Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename. Date published : 2007-06-05 http://www.securityfocus.com/bid/24278 https://www.exploit-db.com/exploits/4024
Cross-site scripting (XSS) vulnerability in the Attunement and Key Tracker 0.95 and earlier plugin for EQdkp allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly involving the (1) keyshow,...
Multiple PHP remote file inclusion vulnerabilities in php(Reactor) 1.2.7 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathtohomedir parameter to (1) view.inc.php, (2) users.inc.php, (3) updatecms.inc.php, and...
SQL injection vulnerability in viewimage.php in Particle Soft Particle Gallery 1.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the editcomment parameter, a different version and vector than CVE-2006-2862. Date published...
Cross-site scripting (XSS) vulnerability in diary.php in My Databook allows remote attackers to inject arbitrary web script or HTML via the year parameter. Date published : 2007-06-05 http://www.securityfocus.com/bid/24311 http://www.securityfocus.com/archive/1/470483/100/0/threaded
SQL injection vulnerability in diary.php in My Databook allows remote attackers to execute arbitrary SQL commands via the delete parameter. Date published : 2007-06-05 http://www.securityfocus.com/bid/24311 http://www.securityfocus.com/archive/1/470483/100/0/threaded
Cross-site scripting (XSS) vulnerability in HP System Management Homepage (SMH) before 2.1.2 running on Linux and Windows allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-06-05...
Cactushop 6 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) cactushop6.mdb or (2) cactushop5.mdb. Date...
Multiple cross-site scripting (XSS) vulnerabilities in PHP Live! 3.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sid parameter to (a) chat.php, (2) LANG[DEFAULT_BRANDING] and (3) PHPLIVE_VERSION parameters to...
SendCard 3.3.0 allows remote attackers to obtain sensitive information via an invalid sc_language parameter to sendcard.php, which reveals the path in an error message. Date published : 2007-06-05 http://www.securityfocus.com/archive/1/470237/100/0/threaded http://osvdb.org/35740
Multiple PHP remote file inclusion vulnerabilities in Madirish Webmail 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[basedir] parameter to (1) calendar.php, (2) compose.php, and (3) index.php, different...
PHP remote file inclusion vulnerability in include/wysiwyg/spaw_control.class.php in the icontent 4.5 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the spaw_root parameter. NOTE: this issue is probably...
Cross-site scripting (XSS) vulnerability in filedetails.php in WebSVN 2.0rc4, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the path parameter. Date published : 2007-06-05 http://www.securityfocus.com/bid/24310 http://bugs.gentoo.org/show_bug.cgi?id=180879
Cross-site scripting (XSS) vulnerability in index.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Date published : 2007-06-05 http://www.securityfocus.com/bid/24277 http://www.securityfocus.com/archive/1/470346/100/0/threaded