SQL injection vulnerability in pocategories.php in MaxTrade 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) categori and (2) stranica parameters. Date published : 2006-05-01 http://www.securityfocus.com/bid/17765 http://pridels0.blogspot.com/2006/04/maxtrade-sql-inj.html
Multiple cross-site scripting (XSS) vulnerabilities in SunShop 3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) prevaction, (2) previd, (3) prevstart, (4) itemid, (5) id, and (6)...
Multiple SQL injection vulnerabilities in the report interface in Network Administration Visualized (NAV) before 3.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2006-05-01 http://www.securityfocus.com/bid/17734 http://sourceforge.net/project/shownotes.php?release_id=413412
PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since...
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different...
The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds...
PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter. Date published : 2006-05-01 http://www.securityfocus.com/bid/17736 http://www.securityfocus.com/archive/1/432397/100/0/threaded
JMK’s Picture Gallery allows remote attackers to bypass authentication via a direct request to admin_gallery.php3, possibly related to the add action. Date published : 2006-05-01 http://www.securityfocus.com/bid/17755 http://www.securityfocus.com/archive/1/432575/100/0/threaded
Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page. Date published : 2006-05-01 http://www.securityfocus.com/bid/17746 http://www.securityfocus.com/archive/1/432588/100/0/threaded
planetGallery allows remote attackers to gain administrator privileges via a direct request to admin/gallery_admin.php. Date published : 2006-05-01 http://www.securityfocus.com/bid/17753 http://www.securityfocus.com/archive/1/432576/100/0/threaded
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call. Date published : 2006-05-01 http://www.securityfocus.com/bid/17737 http://www.securityfocus.com/archive/1/432362/100/0/threaded
Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request. Date published : 2006-05-01 http://www.securityfocus.com/bid/17737 http://www.securityfocus.com/archive/1/432362/100/0/threaded
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7,...
Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root....