Multiple cross-site scripting (XSS) vulnerabilities in ASPPortal 3.00 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Date published : 2006-03-18 http://www.securityfocus.com/bid/17114 http://marc.info/?l=bugtraq&m=114243660409338&w=2
Horde Application Framework 3.0.9 allows remote attackers to read arbitrary files via a null character in the url parameter in services/go.php, which bypasses a sanity check. Date published : 2006-03-18 http://www.securityfocus.com/bid/17117 http://www.securityfocus.com/archive/1/427710/100/0/threaded
Multiple SQL injection vulnerabilities in Maian Support 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) email or (2) pass parameter to admin/index.php. Date published : 2006-03-18 http://www.securityfocus.com/archive/1/429098/100/0/threaded http://evuln.com/vulns/103/summary.html
Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.8.0.1 allows remote attackers to inject arbitrary web script or HTML via the set_theme parameter. Date published : 2006-03-18 http://www.securityfocus.com/bid/17142 http://www.phpmyadmin.net/home_page/downloads.php?relnotes=0
The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going...
Cross-site scripting (XSS) vulnerability in guestbook.php in Soren Boysen (SkullSplitter) PHP Guestbook 2.6 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Date published : 2006-03-18 http://www.securityfocus.com/bid/17136 http://www.securityfocus.com/archive/1/429254/100/0/threaded
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string...
Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from...
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address. Date published : 2006-03-18 http://www.securityfocus.com/bid/17118...
Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. Date published : 2006-03-18 http://www.securityfocus.com/bid/17059 https://www.exploit-db.com/exploits/1570
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when...
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. Date published : 2006-03-18 http://www.securityfocus.com/bid/17009 http://www.magicwinmail.net/changelog.asp
Integer overflow in Apple QuickTime Player 7.0.3 and 7.0.4 and iTunes 6.0.1 and 6.0.2 allows remote attackers to execute arbitrary code via a FlashPix (FPX) image that contains a field that specifies a large...
Unspecified vulnerability in usermod in HP-UX B.11.00, B.11.11, and B.11.23, when run with certain options that involve a new home directory, might cause usermod to change the ownership of all directories and files under...