Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. Date published : 2006-04-26 http://www.securityfocus.com/bid/17685...
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter. Date published : 2006-04-26 http://www.securityfocus.com/bid/17697 http://www.securityfocus.com/archive/1/432010/100/0/threaded
Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. Date published : 2006-04-26 http://www.securityfocus.com/bid/17697 http://www.securityfocus.com/archive/1/432010/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. NOTE:...
Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5)...
Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3)...
The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable...
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has a default username of admin and a default password of admin. Date published : 2006-04-26 http://www.securityfocus.com/bid/17698 http://www.securityfocus.com/archive/1/432007/100/0/threaded
na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 allows local users to gain Unix shell access via "`" (backtick) characters in the appliance’s command line interface (CLI). Date published : 2006-04-26 http://www.securityfocus.com/bid/17698 http://www.securityfocus.com/archive/1/432007/100/0/threaded
PhpWebGallery before 1.6.0RC1 allows remote attackers to obtain arbitrary pictures via a request to picture.php without specifying the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third...
Multiple SQL injection vulnerabilities in photokorn 1.53 and 1.542 allow remote attackers to execute arbitrary SQL commands via the (1) cat, (2) pic and (3) page parameter in index.php; (4) id parameter in postcard.php;...
Multiple SQL injection vulnerabilities in the osTicket module in Help Center Live before 2.1.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2006-04-26 http://www.securityfocus.com/bid/17676 http://sourceforge.net/project/shownotes.php?release_id=411859
Multiple SQL injection vulnerabilities in ampleShop 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) RecordID parameter in (a) Customeraddresses_RecordAction.cfm and (b) youraccount.cfm; (2) solus parameter in (c) detail.cfm;...
Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter. Date published : 2006-04-26 http://www.securityfocus.com/bid/17627 http://www.securityfocus.com/archive/1/431509/100/0/threaded