phpstatus 1.0 does not require passwords when using cookies to identify a user, which allows remote attackers to bypass authentication. Date published : 2006-02-07 http://www.securityfocus.com/bid/16587 http://www.securityfocus.com/archive/1/424842/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in phpstatus 1.0 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface. Date published : 2006-02-07 http://www.securityfocus.com/bid/16587 http://www.securityfocus.com/archive/1/424842/100/0/threaded
Multiple SQL injection vulnerabilities in phpstatus 1.0, when gpc_magic_quotes is disabled, allow remote attackers to execute arbitrary SQL commands and bypass authentication via (1) the username parameter in check.php and (2) unknown attack vectors...
Cross-site scripting (XSS) vulnerability in user_class.php in Papoo 2.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the username field during the registration of a new account. NOTE: the...
Cross-site scripting (XSS) vulnerability in throw.main in Outblaze allows remote attackers to inject arbitrary web script or HTML via the file parameter. Date published : 2006-02-07 http://www.securityfocus.com/archive/1/423915/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2006-02/0024.html
Directory traversal vulnerability in Files Xaraya module before 0.5.1, when the Archive Directory field on the Modify Config page is blank, allows remote attackers to access files outside of the web root via ".."...
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of...
Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information...
The LDAP component in CommuniGate Pro Core Server 5.0.7 allows remote attackers to cause a denial of service (application crash) via LDAP messages that contain Distinguished Names (DN) fields with a large number of...
PHP remote file include vulnerability in inc/backend_settings.php in Loudblog 0.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the $GLOBALS[path] parameter. Date published : 2006-02-06 http://www.securityfocus.com/bid/16495 http://www.securityfocus.com/archive/1/423947/100/0/threaded
Stack-based buffer overflow in Microsoft HTML Help Workshop 4.74.8702.0, and possibly earlier versions, and as included in the Microsoft HTML Help 1.4 SDK, allows context-dependent attackers to execute arbitrary code via a .hhp file...
SQL injection vulnerability in exec.php in PluggedOut Blog 1.9.9c allows remote attackers to execute arbitrary SQL commands via the entryid parameter in a comment_add action. Date published : 2006-02-06 http://www.securityfocus.com/archive/1/423948/100/0/threaded http://hamid.ir/security/pluggedoutblog.txt
Cross-site scripting (XSS) vulnerability in problem.php in PluggedOut Blog 1.9.9c allows remote attackers to inject arbitrary web script or HTML via the data parameter. Date published : 2006-02-06 http://www.securityfocus.com/archive/1/423948/100/0/threaded http://hamid.ir/security/pluggedoutblog.txt
Directory traversal vulnerability in pkmslogout in Tivoli Web Server Plug-in 5.1.0.10 in Tivoli Access Manager (TAM) 5.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. Date...