Cross-site scripting (XSS) vulnerability in newthread.php in MyBB (aka MyBulletinBoard) 1.10, when configured to permit new threads by unregistered users, allows remote attackers to inject arbitrary web script or HTML via the username. Date...
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode img tag. NOTE: the email vector...
Multiple directory traversal vulnerabilities in Christian Kindahl TUGZip 3.4.0.0, 3.3.0.0, and 3.1.0.2 allow user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted (1)...
CRLF injection vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject HTTP headers via hex-encoded CRLF sequences in the type parameter. Date published : 2006-04-11 http://www.securityfocus.com/bid/17420 http://www.securityfocus.com/archive/1/430480/100/0/threaded
Cross-site scripting (XSS) vulnerability in index.php in Christoph Roeder phpMyForum 4.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2006-04-11 http://www.securityfocus.com/bid/17420 http://www.securityfocus.com/archive/1/430480/100/0/threaded
Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument. Date published : 2006-04-11 http://www.securityfocus.com/bid/17403 http://www.mail-archive.com/mailman-checkins@python.org/msg06273.html
Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits. Date published : 2006-04-11 http://www.securityfocus.com/bid/17484 https://svn.plone.org/svn/plone/PloneHotfix20060410/trunk/README.txt
SQL injection vulnerability in admin.php in Design Nation DNGuestbook 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) email and (2) id parameters. Date published : 2006-04-11 http://www.securityfocus.com/bid/17435 https://www.exploit-db.com/exploits/1653
Cross-site scripting (XSS) vulnerability in shop_main.cgi in interaktiv.shop 5 allows remote attackers to inject arbitrary web script or HTML via the (1) pn and (2) sbeg parameters. Date published : 2006-04-11 http://www.securityfocus.com/bid/17485 http://pridels0.blogspot.com/2006/04/interaktivshop-v5-xss-vuln.html
SQL injection vulnerability in member.php in Clansys 1.1 allows remote attackers to execute arbitrary SQL commands via the showid parameter in the member page to index.php. Date published : 2006-04-11 http://www.securityfocus.com/bid/17456 https://www.exploit-db.com/exploits/1662
index.php in Shopweezle 2.0 allows remote attackers to include arbitrary local files via the url parameter. Date published : 2006-04-11 http://pridels0.blogspot.com/2006/04/shopweezle-20-multiple-vuln.html http://www.osvdb.org/24474
Multiple SQL injection vulnerabilities in Shopweezle 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) login.php and (b) memo.php; and the (2) itemgr, (3) brandID, and (4)...
Oracle Database 9.2.0.0 to 10.2.0.3 allows local users with "SELECT" privileges for a base table to insert, update, or delete data by creating a crafted view then performing the operations on that view. Date...
Sire 2.0 nws allows remote attackers to upload arbitrary image files without authentication via a direct request to upload.php. Date published : 2006-04-11 http://www.securityfocus.com/bid/17431 http://www.securityfocus.com/archive/1/430301/100/0/threaded