PHP remote file inclusion vulnerability in admin/spaw/spaw_control.class.php in the XT-Conteudo module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably a...
PHP remote file inclusion vulnerability in admin/editor2/spaw_control.class.php in the Cjay Content 3 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this may be...
Unspecified vulnerability in sources/action_public/xmlout.php in Invision Power Board (IPB or IP.Board) 2.2.0 through 2.2.2 allows remote attackers to modify another user’s profile data, such as an AIM screen name or Yahoo! identity. Date published...
Cross-site scripting (XSS) vulnerability in request.php in PHP Live! 3.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the pagex parameter. Date published : 2007-06-14 http://www.securityfocus.com/bid/24443 http://pridels-team.blogspot.com/2007/06/php-live-support-xss-vuln.html
Multiple PHP remote file inclusion vulnerabilities in Prototype of an PHP application 0.1 allow remote attackers to execute arbitrary PHP code via a URL in the path_inc parameter to (1) index.php in gestion/; (2)...
Multiple buffer overflows in the LGServer component of CA (Computer Associates) BrightStor ARCserve Backup for Laptops and Desktops r11.1 allow remote attackers to execute arbitrary code via crafted arguments to the (1) rxsAddNewUser, (2)...
PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php. Date published : 2007-06-14 http://www.securityfocus.com/bid/24417 http://www.securityfocus.com/archive/1/471065/100/0/threaded
SQL injection vulnerability in style.php in e-Vision CMS 2.02 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the template parameter. Date published : 2007-06-14 http://www.securityfocus.com/bid/24398 https://www.exploit-db.com/exploits/4054
Multiple cross-site scripting (XSS) vulnerabilities in comments.cgi in Sporum Forum 3.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view and (2) mode parameters. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in links.php in Beehive Forum 0.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) viewmode, (2) fid, and (3) sort_dir parameters, different vectors than...
Cross-site scripting (XSS) vulnerability in 404.php in Domain Technologie Control (DTC) before 0.25.9 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI). NOTE: the provenance of this information is...
Stack-based buffer overflow in nptoken.mox in the Cellosoft Tokens Object 2.0.0.6 extension for Vitalize! allows remote attackers to execute arbitrary code via a long string argument to the RemoveChr method. NOTE: the provenance of...
Mail Notification 4.0, when WITH_SSL is set to 0 at compile time, uses unencrypted connections for accounts configured with SSL/TLS, which allows remote attackers to obtain sensitive information by sniffing the network. Date published...
CRLF injection vulnerability in Yet another Bulletin Board (YaBB) 2.1 allows remote attackers to obtain administrative access via requests to (1) register.pl or (2) profile.pl that write CRLF sequences to a .vars file. NOTE:...