Multiple format string vulnerabilities in Empire Server before 4.3.1 allow attackers to cause a denial of service (crash) via the (1) load, (2) spy and (3) bomb functions. Date published : 2006-04-19 http://www.securityfocus.com/bid/17585 http://sourceforge.net/project/shownotes.php?release_id=410001&group_id=24031
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parameter, which satisfies the file_exists...
edit_kategorie.php in Fuju News 1.0 allows remote attackers to bypass authentication by setting the authorized cookie. Date published : 2006-04-19 http://www.securityfocus.com/bid/17572 https://www.exploit-db.com/exploits/1682
SQL injection vulnerability in archiv2.php in Fuju News 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. Date published : 2006-04-19 http://www.securityfocus.com/bid/17572 https://www.exploit-db.com/exploits/1682
Untrusted search path vulnerability in unspecified components in Symantec LiveUpdate for Macintosh 3.0.0 through 3.5.0 do not set the execution path, which allows local users to gain privileges via a Trojan horse program. Date...
Cross-site scripting (XSS) vulnerability in yearcal.php in Calendarix allows remote attackers to inject arbitrary web script or HTML via the ycyear parameter. Date published : 2006-04-19 http://www.securityfocus.com/bid/17562 http://www.securityfocus.com/archive/1/431122/100/0/threaded
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem makes the attack...
Intel RNG Driver in NetBSD 1.6 through 3.0 may incorrectly detect the presence of the pchb interface, which will cause it to always generate the same random number, which allows remote attackers to more...
sysinfo.cgi in sysinfo 1.21 allows remote attackers to obtain the installation path via the debugger action. Date published : 2006-04-19 http://www.securityfocus.com/bid/17523 https://www.exploit-db.com/exploits/1677
Direct static code injection vulnerability in sysinfo.cgi in sysinfo 1.21 and possibly other versions before 2.25 allows remote attackers to execute arbitrary commands via a leading ; (semicolon) in the name parameter in a...
Sun Java Studio Enterprise 8, when installed as root, creates certain files with world-writable permissions, which allows local users to execute arbitrary commands via unspecified vectors. Date published : 2006-04-19 http://www.securityfocus.com/bid/17517 http://securitytracker.com/id?1015930
EAServer Manager in Sybase EAServer 5.2 and 5.3 allows remote authenticated users, possibly guests, to obtain password credentials of arbitrary users via unspecified vectors involving (1) connection caches, (2) open password prompts, and (3)...
SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is...
ip_route_input in Linux kernel 2.6 before 2.6.16.8 allows local users to cause a denial of service (panic) via a request for a route for a multicast IP address, which triggers a null dereference. Date...