CVE-2006-0947
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem...
Thomson SpeedTouch modem running firmware 5.3.2.6.0 allows remote attackers to create users that cannot be deleted via scripting code in the "31" parameter in a NewUser function, which is not filtered by the modem...
Cross-site scripting (XSS) vulnerability in Thomson SpeedTouch modems running firmware 5.3.2.6.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter to the LocalNetwork page. Date published : 2006-02-28 http://www.securityfocus.com/bid/16839...
PHP remote file include vulnerability in admin/index.php in Archangel Weblog 0.90.02 allows remote authenticated administrators to execute arbitrary PHP code via a URL ending in a NULL (%00) in the index parameter. Date published...
Archangel Weblog 0.90.02 allows remote attackers to bypass authentication by setting the ba_admin cookie to 1. Date published : 2006-02-28 http://www.securityfocus.com/bid/16848 http://www.securityfocus.com/archive/1/426184/100/0/threaded
SQL injection vulnerability in the sondages module in index.php in PwsPHP 1.2.3 allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Date published : 2006-02-28 http://www.securityfocus.com/archive/1/426084/100/0/threaded http://www.securityfocus.com/archive/1/426183/100/0/threaded
SQL injection vulnerability in profil.php in PwsPHP 1.2.3, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the aff_news_form parameter, a different vulnerability than CVE-2005-1509. Date published : 2006-02-28 http://www.securityfocus.com/bid/16567...
Multiple cross-site scripting (XSS) vulnerabilities in post.php in ShoutLIVE 1.1.0 allow remote attackers to inject arbitrary web script or HTML via certain variables when posting new messages. Date published : 2006-02-28 http://www.securityfocus.com/bid/16857 http://www.securityfocus.com/archive/1/426985/100/0/threaded
Multiple direct static code injection vulnerabilities in savesettings.php in ShoutLIVE 1.1.0 allow remote attackers to execute arbitrary PHP code via variables that are written to settings.php. Date published : 2006-02-28 http://www.securityfocus.com/bid/16857 http://www.securityfocus.com/archive/1/426985/100/0/threaded
SQL injection vulnerability in DCI-Taskeen 1.03 allows remote attackers to execute arbitrary SQL commands via the (1) id or (2) action parameter to (a) basket.php, or (3) id or (4) page parameter to (b)...
Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter. Date published : 2006-02-28 http://www.securityfocus.com/bid/16817 http://www.securityfocus.com/archive/1/426076/100/0/threaded
U.N.U. Mailgust 1.9 allows remote attackers to obtain sensitive information via a direct request to index.php with method=showfullcsv, which reveals the POP3 server configuration, including account name and password. Date published : 2006-02-28 http://nsag.ru/vuln/890.html...
Free Host Shop Website Generator 3.3 allows remote authenticated users with administrative privileges to upload and execute arbitrary files via a formname parameter with a filename containing a dangerous file extension and a trailing...
Microsoft Word 2003 allows remote attackers to cause a denial of service (application crash) via a crafted file, as demonstrated by 101_filefuzz. Date published : 2006-02-28 http://www.securityfocus.com/bid/16782 http://archives.neohapsis.com/archives/dailydave/2006-q1/0179.html
Cross-site scripting (XSS) vulnerability in webinsta Limbo 1.0.4.2 allows remote attackers to inject arbitrary web script or HTML via the message field in the Contact Form. Date published : 2006-02-28 http://www.securityfocus.com/bid/16811 http://osvdb.org/ref/23/23469-limbo.txt