Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. Date published : 2006-01-27 http://osvdb.org/ref/22/22711-goldstag.txt http://www.osvdb.org/22711
Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter. Date published : 2006-01-27 http://osvdb.org/ref/22/22715-active121.txt http://www.osvdb.org/22715
Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. Date published : 2006-01-27 http://osvdb.org/ref/22/22712-ideocontent.txt http://www.osvdb.org/22714
Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php. Date published : 2006-01-27...
SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter. Date published : 2006-01-27 http://www.securityfocus.com/bid/16393 http://www.securityfocus.com/archive/1/423162
Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). Date published : 2006-01-27 http://www.securityfocus.com/bid/16377 http://www.securityfocus.com/archive/1/423068/100/0/threaded
Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that...
SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. Date published : 2006-01-26 http://archives.neohapsis.com/archives/bugtraq/2005-10/0170.html http://www.osvdb.org/20327
The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability...
phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses...
Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before...
Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial...
Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP...
Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. Date published : 2006-01-26 http://www.securityfocus.com/bid/16371 http://devel.webwork.rochester.edu/twiki/bin/view/Webwork/WeBWorKRelease2pt1pt4