CVE-2006-1220
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads...
Integer overflow in the mach_msg_send function in the kernel for Mac OS X might allow local users to execute arbitrary code via unknown attack vectors related to a large message header size, which leads...
Directory traversal vulnerability in Gallery 2.0.3 and earlier, and 2.1 before RC-2a, allows remote attackers to include arbitrary PHP files via ".." (dot dot) sequences in the stepOrder parameter to (1) upgrade/index.php or (2)...
Unspecified vulnerability in the HTTP proxy in Novell BorderManager 3.8 and earlier allows remote attackers to cause a denial of service (CPU consumption and ABEND) via unknown attack vectors related to "media streaming over...
SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. Date published : 2006-03-13 http://www.securityfocus.com/bid/17103 http://www.securityfocus.com/archive/1/428663/100/0/threaded
Cross-site scripting (XSS) vulnerability in bigshow.php in Runcms 1.x allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2006-03-13 http://www.securityfocus.com/bid/16970 http://www.securityfocus.com/archive/1/426829
Cross-site scripting (XSS) vulnerability in misc.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the percent parameter. NOTE: this issue has been disputed in a...
UnrealIRCd 3.2.3 allows remote attackers to cause an unspecified denial of service by causing a linked server to send malformed TKL Q:Line commands, as demonstrated by "TKL – qx08Q *x08PoC." Date published : 2006-03-13...
JiRo’s Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using...
Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. NOTE: this vulnerability could not be...
IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform...
The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. NOTE: IBM has...
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request...
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory. Date published...
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[USERNAME] file. Date published :...