WinImage 8.10 and earlier allows remote attackers to cause a denial of service (infinite loop) via an invalid BPB_BytsPerSec field in the header of a .IMG file. Date published : 2007-09-18 http://www.securityfocus.com/bid/25687 http://www.securityfocus.com/archive/1/479695/100/0/threaded
Visual truncation vulnerability in WinImage 8.10 and earlier allows remote attackers to spoof a destination filename via a long sequence of space characters in a filename within a (1) .IMG or (2) .ISO file....
Directory traversal vulnerability in WinImage 8.10 and earlier allows user-assisted remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a filename within a (1) .IMG or (2) .ISO file....
The login_to_simulator method in Linden Lab Second Life, as used by the secondlife:// protocol handler and possibly other Second Life login mechanisms, sends an MD5 hash in cleartext in the passwd field, which allows...
Argument injection vulnerability in the Linden Lab Second Life secondlife:// protocol handler, as used in Internet Explorer and possibly Firefox, allows remote attackers to obtain sensitive information via a ‘" ‘ (double-quote space) sequence...
Cross-site scripting (XSS) vulnerability in catalog_products_with_images.php in osCMax 2.0.0-RC3-0-1 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained...
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) 1.6.3.4 allow remote attackers to inject arbitrary web script or HTML via the URI for (1) index.php, (2) i_frames/i_login.php, and (3) i_frames/i_top_tags.php. NOTE: the provenance of...
Multiple directory traversal vulnerabilities in download.php in Chupix CMS 0.2.3 allow remote attackers to read or overwrite arbitrary files via a .. (dot dot) in the (1) fichier or (2) repertoire parameter, or create...
Multiple SQL injection vulnerabilities in KwsPHP 1.0 allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to login.php, (2) the id parameter to index.php in a carnet editer action in...
PHP remote file inclusion vulnerability in admin.joomlaflashfun.php in the Flash Fun! (com_joomlaflashfun) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. Date published :...
PHP remote file inclusion vulnerability in admin.joom12pic.php in the joom12Pic (com_joom12pic) 1.0 component for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. Date published : 2007-09-18...
SQL injection vulnerability in index.php in SimpCMS allows remote attackers to execute arbitrary SQL commands via the keyword parameter in a search site action. Date published : 2007-09-18 http://www.securityfocus.com/bid/25688 https://www.exploit-db.com/exploits/4417
SQL injection vulnerability in article.php in OmniStar Article Manager allows remote attackers to execute arbitrary SQL commands via the page_id parameter in a favorite op action, a different vector than CVE-2006-5917. Date published :...
** DISPUTED ** PHP remote file inclusion vulnerability in sample.php in YaPiG 0.95b allows remote attackers to execute arbitrary PHP code via a URL in the YAPIG_PATH parameter. NOTE: this issue has been disputed...