Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20). Date published : 2007-06-26 http://www.securityfocus.com/bid/24618 http://www.securityfocus.com/archive/1/472190/100/0/threaded
Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a)...
Multiple cross-site scripting (XSS) vulnerabilities in defter_yaz.asp in Lebisoft zdefter 4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) ad and (2) konu parameters. NOTE: the provenance of this...
Directory traversal vulnerability in ShowImage.php in SiteDepth CMS 3.44 allows remote attackers to read arbitrary files via a .. (dot dot) in the name parameter. Date published : 2007-06-26 http://www.securityfocus.com/bid/24635 https://www.exploit-db.com/exploits/4105
Unrestricted file upload vulnerability in upload.php in dreamLog (aka dreamblog) 0.5 allows remote attackers to upload and execute arbitrary PHP code in uploads/images/ via the uploadedFile[] parameter. Date published : 2007-06-26 http://www.securityfocus.com/bid/24639 https://www.exploit-db.com/exploits/4106
SQL injection vulnerability in index.php in pagetool 1.07 allows remote attackers to execute arbitrary SQL commands via the news_id parameter in a pagetool_news action. Date published : 2007-06-26 http://www.securityfocus.com/bid/24640 http://www.securityfocus.com/archive/1/488724/100/0/threaded
PHP remote file inclusion vulnerability in footer.inc.php in B1G b1gBB 2.24 allows remote attackers to execute arbitrary PHP code via a URL in the tfooter parameter. Date published : 2007-06-26 http://www.securityfocus.com/bid/24624 https://www.exploit-db.com/exploits/4102
The NCTAudioEditor2 ActiveX control in NCTWMAFile2.dll 2.6.2.157, as distributed in NCTAudioEditor and NCTAudioStudio 2.7, allows remote attackers to overwrite arbitrary files via the CreateFile method. Date published : 2007-06-26 http://www.securityfocus.com/bid/24613 https://www.exploit-db.com/exploits/4101
SQL injection vulnerability in include/get_userdata.php in Power Phlogger (PPhlogger) 2.2.5 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter to login.php. Date published : 2007-06-26 http://www.securityfocus.com/bid/24622 http://www.securityfocus.com/archive/1/472199/100/0/threaded
LiteWEB 2.7 allows remote attackers to cause a denial of service (hang) via a large number of requests for nonexistent pages. Date published : 2007-06-26 http://www.securityfocus.com/bid/24628 http://www.securityfocus.com/archive/1/472202/100/0/threaded
The web container in IBM WebSphere Application Server (WAS) before 6.0.2.21, and 6.1.x before 6.1.0.9, sends response data intended for a different request in certain circumstances after a closed connection error, which might allow...
Cross-site scripting (XSS) vulnerability in index.wkf in KeyFocus (KF) web server 3.1.0 allows remote attackers to inject arbitrary web script or HTML via the opsubmenu parameter. Date published : 2007-06-26 http://www.securityfocus.com/bid/24623 http://www.securityfocus.com/archive/1/472195/100/0/threaded
Multiple SQL injection vulnerabilities in eNdonesia 8.4 allow remote attackers to execute arbitrary SQL commands via the (1) artid parameter to mod.php in a viewarticle action (publisher mod) and the (2) bid parameter to...
Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via (1) an invalid month[] parameter to calendar.php, (2) an invalid catview[] parameter to cal_week.php in a week operation, (3) an invalid ycyear[] parameter to...