Multiple SQL injection vulnerabilities in index.php in phpFaber TopSites 2.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) i_cat or (2) method parameters. Date published : 2006-07-21 http://www.securityfocus.com/bid/19097 http://www.securityfocus.com/archive/1/440648/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in Top XL 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pass and (2) pass2 parameters in (a) add.php or the...
admin/gallery_admin.php in planetGallery before 14.07.2006 allows remote attackers to execute arbitrary PHP code by uploading files with a double extension and directly accessing the file in the images directory, which bypasses a regular expression...
Cross-site scripting (XSS) vulnerability in showprofile.php in Darren’s $5 Script Archive osDate 1.1.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the onerror attribute in an HTML IMG tag...
Darren’s $5 Script Archive osDate 1.1.7 and earlier allows users to boost their own ratings via a txtrating parameter with a score greater than the intended maximum of 10. Date published : 2006-07-20 http://www.securityfocus.com/archive/1/440490/100/0/threaded...
Multiple cross-site scripting (XSS) vulnerabilities in Huttenlocher Webdesign hwdeGUEST 2.1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated by the "name input" field in new_entry.php....
Till Gerken phpPolls 1.0.3 allows remote attackers to create a new poll via a direct request to phpPollAdmin.php3 with the poll_action parameter set to create. Date published : 2006-07-20 http://www.securityfocus.com/archive/1/439625/100/0/threaded http://securityreason.com/securityalert/1269
SQL injection vulnerability in category.php in Diesel Joke Site allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-07-20 http://www.securityfocus.com/bid/18760 http://archives.neohapsis.com/archives/bugtraq/2006-05/0497.html
The Touch Control ActiveX control 2.0.0.55 allows remote attackers to read and possibly execute arbitrary files via a "file///" URI in the sPath parameter to the Execute function. Date published : 2006-07-20 http://www.securityfocus.com/archive/1/439154/100/100/threaded
Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.0 RC2 through 1.1.4 allows remote attackers to inject arbitrary web script or HTML via a javascript URI with an SGML numeric character reference...
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.4 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2006-07-20 http://community.mybboard.net/showthread.php?tid=10115 http://www.mybboard.com/archive.php?nid=15
Unspecified vulnerability in MyBB (aka MyBulletinBoard) 1.1.4, related has unspecified impact and attack vectors related to "user group manipulation." Date published : 2006-07-20 http://community.mybboard.net/showthread.php?tid=10115 http://www.mybboard.com/archive.php?nid=15
inc/init.php in Archive Mode (Light) in MyBB (aka MyBulletinBoard) 1.1.4 calls the extract function with EXTR_OVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an...
index.php in Zen Cart 1.3.0.2 allows remote attackers to obtain sensitive information via empty (1) _GET[], (2) _SESSION[], (3) _POST[], (4) _COOKIE[], or (5) _SESSION[] array parameters, which reveals the installation path in an...