Cross-site scripting (XSS) vulnerability in fm.php in ONEdotOH Simple File Manager (SFM) 0.24a and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18534...
pipe_master in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 (built May 14 2003) allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the...
index.php in Eduha Meeting does not properly restrict file extensions before permitting a file upload, which allows remote attackers to bypass security checks and upload or execute arbitrary php code via the add action....
Cross-site scripting (XSS) vulnerability in index.php in Thinkfactory UltimateGoogle 1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18569 http://pridels0.blogspot.com/2006/06/ultimategoogle-xss-vuln.html
Cross-site scripting (XSS) vulnerability in index.cgi in Ultimate eShop 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the subid parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18577 http://pridels0.blogspot.com/2006/06/ultimate-eshop-xss-vuln.html
Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in (a) emailtofriend.pl or (b) violation.pl, (2) seller...
SQL injection vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18573 http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html
Cross-site scripting (XSS) vulnerability in index.pl in Ultimate Estate 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18573 http://pridels0.blogspot.com/2006/06/ultimate-estate-vuln.html
Multiple SQL injection vulnerabilities in phpTRADER 4.9 SP5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sectio parameter in (a) login.php, (b) write_newad.php, (c) newad.php, (d) printad.php, (e) askseller.php,...
Cross-site scripting (XSS) vulnerability in index.php in AssoCIateD (aka ACID) 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18541 http://pridels0.blogspot.com/2006/06/associated-xss-vuln.html
SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18533 http://pridels0.blogspot.com/2006/06/cavoxcms-sql-injection-vuln.html
Cross-site scripting (XSS) vulnerability in topic.php in phpMyForum 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the highlight parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18542 http://pridels0.blogspot.com/2006/06/phpmyforum-413-xss-vuln.html
SQL injection vulnerability, possibly in search.inc.php, in Open-Realty 2.3.1 allows remote attackers to execute arbitrary SQL commands via the sorttype parameter to index.php. Date published : 2006-06-22 http://www.securityfocus.com/bid/18545 http://pridels0.blogspot.com/2006/06/open-realty-sql-injection-vuln.html
Unspecified vulnerability in Hosting Controller before 6.1 (aka Hotfix 3.2) allows remote authenticated attackers to gain host admin privileges, list all resellers, or change resellers’ passwords via unspecified vectors. NOTE: due to the lack...