register.php in PunBB 1.2.10 allows remote attackers to cause an unspecified denial of service via a flood of new user registrations. Date published : 2006-03-09 http://www.punbb.org/changelogs/1.2.10_to_1.2.11.txt http://www.punbb.org/download/patch/punbb-1.2.10_to_1.2.11.patch
Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to...
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. Date published : 2006-03-09 http://www.securityfocus.com/bid/17095 http://issues.apache.org/jira/browse/LOG4NET-67
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service...
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack. Date published : 2006-03-09 http://www-1.ibm.com/support/docview.wss?uid=isg1IY77624 http://www-1.ibm.com/support/docview.wss?uid=isg1IY77638
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in...
PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. Date published : 2006-03-08 http://www.securityfocus.com/bid/16963 http://www.securityfocus.com/archive/1/426762/100/0/threaded
Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before...
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of...
Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP...
Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. (dot dot) in the (1) option[language] and (2) option[template] parameters, and (3)...
Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3)...
SQL injection vulnerability in forgotten_password.php in Jonathan Beckett PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the email parameter. Date published : 2006-03-08 http://www.securityfocus.com/bid/16915 http://www.securityfocus.com/archive/1/426575/100/0/threaded
Cross-site scripting (XSS) vulnerability in login.php in Game-Panel 2.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter, possibly requiring a URL encoded value. Date published :...