PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. Date published : 2006-07-06 http://www.securityfocus.com/bid/18809...
Unspecified vulnerability in the client/bin/logfetch script in Hobbit 4.2-beta allows local users to read arbitrary files, related to logfetch running as setuid root. Date published : 2006-07-06 http://www.securityfocus.com/bid/18752 http://www.securityfocus.com/archive/1/438818/100/0/threaded
Apple Safari 2.0.4/419.3 allows remote attackers to cause a denial of service (application crash) via a DHTML setAttributeNode function call with zero arguments, which triggers a null dereference. Date published : 2006-07-06 http://www.securityfocus.com/bid/18822 http://browserfun.blogspot.com/2006/07/mobb-5-dhtml-setattributenode.html
Eupla Foros 1.0 stores the inc/config.inc file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. Date published : 2006-07-06 http://www.securityfocus.com/bid/18817 http://www.securityfocus.com/archive/1/438964/100/0/threaded
Blueboy 1.0.3 stores bb_news_config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. Date published : 2006-07-06 http://www.securityfocus.com/archive/1/438964/100/0/threaded http://securityreason.com/securityalert/1192
Kamikaze-QSCM 0.1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. Date published : 2006-07-06 http://www.securityfocus.com/bid/18816 http://www.securityfocus.com/archive/1/438964/100/0/threaded
Efone 20000723 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information. Date published : 2006-07-06 http://www.securityfocus.com/bid/18811 http://www.securityfocus.com/archive/1/438964/100/0/threaded
Mp3 JudeBox Server (Mp3NetBox) Beta 1 stores config.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information, including the database configuration. Date published : 2006-07-06 http://www.securityfocus.com/archive/1/438964/100/0/threaded...
Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in...
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to...
SQL injection vulnerability in index.php in the NP_SEO plugin in BLOG:CMS before 4.1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-07-06 http://www.securityfocus.com/archive/1/438603/100/100/threaded http://blogcms.com/wiki/changelog
PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter. Date published : 2006-07-06 http://www.securityfocus.com/bid/18792...
Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when...
PHP remote file inclusion vulnerability in Stud.IP 1.3.0-2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) _PHPLIB[libdir] parameter in studip-phplib/oohforms.inc and (2) ABSOLUTE_PATH_STUDIP parameter in...