Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter. Date published : 2007-04-12 http://www.securityfocus.com/archive/1/465082/100/0/threaded http://osvdb.org/35049
PHP remote file inclusion vulnerability in index.php in Request It 1.0b allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. Date published : 2007-04-12 http://www.securityfocus.com/bid/23370 http://www.securityfocus.com/archive/1/465081/100/0/threaded
PHP remote file inclusion vulnerability in include/blocks/week_events.php in MyNews 4.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter, a different vector than CVE-2007-0633. Date published : 2007-04-12...
Cross-site scripting (XSS) vulnerability in index.php in JEx-Treme Einfacher Passworschutz allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Date published : 2007-04-12 http://www.securityfocus.com/bid/23395 http://hackberry.ath.cx/research/1.txt
Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive. Date published...
Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter. Date published : 2007-04-12 http://www.securityfocus.com/bid/23381 http://www.securityfocus.com/archive/1/465089/100/0/threaded
Double free vulnerability in bftpd before 1.8 allows remote authenticated users to cause a denial of service (daemon crash) via a (1) get or (2) mget command. Date published : 2007-04-12 http://www.securityfocus.com/bid/23406 http://bftpd.sourceforge.net/
PHP remote file inclusion vulnerability in index.php in SimpCMS Light 04.10.2007 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site parameter. Date published : 2007-04-12 http://www.securityfocus.com/bid/23439 http://www.securityfocus.com/archive/1/465343/100/100/threaded
Directory traversal vulnerability in admin.php in pL-PHP beta 0.9 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. Date published : 2007-04-12 http://www.securityfocus.com/archive/1/465340/100/0/threaded https://www.exploit-db.com/exploits/3704
admin.php in pL-PHP beta 0.9 allows remote attackers to bypass authentication by setting the is_admin parameter to 1. Date published : 2007-04-12 http://www.securityfocus.com/archive/1/465340/100/0/threaded https://www.exploit-db.com/exploits/3704
Multiple SQL injection vulnerabilities in login.php in pL-PHP beta 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) pass parameter. Date published : 2007-04-12 http://www.securityfocus.com/archive/1/465340/100/0/threaded https://www.exploit-db.com/exploits/3704
Multiple PHP remote file inclusion vulnerabilities in the Taskhopper 1.1 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) contact_type.php, (2)...
Multiple SQL injection vulnerabilities in InoutMailingListManager 3.1 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter to changename.php and other unspecified vectors. Date published : 2007-04-12 https://www.exploit-db.com/exploits/3702 http://secunia.com/advisories/24842
InoutMailingListManager 3.1 and earlier sends a Location redirect header but does not exit after an authorization check fails, which allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code,...