Stack-based buffer overflow in the BeginPrint method in a certain ActiveX control in RKD Software (barcodetools.com) BarCodeAx.dll 4.9 allows remote attackers to execute arbitrary code via a long argument. Date published : 2007-06-26 http://www.securityfocus.com/bid/24596...
index.php in Pharmacy System 2 and earlier allows remote attackers to obtain sensitive information via a ‘ (quote) character in the page parameter, which reveals the table prefix in an error message. Date published...
SQL injection vulnerability in index.php in Pharmacy System 2 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter in an add action. Date published : 2007-06-26 http://www.securityfocus.com/bid/24602 https://www.exploit-db.com/exploits/4095
Unrestricted file upload vulnerability in admin/images.php in Pluxml 0.3.1 allows remote attackers to upload and execute arbitrary PHP code via a .jpg filename. Date published : 2007-06-26 http://www.securityfocus.com/archive/1/472205/100/0/threaded https://www.exploit-db.com/exploits/4096
PHP remote file inclusion vulnerability in cal.func.php in Valerio Capello Dagger – The Cutting Edge r23jan2007 allows remote attackers to execute arbitrary PHP code via a URL in the dir_edge_lang parameter. Date published :...
SQL injection vulnerability in index.php in Simple Invoices 2007 05 25 allows remote attackers to execute arbitrary SQL commands via the submit parameter in an email action. Date published : 2007-06-26 http://www.securityfocus.com/bid/24601 https://www.exploit-db.com/exploits/4098
Unrestricted file upload vulnerability in signup.php in e107 0.7.8 and earlier, when photograph upload is enabled, allows remote attackers to upload and execute arbitrary PHP code via a filename with a double extension such...
Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076. Date published : 2007-06-26 http://soft.zoneo.net/phpTrafficA/news.php...
SQL injection vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter in a stats action. Date published : 2007-06-26 http://www.securityfocus.com/archive/1/472211/100/0/threaded http://soft.zoneo.net/phpTrafficA/Files/get.php?phpTrafficA-1.4.3.tgz
Cross-site scripting (XSS) vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Date published : 2007-06-26 http://www.securityfocus.com/archive/1/472211/100/0/threaded http://soft.zoneo.net/phpTrafficA/Files/get.php?phpTrafficA-1.4.3.tgz
Directory traversal vulnerability in index.php in phpTrafficA 1.4.2 and earlier allows remote attackers to include arbitrary local files via the lang parameter, a different vector and version than CVE-2007-1076.2. Date published : 2007-06-26 http://www.securityfocus.com/archive/1/472211/100/0/threaded...
The moveim function in cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the tocat parameter as a subdirectory name when moving an instant message, which has unknown impact and remote attack vectors. Date published :...
cgi-bin/cgi-lib/instantmessage.pl in web-app.org WebAPP before 0.9.9.7 uses the From field of an instant message as the beginning of the .dat file name when the (1) imview2 or (2) imview3 function reads (a) an internal...
The getcgi function in cgi-bin/cgi-lib/subs.pl in web-app.org WebAPP before 0.9.9.7 attempts to parse query strings that contain (1) non-printing characters, (2) certain printing characters that do not commonly occur in URLs, or (3) invalid...