Cross-site scripting (XSS) vulnerability in auth.w2b in W2B Online Banking allows remote attackers to inject arbitrary web script or HTML via the adtype parameter, a different vector than CVE-2006-1980. Date published : 2007-06-11 http://pridels-team.blogspot.com/2007/05/w2b-online-banking-vuln.html...
Almnzm allows remote attackers to obtain sensitive information via an activateorder request to index.php with an invalid orderid parameter, probably related to ‘[‘ and ‘]’ characters. Date published : 2007-06-11 http://www.securityfocus.com/archive/1/469911/100/0/threaded http://osvdb.org/38338
Directory traversal vulnerability in demo/pop3/error.php in Uebimiau Webmail allows remote attackers to determine the existence of arbitrary directories via an absolute pathname and .. (dot dot) in the selected_theme parameter. Date published : 2007-06-11...
Uebimiau Webmail allows remote attackers to obtain sensitive information via a request to demo/pop3/error.php with an invalid value of the (1) smarty or (2) selected_theme parameter, which reveals the path in various error messages....
Multiple cross-site scripting (XSS) vulnerabilities in Uebimiau Webmail allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to redirect.php or (2) the selected_theme parameter to demo/pop3/error.php. Date published :...
Buffer overflow in a certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) or...
A certain ActiveX control in the EDraw Office Viewer Component (edrawofficeviewer.ocx) 4.0.5.20, and other versions before 5.0, allows remote attackers to delete arbitrary files via the DeleteLocalFile method. Date published : 2007-06-11 http://www.securityfocus.com/bid/24230 http://www.ocxt.com/archives/28
Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value. Date published : 2007-06-11 http://www.securityfocus.com/bid/24245 https://www.exploit-db.com/exploits/4015
Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command. Date published : 2007-06-11 http://www.securityfocus.com/bid/24251 https://www.exploit-db.com/exploits/4014
Tor before 0.1.2.14 can construct circuits in which an entry guard is in the same family as the exit node, which might compromise the anonymity of traffic sources and destinations by exposing traffic to...
Microsoft Internet Explorer 7, when prompting for HTTP Basic Authentication for an IDN web site, uses ACE labels for the domain name in the status bar, but uses internationalized labels for this name in...
Incomplete blacklist vulnerability in the filemanager in Frederico Caldeira Knabben FCKeditor 2.4.2 allows remote attackers to upload arbitrary .php files via an alternate data stream syntax, as demonstrated by .php::$DATA filenames, a related issue...
Buffer overflow in the NotSafe function in the idaiehlp ActiveX control in idaiehlp.dll 1.9.1.74 in Internet Download Accelerator (ida) 5.2 allows remote attackers to cause a denial of service (Internet Explorer crash) via a...
Buffer overflow in Ace-FTP Client 1.24a allows user-assisted, remote FTP servers to execute arbitrary code via a long response. Date published : 2007-06-11 http://www.securityfocus.com/bid/24403 https://www.exploit-db.com/exploits/4058