Heap-based buffer overflow in LEAD Technologies LEADTOOLS ISIS ActiveX Control (ltisi14E.ocx) 14.5.0.44 and earlier allows remote attackers to execute arbitrary code via a long DriverName property. Date published : 2007-05-22 http://www.securityfocus.com/bid/24093 http://moaxb.blogspot.com/2007/05/moaxb-22-leadtools-isis-control.html
PHP remote file inclusion vulnerability in lib/addressbook.php in Madirish Webmail 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter. Date published : 2007-05-22 http://www.securityfocus.com/bid/24059 https://www.exploit-db.com/exploits/4031
Multiple cross-site scripting (XSS) vulnerabilities in ReadMsg.php in @Mail 5.02 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving (1) links and (2) images. Date published :...
SQL injection vulnerability in paypal.php in AlstraSoft E-Friends 4.21 and earlier allows remote attackers to execute arbitrary SQL commands via the pack parameter in a paypal action for index.php. Date published : 2007-05-22 http://www.securityfocus.com/bid/24067...
Multiple buffer overflows in HT Editor before 2.0.6 might allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the editor display width. NOTE: some of the details were obtained from third...
TutorialCMS 1.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication via the (1) loggedIn and (2) activated parameters to (a) login.php, (b) headerLinks.php, (c) submit1.php, (d) myFav.php, and (e) userCP.php....
SQL injection vulnerability in wp-admin/admin-ajax.php in WordPress before 2.2 allows remote attackers to execute arbitrary SQL commands via the cookie parameter. Date published : 2007-05-22 http://www.securityfocus.com/bid/24076 http://www.securityfocus.com/archive/1/469258/100/0/threaded
Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5)...
Cross-site scripting (XSS) vulnerability in reportItem.do in Track+ 3.3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the projId parameter. Date published : 2007-05-22 http://www.securityfocus.com/bid/24060 http://pridels-team.blogspot.com/2007/05/track-xss-vuln.html
Cross-site scripting (XSS) vulnerability in cand_login.asp in CactuSoft Parodia 6.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the strJobIDs parameter. Date published : 2007-05-22 http://www.securityfocus.com/bid/24078 http://pridels-team.blogspot.com/2007/05/parodia-xss-vuln.html
SQL injection vulnerability in read/index.php in ol’bookmarks 0.7.4 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-05-22 http://www.securityfocus.com/bid/24085 https://www.exploit-db.com/exploits/3964
Multiple PHP remote file inclusion vulnerabilities in ol’bookmarks 0.7.4 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter to (1) test1.php, (2) blackorange.php, (3) default.php, (4) frames1.php, (5)...
The "hit-highlighting" functionality in webhits.dll in Microsoft Internet Information Services (IIS) Web Server 5.0 only uses Windows NT ACL configuration, which allows remote attackers to bypass NTLM and basic authentication mechanisms and access private...
Multiple stack-based buffer overflows in the Pegasus ImagN’ ActiveX control (IMW32O40.OCX) 4.00.041 allow remote attackers to execute arbitrary code via (1) a long FileName parameter, or unspecified vectors involving the (2) BeginReport, (3) CreatePictureExA,...