Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. Date published : 2006-09-13 http://www.securityfocus.com/bid/19992 http://www.securityfocus.com/archive/1/445877/100/0/threaded
PHP remote file inclusion vulnerability in menu.php in MiniPort@l 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skiny parameter. Date published : 2006-09-13 http://www.securityfocus.com/bid/19949 https://www.exploit-db.com/exploits/2343
PHP remote file inclusion vulnerability in abf_js.php in p4CMS 1.05 allows remote attackers to execute arbitrary PHP code via a URL in the abs_pfad parameter. Date published : 2006-09-13 http://www.securityfocus.com/bid/19971 https://www.exploit-db.com/exploits/2350
Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var,...
Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. (dot dot) sequence in the ide parameter in modify.php and (2)...
Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. (dot dot) in the ide parameter. Date published : 2006-09-13 http://www.securityfocus.com/archive/1/445818/100/0/threaded...
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window. Date published : 2006-09-13...
PHP remote file inclusion vulnerability in common.php in Thomas LETE WTools 0.0.1-ALPH allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. Date published : 2006-09-13 http://www.securityfocus.com/bid/19962 http://www.securityfocus.com/archive/1/445815/100/0/threaded
IBM Lotus Domino Web Access (DWA) 7.0.1 does not expire a client’s Lightweight Third-Party Authentication token (LtpaToken) upon logout, which allows remote attackers to obtain a user’s privileges by intercepting the LtpaToken cookie. Date...
Multiple cross-site scripting (XSS) vulnerabilities in Ykoon RssReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and Caleb...
Multiple cross-site scripting (XSS) vulnerabilities in Luke Hutteman SharpReader allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the Robert Auger and...
Multiple cross-site scripting (XSS) vulnerabilities in Benjamin Pasero and Tobias Eichert RSSOwl allow remote attackers to inject arbitrary web script or HTML via a web feed, as demonstrated by certain test cases of the...
PunBB 1.2.12 does not properly handle an avatar directory pathname ending in %00, which allows remote authenticated administrative users to upload arbitrary files and execute code, as demonstrated by a query to admin_options.php with...
phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/admin_board.php with an avatar_path parameter ending in .php%00....