Heap-based buffer overflow in the TZipTV component in (1) ZipTV for Delphi 7 2006.1.26 and for C++ Builder 2006-1.16, (2) PentaZip 8.5.1.190 and PentaSuite-PRO 8.5.1.221, and possibly other products, allows user-assisted attackers to execute...
System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename...
Heap-based buffer overflow in alwil avast! Anti-virus Engine before 4.7.869 allows remote attackers to execute arbitrary code via a crafted LHA file that contains extended headers with file and directory names whose concatenation triggers...
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI....
John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path...
PHP remote file inclusion vulnerability in annonce.php in AnnonceV (aka annoncesV) 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. Date published : 2006-09-06 http://www.securityfocus.com/bid/19854 http://www.securityfocus.com/archive/1/445199/100/0/threaded
PHP remote file inclusion vulnerability in settings.php in Pheap 1.2, and possibly earlier, allows remote attackers to execute arbitrary PHP code via a URL in the lpref parameter. NOTE: the provenance of this information...
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the...
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2)...
PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the...
Unrestricted file upload vulnerability in fileupload.html in vtiger CRM 4.2.4, and possibly earlier versions, allows remote attackers to upload and execute arbitrary files with executable extensions in the /cashe/mails folder. Date published : 2006-09-06...
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which...
Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%IMPlusimplus.cfg, which allows local users to obtain sensitive information by reading the file. Date published : 2006-09-06...
PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under HKEY_CURRENT_USERSoftwarePDAappsVeriChat. Date published : 2006-09-06 http://www.securityfocus.com/archive/1/445086/100/0/threaded...