PHP remote file inclusion vulnerability in games.php in MyCMS 0.9.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. Date published : 2007-07-05 http://www.securityfocus.com/bid/24757 https://www.exploit-db.com/exploits/4144
SQL injection vulnerability in viewforum.php in PNphpBB2 1.2i and earlier for Postnuke allows remote attackers to execute arbitrary SQL commands via the order parameter. Date published : 2007-07-05 https://www.exploit-db.com/exploits/4147 http://osvdb.org/45777
SQL injection vulnerability in details_news.php in Girlserv ads 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the idnew parameter. Date published : 2007-07-05 http://www.securityfocus.com/bid/24755 https://www.exploit-db.com/exploits/4142
SQL injection vulnerability in index.php in SuperCali PHP Event Calendar 0.4.0 allows remote attackers to execute arbitrary SQL commands via the o parameter. Date published : 2007-07-05 http://www.securityfocus.com/bid/24756 https://www.exploit-db.com/exploits/4141
The Jedox Palo 1.5 client transmits the password in cleartext, which might allow remote attackers to obtain the password by sniffing the network, as demonstrated by starting Excel with the Palo plugin, opening a...
PHPIDS does not properly handle certain code containing newlines, as demonstrated by a try/catch block within a loop, which allows user-assisted remote attackers to inject arbitrary web script. Date published : 2007-07-05 http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0 http://sla.ckers.org/forum/read.php?2,13209,13218
PHPIDS before 20070703 does not properly handle setting the .text property of a SCRIPT element before its attachment to the DOM, which allows remote attackers to inject arbitrary web script. Date published : 2007-07-05...
PHPIDS before 20070703 does not properly handle (1) arithmetic expressions and (2) unclosed comments, which allows remote attackers to inject arbitrary web script. Date published : 2007-07-05 http://groups.google.com/group/php-ids/browse_thread/thread/3ec15f69d6b3dba0 http://sla.ckers.org/forum/read.php?2,13209,13218
PHPIDS before 20070703 does not properly handle use of the substr method in (1) document.location.search and (2) document.referrer; (3) certain use of document.location.hash; (4) certain "window[eval" and similar expressions; (5) certain Function expressions; (6)...
** DISPUTED ** Microsoft Internet Explorer 6 executes web script from URIs of arbitrary scheme names ending with the "script" character sequence, using the (1) vbscript: handler for scheme names with 7 through 9...
SQL injection vulnerability in includes/functions in FreeDomain.co.nr Clone allows remote attackers to execute arbitrary SQL commands via the logindomain parameter to members.php. Date published : 2007-07-05 http://www.securityfocus.com/bid/24737 http://www.securityfocus.com/archive/1/472656/100/0/threaded
Multiple cross-site scripting (XSS) vulnerabilities in setup.cgi on the Cisco Linksys WAG54GS Wireless-G ADSL Gateway with 1.00.06 firmware allow remote attackers to inject arbitrary web script or HTML via the (1) c4_trap_ip_, (2) devname,...
Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421. Date published : 2007-07-05...
Incomplete blacklist vulnerability in cgi-bin/runDiagnostics.cgi in the web interface on the Yoggie Pico and Pico Pro allows remote attackers to execute arbitrary commands via shell metacharacters in the param parameter, as demonstrated by URL...