Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php,...
Cross-site scripting (XSS) vulnerability in picture.php in Advanced Guestbook 2.4.2 allows remote attackers to inject arbitrary web script or HTML via the picture parameter. Date published : 2007-05-09 http://www.securityfocus.com/bid/23873 http://www.securityfocus.com/archive/1/467937/100/0/threaded
Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2, and 2003 Viewer allows user-assisted remote attackers to execute arbitrary code via a .XLS BIFF file with a malformed Named Graph record,...
Multiple PHP remote file inclusion vulnerabilities in Persism CMS 0.9.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the system[path] parameter to (1) blocks/headerfile.php, (2) files/blocks/latest_files.php, (3) filters/headerfile.php,...
PHP remote file inclusion vulnerability in templates/default/tpl_message.php in PHP TopTree BBS 2.0.1a and earlier allows remote attackers to execute arbitrary PHP code via a URL in the right_file parameter. Date published : 2007-05-08 http://www.securityfocus.com/bid/23867...
SQL injection vulnerability in game.php in the Flashgames 1.0.1 module for XOOPS allows remote attackers to execute arbitrary SQL commands via the lid parameter. Date published : 2007-05-08 http://www.securityfocus.com/bid/23820 https://www.exploit-db.com/exploits/3849
PHP remote file inclusion vulnerability in header.php in workbench survival guide 0.11 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. Date published : 2007-05-08 http://www.securityfocus.com/bid/23821 https://www.exploit-db.com/exploits/3848
PHP remote file inclusion vulnerability in includes/ajax_listado.php in Versado CMS 1.07 allows remote attackers to execute arbitrary PHP code via a URL in the urlModulo parameter. Date published : 2007-05-08 http://www.securityfocus.com/bid/23815 https://www.exploit-db.com/exploits/3847
Multiple PHP remote file inclusion vulnerabilities in PMECMS 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the config[pathMod] parameter to index.php in (1) mod/image/, (2) mod/liens/, (3)...
The show_files function in RunCms 1.5.2 and earlier allows remote attackers to obtain sensitive information (file existence and file metadata) via unspecified vectors. Date published : 2007-05-08 http://www.securityfocus.com/bid/23819 http://www.securityfocus.com/archive/1/467665/100/0/threaded
SQL injection vulnerability in class/debug/debug_show.php in RunCms 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the executed_queries array parameter. Date published : 2007-05-08 http://www.securityfocus.com/bid/23819 http://www.securityfocus.com/archive/1/467665/100/0/threaded
Multiple SQL injection vulnerabilities in mainfile.php in NPDS 5.10 and earlier allow remote authenticated users to execute arbitrary SQL commands via a (1) nickname or (2) Id in a cookie, or (3) the X-Forwarded-For...
PicoZip allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. Date published : 2007-05-08 http://www.securityfocus.com/bid/23823 http://www.securityfocus.com/archive/1/467646/100/0/threaded
WinAce allows remote attackers to cause a denial of service (infinite loop) via a ZOO archive with a direntry structure that points to a previous file. Date published : 2007-05-08 http://www.securityfocus.com/bid/23823 http://www.securityfocus.com/archive/1/467646/100/0/threaded