Incomplete blacklist vulnerability in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to bypass SQL injection protection mechanisms by using commas, quote characters, pound sign (#) characters, "UNION," and "SELECT,"...
SQL injection vulnerability in bmc/Inc/core/admin/search.inc.php in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to execute arbitrary SQL commands via the blog parameter. Date published : 2006-07-24 http://www.securityfocus.com/archive/1/440306/100/0/threaded http://www.acid-root.new.fr/advisories/boastmachine.txt
Multiple cross-site scripting (XSS) vulnerabilities in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) user_login, (2) full_name, and (3) URL parameters...
The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication. Date published : 2006-07-24 http://www.securityfocus.com/bid/19108...
systeminfo.c for Sun Solaris allows local users to read kernel memory via a 0 variable count argument to the sysinfo system call, which causes a -1 argument to be used by the copyout function....
SQL injection vulnerability in index.php in GeodesicSolutions (1) GeoAuctions Premier 2.0.3 and (2) GeoClassifieds Basic 2.0.3 allows remote attackers to execute arbitrary SQL commands via the b parameter. Date published : 2006-07-24 http://www.securityfocus.com/bid/19093 http://www.securityfocus.com/bid/67078
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter. Date published : 2006-07-24 http://www.securityfocus.com/bid/19093 http://www.packetstormsecurity.org/0607-exploits/geoauctionsSQL.txt
Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.5.3 allow remote attackers to inject arbitrary web script or HTML via the (1) lang parameter in (a) index_list.php and (2) year, (3) month, and (4) day...
Cross-site scripting (XSS) vulnerability in loudblog/index.php in Loudblog before 0.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2006-07-24 http://www.securityfocus.com/bid/19082 http://loudblog.de/forum/viewtopic.php?id=756
Krusader 1.50-beta1 up to 1.70.0 stores passwords for remote connections in cleartext in the bookmark file (krbookmarks.xml), which allows attackers to steal passwords by obtaining the file. Date published : 2006-07-24 http://www.securityfocus.com/bid/19194 http://groups.google.com/group/krusader-news/browse_thread/thread/ec719041ed4a1a14
heartbeat.c in heartbeat before 2.0.6 sets insecure permissions in a shmget call for shared memory, which allows local users to cause an unspecified denial of service via unknown vectors, possibly during a short time...
Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data. Date published...
Cross-site scripting (XSS) vulnerability in Amazing Flash AFCommerce Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the "new review" text box. Date published : 2006-07-21 http://www.securityfocus.com/bid/19074 http://www.securityfocus.com/archive/1/440589/100/0/threaded
DeluxeBB 1.07 and earlier allows remote attackers to bypass SQL injection protection mechanisms via the login variable and certain other variables, by using lowercase "union select" or possibly other statements that do not match...