viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter. Date published : 2006-05-21 http://www.securityfocus.com/bid/13716 http://marc.info/?l=bugtraq&m=111695779919830&w=2
Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to...
Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier,...
Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. NOTE: if this issue is limited to administrators, and...
SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field. Date published : 2006-05-19 http://www.securityfocus.com/bid/18031 http://www.securityfocus.com/archive/1/434730/100/0/threaded
Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. Date published :...
Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. Date published : 2006-05-19 http://www.securityfocus.com/bid/18026...
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. Date published : 2006-05-19...
Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file. Date published : 2006-05-19 http://www.securityfocus.com/bid/18039 https://www.exploit-db.com/exploits/1806
Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object...
Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly...
Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script...
Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length)...