Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has...
Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length...
Stack-based buffer overflow in the SFX module in WinRAR before 3.60 beta 8 has unspecified vectors and impact. Date published : 2006-07-27 http://www.rarlabs.com/rarnew.htm https://www.exploit-db.com/exploits/1984
PHP remote file inclusion vulnerability in OSI Codes PHP Live! 3.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the css_path parameter in (1) help.php and (2) setup/header.php....
Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers...
Cross-site scripting (XSS) vulnerability in calendar.php in WWWthreads allows remote attackers to inject arbitrary web script or HTML via the week parameter. Date published : 2006-07-27 http://www.securityfocus.com/bid/19177 http://www.securityfocus.com/archive/1/441191/100/0/threaded
Format string vulnerability in the flush_output function in ConsoleStreambuf.cpp in Game Network Engine (GNE) 0.70 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute code via format string...
Siemens SpeedStream 2624 allows remote attackers to cause a denial of service (device hang) by sending a crafted packet to the web administrative interface. Date published : 2006-07-27 http://www.securityfocus.com/bid/19132 http://www.securityfocus.com/archive/1/440985/100/0/threaded
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE...
SQL injection vulnerability in Webland MyBloggie 2.1.3 allows remote attackers to execute arbitrary SQL commands via the (1) post_id parameter in index.php and (2) search function. Date published : 2006-07-27 http://marc.info/?l=bugtraq&m=114791192612460&w=2 http://www.securityfocus.com/archive/1/441356/100/0/threaded
SQL injection vulnerability in manager/index.php in Etomite CMS 0.6.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter. Date published : 2006-07-27 http://www.securityfocus.com/bid/19150 http://www.etomite.org/forums/index.php?showtopic=5706&st=0&p=35307&#entry35307
CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie. Date published : 2006-07-27 http://marc.info/?l=bugtraq&m=114791192612460&w=2 http://www.securityfocus.com/archive/1/441356/100/0/threaded
Cross-site scripting (XSS) vulnerability in index.php in phpFaber TopSites 2.0.9 allows remote attackers to inject arbitrary web script or HTML via the i_cat parameter. NOTE: the provenance of this information is unknown; the details...
Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a...