Multiple SQL injection vulnerabilities in index.asp in Ultimate Survey Pro allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) did parameter. Date published : 2006-11-30 http://www.securityfocus.com/archive/1/452554/100/0/threaded http://www.aria-security.com/forum/showthread.php?t=38
SQL injection vulnerability in edit.asp in BasicForum 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-11-30 http://www.securityfocus.com/bid/21293 https://www.exploit-db.com/exploits/2848
Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance...
SQL injection vulnerability in admin/edit.asp in 8pixel.net simpleblog 2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-11-30 https://www.exploit-db.com/exploits/2853 http://secunia.com/advisories/23098
SQL injection vulnerability in anna.pl in Anna^ IRC Bot before 0.30 (aka caprice) allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: it is possible that there are multiple issues. Date...
SQL injection vulnerability in displayCalendar.asp in ClickTech Click Blog allows remote attackers to execute arbitrary SQL commands via the date parameter. Date published : 2006-11-30 http://www.securityfocus.com/bid/21310 http://www.securityfocus.com/archive/1/452730/100/0/threaded
Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party...
Multiple SQL injection vulnerabilities in ClickTech Click Gallery allow remote attackers to execute arbitrary SQL commands via the (1) currentpage or (2) gallery_id parameter to (a) view_gallery.asp, the (3) image_id parameter to (b) download_image.asp,...
Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to (1) config.php, (2) ranklv_inside.php, (3) rankml_inside.php, and (4) admin/Restore/config.php. Date...
Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter to index.php. Date published : 2006-11-30 http://www.securityfocus.com/bid/21213 http://www.securityfocus.com/archive/1/452170/100/100/threaded
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a...
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in...
The Gabriele Teotino GNotebook 0.7.0.1 gadget for Google Desktop stores Gmail passwords in plaintext in the %SYSTEMDRIVE%tempGnotebook.txt log file, which allows local users to obtain passwords by reading the file. Date published : 2006-11-30...
Multiple SQL injection vulnerabilities in default.asp in ClickTech ClickContact allow remote attackers to execute arbitrary SQL commands via the (1) AlphaSort, (2) In, and (3) orderby parameters. Date published : 2006-11-30 http://www.securityfocus.com/bid/21302 http://www.securityfocus.com/archive/1/452825/100/0/threaded