iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results...
Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using...
admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the specific vulnerability...
readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters. Date published : 2006-02-15 http://www.securityfocus.com/bid/16594 http://www.securityfocus.com/archive/1/424745/30/0/threaded
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions. Date published : 2006-02-15 http://www.securityfocus.com/bid/16594 http://www.securityfocus.com/archive/1/424745/30/0/threaded
Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. Date published : 2006-02-15 http://www.securityfocus.com/bid/16638...
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection. Date published : 2006-02-15 http://sourceforge.net/project/shownotes.php?release_id=392886 http://secunia.com/advisories/18801
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests. Date published : 2006-02-15 http://sourceforge.net/project/shownotes.php?release_id=392886 http://secunia.com/advisories/18801
SQL injection vulnerability in Zen Cart before 1.2.7 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2006-02-15 http://sourceforge.net/project/shownotes.php?release_id=392886 http://www.osvdb.org/23110
Ansilove before 1.03 does not filter uploaded file extensions, which allows remote attackers to execute arbitrary code by uploading arbitrary files with dangerous extensions, then accessing them directly in the upload directory. Date published...
Unspecified vulnerability in the loaders (load_*.php) in Ansilove before 1.03 allows remote attackers to read arbitrary files via unspecified vectors involving "converting files accessible by the webserver". Date published : 2006-02-15 http://www.securityfocus.com/bid/16603 http://sourceforge.net/project/shownotes.php?release_id=392826
Multiple SQL injection vulnerabilities in rb_auth.php in Roberto Butti CALimba 0.99.2 beta and earlier allow remote attackers to execute arbitrary SQL commands and bypass login authentication via the (1) login and (2) password parameters....
Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a)...
edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account. Date published : 2006-02-15 http://www.securityfocus.com/bid/16630...