Opsware Network Automation System (NAS) 6.0 installs /etc/init.d/mysql with insecure permissions, which allows local users to read the root password for the MySQL MAX database or gain privileges by modifying /etc/init.d/mysql. Date published :...
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network...
Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF". Date published...
TippingPoint IPS running the TippingPoint Operating System (TOS) before 2.2.4.6519 allows remote attackers to "force the device into layer 2 fallback (L2FB)", causing a denial of service (page fault), via a malformed packet. Date...
OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed. Date published : 2006-07-26 http://www.securityfocus.com/bid/19199 http://www.sourcefire.com/services/advisories/sa072506.html
Cross-site scripting (XSS) vulnerability in index.php in Micro GuestBook allows remote attackers to execute arbitrary SQL commands via the (1) name or (2) comment ("text") fields. Date published : 2006-07-25 http://www.securityfocus.com/bid/19119 http://www.securityfocus.com/archive/1/440855/100/0/threaded
SQL injection vulnerability in upgradev1.php in X7 Chat 2.0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the old_prefix parameter. Date published : 2006-07-25 http://www.securityfocus.com/bid/19123 https://www.exploit-db.com/exploits/2068
** DISPUTED ** PHP remote file inclusion vulnerability in upgrader.php in Vanilla CMS 1.0.1 and earlier, when /conf/old_settings.php exists, allows remote attackers to execute arbitrary PHP code via a URL in the RootDirectory parameter....
Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2)...
Cross-site scripting (XSS) vulnerability in CGI wrapper for IP Calculator (IPCalc) 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI (REQUEST_URI environment variable), which is used in the actionurl...
PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP...
PHP remote file inclusion vulnerability in extadminmenus.class.php in the MultiBanners 1.0.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Date published : 2006-07-25 http://www.securityfocus.com/bid/19100 http://www.securityfocus.com/archive/1/440881/100/0/threaded
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive. Date published : 2006-07-25 http://www.securityfocus.com/bid/19043 http://www.rarlabs.com/rarnew.htm
Buffer overflow in Quick ‘n Easy FTP Server 3.0 allows remote authenticated users to execute arbitrary commands via a long argument to the LIST command, a different issue than CVE-2006-2027. Date published : 2006-07-25...