SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. Date published : 2006-02-23 http://www.securityfocus.com/bid/16609 http://www.securityfocus.com/archive/1/425317/100/0/threaded
Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO...
The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. Date published :...
The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that...
Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy...
CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." Date published : 2006-02-23...
Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. Date published : 2006-02-23 http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html...
Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a...
webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. NOTE: this has been called a cross-site scripting (XSS)...
Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field. Date published : 2006-02-22 http://www.securityfocus.com/bid/14725 http://www.securityfocus.com/archive/1/425492/100/0/threaded
PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. Date...
Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument....
Direct static code injection vulnerability in write.php in Admbook 1.2.2 and earlier allows remote attackers to execute arbitrary PHP code via the X-Forwarded-For HTTP header field, which is inserted into content-data.php. Date published :...
SQL injection vulnerability in the forum module of ilchClan 1.05g and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter, when creating a newpost. Date published : 2006-02-22 http://www.securityfocus.com/bid/16735 https://www.exploit-db.com/exploits/1516