PHP remote file inclusion vulnerability in install.serverstat.php in the Serverstat (com_serverstat) 0.4.4 and earlier component for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. Date published...
SQL injection vulnerability in default.asp (aka the login page) in ClickTech ClickBlog 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) form_codeword (aka the Password field) parameters. Date...
Multiple cross-site scripting (XSS) vulnerabilities in Roller WebLogger 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) url parameters; (4) certain content parameters in...
The DeviceSymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition...
The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table...
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745....
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive. Date published : 2006-09-19 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://www.securityfocus.com/bid/20101
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive. Date published : 2006-09-19 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html...
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index. Date published...
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly...
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference. Date published : 2006-09-19 http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html http://www.securityfocus.com/bid/20101
Usermin before 1.220 (20060629) allows remote attackers to read arbitrary files, possibly related to chfn/save.cgi not properly handling an empty shell parameter, which results in changing root’s shell instead of the shell of a...
** DISPUTED ** Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable." Date published :...
SQL injection vulnerability in kategorix.asp in Haberx 1.02 through 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in kategorihaberx.asp. Date published : 2006-09-18 http://www.securityfocus.com/bid/20038 https://www.exploit-db.com/exploits/2371