Directory traversal vulnerability in scripts/include/show_content.php in Amber Script 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the id parameter. NOTE: in some environments, this can...
SQL injection vulnerability in events.php in WorkingOnWeb 2.0.1400 allows remote attackers to execute arbitrary SQL commands via the idevent parameter. Date published : 2007-11-26 http://www.securityfocus.com/bid/26563 https://www.exploit-db.com/exploits/4653
Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php, which is reachable through a view action to index.php;...
Multiple cross-site scripting (XSS) vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the year parameter to (1) xml/index.php; or (2) the year parameter to...
SQL injection vulnerability in search_form.php in Softbiz Freelancers Script 1 allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. Date published : 2007-11-26 http://www.securityfocus.com/bid/26569 https://www.exploit-db.com/exploits/4660
Cross-site scripting (XSS) vulnerability in signin.php in Softbiz Freelancers Script 1 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. Date published : 2007-11-26 http://www.securityfocus.com/bid/26569 https://www.exploit-db.com/exploits/4660
Unspecified vulnerability in IRC Services 5.1.8 has unknown impact and attack vectors. Date published : 2007-11-26 http://www.securityfocus.com/bid/26517 http://www.ircservices.za.net/Changes.txt
The default_encrypt function in encrypt.c in IRC Services before 5.0.63, and 5.1.x before 5.1.7, allows remote attackers to cause a denial of service (daemon crash) via a long password. NOTE: some of these details...
Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 sets the Referer header to the window or frame in which script is running, instead of the address of the content that initiated the script, which...
Multiple unspecified vulnerabilities in Mozilla Firefox before 2.0.0.10 and SeaMonkey before 1.1.7 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors that trigger memory corruption....
Wireshark (formerly Ethereal) 0.8.16 to 0.99.6 allows remote attackers to cause a denial of service (crash) via a malformed RPC Portmap packet. Date published : 2007-11-23 http://www.securityfocus.com/bid/26532 http://www.securityfocus.com/archive/1/485792/100/0/threaded
The Bluetooth SDP dissector Wireshark (formerly Ethereal) 0.99.2 to 0.99.6 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. Date published : 2007-11-23 http://www.securityfocus.com/bid/26532 http://www.securityfocus.com/archive/1/485792/100/0/threaded
The DCP ETSI dissector in Wireshark (formerly Ethereal) 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. Date published : 2007-11-23 http://www.securityfocus.com/bid/26532 http://www.securityfocus.com/archive/1/485792/100/0/threaded
The MEGACO dissector in Wireshark (formerly Ethereal) 0.9.14 to 0.99.6 allows remote attackers to cause a denial of service (long loop and resource consumption) via unknown vectors. Date published : 2007-11-23 http://www.securityfocus.com/bid/26532 http://www.securityfocus.com/archive/1/485792/100/0/threaded