SQL injection vulnerability in philboard_forum.asp in Metyus Forum Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might be related to CVE-2007-0920 or CVE-2007-3884. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php. Date published :...
Multiple SQL injection vulnerabilities in unuttum.asp in SuskunDuygular Uyelik Sistemi 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) kadi or (2) email parameter. NOTE: some of these details are obtained...
Unspecified vulnerability in Advanced Webhost Billing System (AWBS) before 2.6.0 allows remote authenticated users to obtain configuration data about other dedicated servers via unspecified vectors. Date published : 2007-07-31 http://www.securityfocus.com/bid/25089 http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/
Multiple SQL injection vulnerabilities in Advanced Webhost Billing System (AWBS) before 2.6.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be leveraged for XSS...
SQL injection vulnerability in the login script in Real Estate listing website application template, when logging in as user or manager, allows remote attackers to execute arbitrary SQL commands via the Password parameter. Date...
SQL injection vulnerability in sign_in.aspx in Message Board / Threaded Discussion Forum Application Template allows remote attackers to execute arbitrary SQL commands via the Password parameter. Date published : 2007-07-31 http://www.securityfocus.com/bid/25113 http://www.securityfocus.com/archive/1/474937/100/0/threaded
SQL injection vulnerability in sign_in.aspx in WebStore (Online Store Application Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. Date published : 2007-07-31 http://www.securityfocus.com/bid/25112 http://www.securityfocus.com/archive/1/474932/100/0/threaded
SQL injection vulnerability in sign_in.aspx in WebEvents (Online Event Registration Template) allows remote attackers to execute arbitrary SQL commands via the Password parameter. Date published : 2007-07-31 http://www.securityfocus.com/bid/25111 http://www.securityfocus.com/archive/1/474933/100/0/threaded
SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information. Date published :...
SQL injection vulnerability in login.asp in CodeWidgets Pay Roll – Time Sheet and Punch Card Application With Web Interface allows remote attackers to execute arbitrary SQL commands via the Password parameter. Date published :...
A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving...
Multiple cross-site scripting (XSS) vulnerabilities in the WP-FeedStats before 2.4 plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, one of which involves an rss2 feed with...
The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial...