.html http://www.osvdb.org/21315
Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search...
Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile. Date published : 2006-01-04 http://pridels0.blogspot.com/2005/11/vubb-forum-sql-and-xss-vuln.html http://www.osvdb.org/21332
Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php....
SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter. Date published : 2006-01-04 http://pridels0.blogspot.com/2005/12/free-clickbank-search-engine-sql-inj.html http://www.osvdb.org/21489
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a...
ialmnt5.sys in the ialmrnt5 display driver in Intel Graphics Accelerator Driver 6.14.10.4308 allows attackers to cause a denial of service (crash or screen resolution change) via a long text field, as demonstrated using a...
Cross-site scripting (XSS) vulnerability in vBulletin 3.5.2, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via the title of an event, which is not properly filtered by (1)...
SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field (adminname variable). Date published : 2006-01-04 http://www.securityfocus.com/bid/16115 http://www.securityfocus.com/archive/1/420675/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in B-net Software 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) shout variables to (a) shout.php, or the (3) title...
Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors. Date published : 2006-01-03 http://www.securityfocus.com/bid/16104 http://sourceforge.net/project/shownotes.php?release_id=381793
index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter. Date published : 2006-01-03 http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html http://www.osvdb.org/22144
SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters. Date published : 2006-01-03 http://www.securityfocus.com/bid/16121 http://pridels0.blogspot.com/2005/12/bugport-multiple-vuln.html