Cross-site scripting (XSS) vulnerability in Invision Power Board (IP.Board) 2.1.x and 2.2.x allows remote attackers to inject arbitrary web script or HTML by uploading crafted images or PDF files. Date published : 2007-04-30 http://forums.invisionpower.com/index.php?showtopic=234377...
AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown...
Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b)...
Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response...
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. Date published : 2007-04-30 http://www.securityfocus.com/bid/23656 http://www.debian.org/security/2007/dsa-1281
mirror –script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue...
PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. Date published :...
Multiple PHP remote file inclusion vulnerabilities in PHP-Generics 1.0 beta allow remote attackers to execute arbitrary PHP code via a URL in the _APP_RELATIVE_PATH parameter to (1) include.php, (2) dbcommon/include.php, and (3) exception/include.php. Date...
PHP remote file inclusion vulnerability in include/include_stream.inc.php in CodeWand phpBrowse allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. Date published : 2007-04-27 http://www.securityfocus.com/bid/23329 https://www.exploit-db.com/exploits/3668
The BOOTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, on Windows allows remote attackers to cause a denial of service (daemon crash) via a UDP packet that...
Stack-based buffer overflow in the TFTPD component in Enterasys NetSight Console 2.1 and NetSight Inventory Manager 2.1, and possibly earlier, allows remote attackers to execute arbitrary code via crafted request packets that contain long...
SQL injection vulnerability in error.asp in CreaScripts CreaDirectory 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-6083. Date published : 2007-04-27 http://www.securityfocus.com/bid/23564 https://www.exploit-db.com/exploits/3767
PHP remote file inclusion vulnerability in suite/index.php in phpBandManager 0.8 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. Date published : 2007-04-27 http://www.securityfocus.com/bid/23673 https://www.exploit-db.com/exploits/3802
Multiple PHP remote file inclusion vulnerabilities in inc/include_all.inc.php in phporacleview allow remote attackers to execute arbitrary PHP code via a URL in the (1) page_dir or (2) inc_dir parameters. Date published : 2007-04-27 http://www.securityfocus.com/bid/23672...