Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and...
Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter...
Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. Date published : 2006-05-04 http://www.securityfocus.com/bid/17794 http://pridels0.blogspot.com/2006/04/pinnacle-cart-xss.html
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. Date published : 2006-05-03 http://www.securityfocus.com/bid/17879...
Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. Date published : 2006-05-03 http://www.securityfocus.com/bid/17785 http://www.securityfocus.com/archive/1/432729/100/0/threaded
CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. Date published : 2006-05-03 http://www.securityfocus.com/bid/17787 http://www.securityfocus.com/archive/1/432729/100/0/threaded
Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables,...
SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". NOTE: This is a...
Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. (dot dot) sequences in the help_file parameter. Date published : 2006-05-03 http://www.securityfocus.com/bid/17777 http://www.securityfocus.com/archive/1/432716/100/0/threaded
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions. Date published...
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the File>Open dialog. Date...
Cross-site scripting (XSS) vulnerability in HTM_PASSWD in DirectAdmin Hosting Management allows remote attackers to inject arbitrary web script or HTML via the domain parameter. Date published : 2006-05-03 http://www.securityfocus.com/archive/1/432459/100/0/threaded http://www.aria-security.net/advisory/hm/directadmin.txt
PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. Date published : 2006-05-03 http://www.securityfocus.com/bid/17745...
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter. Date published : 2006-05-03 https://www.exploit-db.com/exploits/1722 https://www.exploit-db.com/exploits/1724