Cross-site scripting (XSS) vulnerability in search.html in Bulletin Board Elite-Board (E-Board) 1.1 allows remote attackers to inject arbitrary web script or HTML via the search box. Date published : 2006-05-30 http://www.securityfocus.com/bid/18103 http://www.securityfocus.com/archive/1/435013/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in Realty Pro One allow remote attackers to inject arbitrary web script or HTML via the (1) listingid parameter to (a) images.php, (b) index_other.php, or (c) request_info.php; (2) propertyid...
SQL injection vulnerability in ChatPat 1.0 allows remote attackers to execute arbitrary SQL commands via the nickname field. Date published : 2006-05-30 http://www.securityfocus.com/archive/1/435006/100/0/threaded http://secunia.com/advisories/20290
Multiple cross-site scripting (XSS) vulnerabilities in ChatPat 1.0 allow remote attackers to inject arbitrary web script or HTML via a chat message in (1) fastchat.php and (2) fastshow.php. Date published : 2006-05-30 http://www.securityfocus.com/archive/1/435006/100/0/threaded http://secunia.com/advisories/20290
Multiple cross-site scripting (XSS) vulnerabilities in Pre Shopping Mall 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) search parameter in search.php (the "search box"), (2) the prodid parameter...
Multiple PHP remote file inclusion vulnerabilities in Docebo LMS 2.05 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) modules/credits/business.php, (2) modules/credits/credits.php, or (3) modules/credits/help.php. Date...
Direct static code injection vulnerability in WordPress 2.0.2 and earlier allows remote attackers to execute arbitrary commands by inserting a carriage return and PHP code when updating a profile, which is appended after a...
PHP remote file inclusion vulnerability in includes/mailaccess/pop3.php in V-Webmail 1.5 through 1.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. Date published : 2006-05-30 http://www.securityfocus.com/bid/30164 https://www.exploit-db.com/exploits/1827
PHP remote file inclusion vulnerability in includes/mailaccess/pop3/core.php in V-Webmail 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[pear_dir] parameter. Date published : 2006-05-30 http://www.securityfocus.com/bid/30164 https://www.exploit-db.com/exploits/1827
Cross-site scripting (XSS) vulnerability in iFdate 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password fields, or certain other input text boxes. Date published : 2006-05-30...
Multiple cross-site scripting (XSS) vulnerabilities in iFlance 1.1 allow remote attackers to inject arbitrary web script or HTML via certain inputs to (1) acc_verify.php or (2) project.php. Date published : 2006-05-30 http://www.securityfocus.com/archive/1/435036/100/0/threaded http://www.osvdb.org/26043
ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. Date published : 2006-05-30 http://www.securityfocus.com/bid/18329 http://www.securityfocus.com/archive/1/436836/100/0/threaded
libs/comverp.c in Courier MTA before 0.53.2 allows attackers to cause a denial of service (CPU consumption) via unknown vectors involving usernames that contain the "=" (equals) character, which is not properly handled during encoding....
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a...