Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters. Date published : 2006-03-29...
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to...
/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option. Date published : 2006-03-28 http://www.securityfocus.com/bid/19662...
Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page. Date published : 2006-03-28 http://www.webhostautomation.com/webhost-301 http://attrition.org/pipermail/vim/2006-March/000653.html
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t". Date published : 2006-03-28 http://www.securityfocus.com/bid/17293...
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Date published : 2006-03-28 http://www.securityfocus.com/bid/17294 http://www.freeradius.org/security.html
Off-by-one error in the sql_error function in sql_unixodbc.c in FreeRADIUS 1.0.2.5-5, and possibly other versions including 1.0.4, might allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by...
ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter...
Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module. Date published : 2006-03-28 http://www.securityfocus.com/bid/17276 http://pridels0.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html
Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters. Date published...
gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. NOTE: the provenance of this information is unknown; the details...
Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog. Date published : 2006-03-28 http://www.securityfocus.com/bid/17284 http://www.securityfocus.com/archive/1/429107/100/0/threaded
Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot), (2) space, and (3) slash characters in the extension of...
Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2006-03-28 http://www.securityfocus.com/bid/17231 http://www.securityfocus.com/archive/1/428899/100/0/threaded