SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in. Date published : 2006-07-06 http://www.securityfocus.com/bid/18790 http://securitytracker.com/id?1016421
Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. Date...
Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code...
Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki before 1.1.2-20060702 allows remote attackers to inject arbitrary Javascript via the URL, which is reflected back in an error message, a variant of CVE-2004-1632. Date published...
The "change password forms" in Taskjitsu before 2.0.1 includes password hashes in hidden form fields, which allows remote attackers to obtain sensitive information from the (1) Category Editor and (2) User Information editor. Date...
Multiple cross-site scripting (XSS) vulnerabilities in Taskjitsu before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters, including the (1) title and (2) description parameters when creating a...
PHP remote file inclusion vulnerability in galleria.html.php in Galleria Mambo Module 1.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Date published :...
PHP remote file inclusion vulnerability in top.php in SiteBuilder-FX 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the admindir parameter. Date published : 2006-07-06 http://www.securityfocus.com/bid/18756 http://www.jaascois.com/exploits/18602017/
SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. Date published : 2006-07-06 http://www.securityfocus.com/bid/18765 https://www.exploit-db.com/exploits/1975
Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP...
Webmin before 1.290 and Usermin before 1.220 calls the simplify_path function before decoding HTML, which allows remote attackers to read arbitrary files, as demonstrated using "..%01" sequences, which bypass the removal of "../" sequences...
The Execute function in iMBCContents ActiveX Control before 2.0.0.59 allows remote attackers to execute arbitrary files via the file URI handler. Date published : 2006-07-06 http://www.securityfocus.com/bid/18848 http://www.osvdb.org/27049
WordPress 2.0.3 allows remote attackers to obtain the installation path via a direct request to various files, such as those in the (1) wp-admin, (2) wp-content, and (3) wp-includes directories, possibly due to uninitialized...
index.php in WordPress 2.0.3 allows remote attackers to obtain sensitive information, such as SQL table prefixes, via an invalid paged parameter, which displays the information in an SQL error message. NOTE: this issue has...