check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. Date published : 2006-02-13 http://www.securityfocus.com/bid/16562 http://www.securityfocus.com/archive/1/424741/100/0/threaded
Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. Date published : 2006-02-13 http://www.securityfocus.com/bid/16562 http://www.securityfocus.com/archive/1/424741/100/0/threaded
WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. NOTE: this report is based on a vendor bug report that identified...
SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. Date published : 2006-02-13 http://www.securityfocus.com/bid/16547 http://www.osvdb.org/22991
Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed...
Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2006-02-13 http://www.securityfocus.com/bid/16572 http://www.dataparksearch.org/ChangeLog
Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and...
LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a...
elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request. Date published :...
The (1) elog.c and (2) elogd.c components in elog before 2.5.7 r1558-4 generate different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. Date published...
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file. Date published : 2006-02-13 http://www.securityfocus.com/bid/16579 http://www.debian.org/security/2006/dsa-967
Multiple stack-based buffer overflows in elogd.c in elog before 2.5.7 r1558-4 allow attackers to cause a denial of service (application crash) and possibly execute code via long "revision attributes". Date published : 2006-02-13 http://www.securityfocus.com/bid/16579...
Double free vulnerability in the authentication and authentication token alteration code in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (application crash) and possibly execute...
squid_redirect script in adzapper before 2006-01-29 allows remote attackers to cause a denial of service (CPU consumption) via a URL with a large number of trailing / (forward slashes), which might produce inefficient regular...