SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter. Date published : 2006-03-28 http://www.securityfocus.com/bid/17229 https://www.exploit-db.com/exploits/1609
Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log...
Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and...
Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local...
Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3)...
Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user...
Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a...
Cross-site scripting (XSS) vulnerability in the "failed" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter. Date published : 2006-03-28 http://www.securityfocus.com/archive/1/428971/100/0/threaded
fusionZONE couponZONE 4.2 allows remote attackers to obtain the full path of the web server, and other sensitive information, via invalid values, as demonstrated using manipulations associated with SQL. Date published : 2006-03-28 http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html...
Cross-site scripting (XSS) vulnerability in local.cfm in fusionZONE couponZONE 4.2 allows remote attackers to inject arbitrary web script or HTML via URL-encoded (1) srchfor and (2) srchby parameters. Date published : 2006-03-28 http://www.securityfocus.com/bid/17272 http://pridels0.blogspot.com/2006/03/couponzone-v42-multiple-vuln.html
Multiple cross-site scripting (XSS) vulnerabilities in CONTROLzx HMS (formerly DRZES) 3.3.4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dedicatedPlanID parameter to dedicated_order.php, (2) sharedPlanID parameter to...
Cross-site scripting (XSS) vulnerability in accountlogon.cfm in classifiedZONE 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the rtn parameter. Date published : 2006-03-28 http://www.securityfocus.com/bid/17273 http://pridels0.blogspot.com/2006/03/classifiedzone-v12-xss-vuln.html
Multiple cross-site scripting (XSS) vulnerabilities in phpCOIN 1.2.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the fs parameter to (1) mod.php or (2) mod_print.php. Date published : 2006-03-28...
Multiple cross-site scripting (XSS) vulnerabilities in WebAPP 0.9.9.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) action, (2) id, (3) num, (4) board, (5) cat, (6) real,...