Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. NOTE: some sources have reported this as a vulnerability in the...
SQL injection vulnerability in list.asp in Softwebs Nepal (aka Ananda Raj Pandey) Ananda Real Estate 3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the agent parameter. Date published : 2006-12-28...
SQL injection vulnerability in newsdetail.asp in Enthrallweb eMates 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. Date published : 2006-12-28 https://www.exploit-db.com/exploits/2990 http://secunia.com/advisories/23521
SQL injection vulnerability in newsdetail.asp in Enthrallweb eJobs allows remote attackers to execute arbitrary SQL commands via the ID parameter. Date published : 2006-12-28 https://www.exploit-db.com/exploits/2988 http://secunia.com/advisories/23520
SQL injection vulnerability in bus_details.asp in Dragon Business Directory – Pro (aka Dragon Internet Business Search Directory – Pro) 3.01.12 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter....
SQL injection vulnerability in Types.asp in Enthrallweb eCars 1.0 allows remote attackers to execute arbitrary SQL commands via the Type_id parameter. Date published : 2006-12-28 http://www.securityfocus.com/bid/21748 https://www.exploit-db.com/exploits/2989
SQL injection vulnerability in actualpic.asp in Enthrallweb ePages allows remote attackers to execute arbitrary SQL commands via the Biz_ID parameter. Date published : 2006-12-28 http://www.securityfocus.com/bid/21750 https://www.exploit-db.com/exploits/2991
PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter. Date published : 2006-12-28 http://www.securityfocus.com/bid/21761 https://www.exploit-db.com/exploits/2984
PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. Date published : 2006-12-28 http://www.securityfocus.com/bid/21798...
SQL injection vulnerability in Cacti 0.8.6i and earlier, when register_argc_argv is enabled, allows remote attackers to execute arbitrary SQL commands via the (1) second or (2) third arguments to cmd.php. NOTE: this issue can...
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status...
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which...
PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter. Date published : 2006-12-27 http://www.securityfocus.com/bid/21770 https://www.exploit-db.com/exploits/3005
PHP remote file inclusion vulnerability in gallery/displayCategory.php in the My_eGallery 2.5.6 module in myPHPNuke (MPN) allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. Date published : 2006-12-27...