Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain path information via a direct request for (1) sdk/blanks/formcontrol.php and (2) sdk/blanks/file_modules.php. Date published : 2007-04-25 http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10 http://osvdb.org/38842
Directory traversal vulnerability in iconspopup.php in Exponent CMS 0.96.6 Alpha and earlier allows remote attackers to obtain sensitive information via a .. (dot dot) in the icodir parameter. Date published : 2007-04-25 http://www.securityfocus.com/bid/23574 http://www.bugtraq.ir/articles/advisory/exponent_multiple_vulnerabilities/10
Unspecified vulnerability in the Roles module in Xaraya 1.1.2 and earlier allows attackers to gain privileges via unspecified vectors, probably related to incorrect permission checking in xartemplates/user-view.xd. Date published : 2007-04-25 http://www.securityfocus.com/bid/23631 http://sourceforge.net/project/shownotes.php?release_id=503035
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. Date published : 2007-04-25 http://www.securityfocus.com/bid/23616 http://www.securityfocus.com/archive/1/466286/100/0/threaded
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. Date published : 2007-04-25 http://www.securityfocus.com/bid/23616 http://www.securityfocus.com/archive/1/466286/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id...
SQL injection vulnerability in modules/news/article.php in phpMySpace Gold 8.10 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. Date published : 2007-04-25 http://www.securityfocus.com/bid/23602 http://www.securityfocus.com/archive/1/466706/100/0/threaded
Unspecified vulnerability in HP-UX B.11.00 and B.11.11, when running sendmail 8.9.3 or 8.11.1; and HP-UX B.11.23 when running sendmail 8.11.1; allows remote attackers to cause a denial of service via unknown attack vectors. NOTE:...
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.10.1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the fieldkey parameter to browse_foreigners.php or (2) certain input to the PMA_sanitize function....
Multiple buffer overflows in Adobe Photoshop CS2 and CS3, Illustrator CS3, and GoLive 9 allow user-assisted remote attackers to execute arbitrary code via a crafted (1) BMP, (2) DIB, or (3) RLE file. Date...
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists,...
The IPv6 protocol allows remote attackers to cause a denial of service via crafted IPv6 type 0 route headers (IPV6_RTHDR_TYPE_0) that create network amplification between two routers. Date published : 2007-04-25 http://www.securityfocus.com/bid/23615 http://www.securityfocus.com/archive/1/467939/30/6690/threaded
footer.php in PunBB 1.2.14 and earlier allows remote attackers to include local files in include/user/ via a cross-site scripting (XSS) attack, or via the pun_include tag, as demonstrated by use of admin_options.php to execute...
Multiple cross-site scripting (XSS) vulnerabilities in PunBB 1.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Referer HTTP header to misc.php or the (2) category name when...