InoutMailingListManager 3.1 and earlier allows remote attackers to access certain restricted functionality, and upload and execute arbitrary PHP code, by setting an arbitrary admin cookie. Date published : 2007-04-12 https://www.exploit-db.com/exploits/3702 http://secunia.com/advisories/24842
Multiple direct static code injection vulnerabilities in admin/configurer2.php in Crea-Book 1.0 and earlier allow remote authenticated administrators to execute arbitrary PHP code via the "Fond de la page" (background color) field and other unspecified...
Multiple SQL injection vulnerabilities in admin/admin.php in Crea-Book 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pseudo or (2) passe parameter. Date published : 2007-04-12 https://www.exploit-db.com/exploits/3701 http://www.osvdb.org/34816
PHP remote file inclusion vulnerability in index.php in Weatimages 1.7.1 and earlier, when weatimages.ini is missing, allows remote attackers to execute arbitrary PHP code via a URL in the ini[langpack] parameter. Date published :...
Direct static code injection vulnerability in HIOX Guest Book (HGB) 4.0 allows remote attackers to inject arbitrary PHP code via the Email field, which results in code execution through a direct request to gb.php....
PHP remote file inclusion vulnerability in codebreak.php in CodeBreak, probably 1.1.2 and earlier, allows remote attackers to execute arbitrary PHP code via a URL in the process_method parameter. Date published : 2007-04-12 http://www.securityfocus.com/bid/23425 http://www.securityfocus.com/archive/1/465382/100/0/threaded
bgpd/bgp_attr.c in Quagga 0.98.6 and earlier, and 0.99.6 and earlier 0.99 versions, does not validate length values in the MP_REACH_NLRI and MP_UNREACH_NLRI attributes, which allows remote attackers to cause a denial of service (daemon...
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.00 allows local users to cause a denial of service via unknown vectors. NOTE: due to lack of vendor details,...
Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed...
Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1)...
Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927. Date published...
PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than...
Multiple cross-site scripting (XSS) vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) post_id parameter to ecrire/trackback.php or the (2) tool_url parameter to tools/thememng/index.php. NOTE:...
Cross-site scripting (XSS) vulnerability in kernel/filters.inc.php in PHPEcho CMS 2.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2007-04-11 http://www.securityfocus.com/archive/1/464707/100/0/threaded http://osvdb.org/35262