Multiple SQL injection vulnerabilities in an unspecified BPG-InfoTech Content Management System product allow remote attackers to execute arbitrary SQL commands via the (1) vjob parameter in publications_list.asp or (2) InfoID parameter in publication_view.asp. Date...
Multiple SQL injection vulnerabilities in CandyPress Store 3.5.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) policy parameter in openPolicy.asp or the (2) brand parameter in prodList.asp. Date published : 2006-11-26...
Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Date published : 2006-11-26 http://www.securityfocus.com/bid/21146/info http://jvn.jp/jp/JVN%2361543834/index.html
PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. Date published : 2006-11-26 http://www.securityfocus.com/bid/21244...
pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. Date published : 2006-11-26 http://www.securityfocus.com/bid/17897 http://www.securityfocus.com/bid/21299
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled...
Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. Date published : 2006-11-24 http://www.securityfocus.com/bid/21167 http://marc.info/?l=bugtraq&m=116387481223790&w=2
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) articleID parameter to activenews_view.asp or the (2) page parameter to default.asp. NOTE: the activeNews_categories.asp and activeNews_comments.asp...
Multiple SQL injection vulnerabilities in ActiveNews Manager allow remote attackers to execute arbitrary SQL commands via the (1) catID parameter to activeNews_categories.asp, the (2) articleID parameter to activeNews_comments.asp, or the (3) query parameter to...
Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters. Date published...
Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID,...
Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2006-11-24 http://www.securityfocus.com/bid/21243 http://sourceforge.net/project/shownotes.php?release_id=465519&group_id=182536
Multiple SQL injection vulnerabilities in BaalAsp forum allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to (a) adminlogin.asp, the (2) name or (3) password parameter to (b) userlogin.asp, or...
Multiple cross-site scripting (XSS) vulnerabilities in addpost1.asp in BaalAsp forum allow remote attackers to inject arbitrary web script or HTML via the (1) title (Subject), (2) groupname (Group Name), or (3) detail (Message) field....