Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah’s Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate...
SQL injection vulnerability in the search tool in Noah’s Classifieds 1.3 allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors. Date published : 2006-02-24 http://www.securityfocus.com/bid/16773 http://www.securityfocus.com/archive/1/425783/100/0/threaded
Noah’s Classifieds 1.3 allows remote attackers to obtain the installation path via a direct request to include files, as demonstrated by classifieds/gorum/category.php. Date published : 2006-02-24 http://www.securityfocus.com/archive/1/425783/100/0/threaded http://www.kapda.ir/advisory-268.html
Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable. Date published : 2006-02-24 http://www.securityfocus.com/bid/16958 http://www.securityfocus.com/archive/1/426760/100/0/threaded
POPFile before 0.22.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving character sets within e-mail messages. Date published : 2006-02-24 http://www.securityfocus.com/bid/16792 http://popfile.sourceforge.net/cgi-bin/wiki.pl?ReleaseNotes/0.22.4
Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. Date published : 2006-02-24 http://www.securityfocus.com/bid/16769 http://www.securityfocus.com/archive/1/425775/100/0/threaded
Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for...
Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. Date published...
Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. (dot dot) sequence and trailing NULL (%00) byte in the lang parameter....
Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. NOTE: CVE-2006-1794 has been assigned to...
Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive. Date published : 2006-02-24 http://www.securityfocus.com/bid/16786 http://www.securityfocus.com/archive/1/425894/100/0/threaded
Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny"...
Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters. Date published...
Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors. Date published : 2006-02-23 http://www.securityfocus.com/bid/16765 http://www.idefense.com/application/poi/display?type=vulnerabilities