Unspecified vulnerability in the rating section in PostNuke 0.764 has unknown impact and attack vectors, related to "an interesting bug." Date published : 2007-01-19 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://www.hackers.ir/advisories/festival.txt
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable. Date published : 2007-01-19 http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911
Cross-site scripting (XSS) vulnerability in preview in the reviews section in PostNuke 0.764 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-01-19 http://www.securityfocus.com/bid/22119 http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke
** DISPUTED ** WDaemon 9.5.4 allows remote attackers to access the /WorldClient.dll URI on TCP port 3000, which has unknown impact. NOTE: The researcher reports that the vendor response was "this is not a...
Multiple SQL injection vulnerabilities in letterman.class.php in the Letterman 1.2.3 (com_letterman) component for Joomla! before 1.0.12 allow remote attackers to execute arbitrary SQL commands via the id parameter, related to the (1) lm_sendMail, (2)...
Multiple SQL injection vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: CVE analysis suggests that the vendor fixed these issues. Date published : 2007-01-19 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://www.atutor.ca/atutor/mantis/changelog_page.php
DocMan 1.3 RC2 allows remote attackers to obtain sensitive information (the full path) via unspecified vectors. Date published : 2007-01-19 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://www.hackers.ir/advisories/festival.txt
Cross-site scripting (XSS) vulnerability in DocMan 1.3 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-01-19 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://www.hackers.ir/advisories/festival.txt
Multiple SQL injection vulnerabilities in DocMan 1.3 RC2 allow attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2007-01-19 http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html http://www.hackers.ir/advisories/festival.txt
Multiple SQL injection vulnerabilities in Xoops 2.0.16 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in kernel/group.php in core, (2) the lid parameter in class/table_broken.php in the Weblinks module,...
Cross-site scripting (XSS) vulnerability in Virtuemart 1.0.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-01-19 http://www.securityfocus.com/bid/22123 http://www.securityfocus.com/archive/1/459195/100/0/threaded
Joomla! 1.5.0 Beta allows remote attackers to obtain sensitive information via a direct request for (1) plugins/user/example.php; (2) gmail.php, (3) example.php, or (4) ldap.php in plugins/authentication/; (5) modules/mod_mainmenu/menu.php; or other unspecified PHP scripts, which...
SQL injection vulnerability in (1) Joomla! 1.0.11 and 1.5 Beta, and (2) Mambo 4.6.1, allows remote attackers to execute arbitrary SQL commands via the id parameter when cancelling content editing. Date published : 2007-01-19...
Multiple SQL injection vulnerabilities in Joomla! 1.5.0 Beta allow remote attackers to execute arbitrary SQL commands via (1) the searchword parameter in certain files; the where parameter in (2) plugins/search/content.php or (3) plugins/search/weblinks.php; the...