Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter. Date published : 2006-01-25 http://www.securityfocus.com/bid/16363 http://www.osvdb.org/22784
Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built...
Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. Date published : 2006-01-25...
SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. Date published : 2006-01-25 http://archives.neohapsis.com/archives/bugtraq/2006-01/0064.html http://www.osvdb.org/22365
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. Date published : 2006-01-25 http://www.securityfocus.com/bid/16341 http://www.securityfocus.com/archive/1/422482
A logic error in the IP fragment cache functionality in pf in FreeBSD 5.3, 5.4, and 6.0, and OpenBSD, when a ‘scrub fragment crop’ or ‘scrub fragment drop-ovl’ rule is being used, allows remote...
A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users...
FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory. Date published : 2006-01-25 http://www.securityfocus.com/bid/16373 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:06.kmem.asc
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. Date published : 2006-01-25 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html http://www.securityfocus.com/bid/16369
SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. Date published : 2006-01-24 http://www.securityfocus.com/bid/16364 http://sourceforge.net/project/shownotes.php?release_id=387862&group_id=42718
Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. Date published : 2006-01-24 http://www.securityfocus.com/bid/16362...
rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. Date published : 2006-01-24 http://www.securityfocus.com/bid/16366 http://gridengine.sunsource.net/project/gridengine/60patches.txt
Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag...
search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. Date published :...