CVE-2006-3673

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service application crash via a large owner value, which causes an assert error...

CVE-2006-3602

Directory traversal vulnerability in jscripts/tinymce/tinymcegzip.php in FarsiNews 3.0 BETA 1 allows remote attackers to include arbitrary files via a .. dot dot sequence and trailing null %00 byte in the language parameter in the advanced theme...

CVE-2006-3599

SQL injection vulnerability in the Nuke Advanced Classifieds module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the idads parameter in an EditAds op...

CVE-2006-3673

Armagetron Advanced

CVE-2006-3674

CVE-2006-3674 affects Armagetron Advanced 2.8.2 and earlier. nNetObject.cpp’s id_req_handler handling can be abused by remote attackers to cause CPU-based denial of service. Documented in NVD and CVE records, with confirmatory references in multiple sources; exploitation details and concrete reme...

CVE-2006-3674

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service CPU consumption via a large number handled by the idreqhandler function...

CVE-2006-3673

nNetObject.cpp in Armagetron Advanced 2.8.2 and earlier allows remote attackers to cause a denial of service application crash via a large owner value, which causes an assert error...

CVE-2006-3602

CVE-2006-3602 affects FarsiNews 3.0 BETA 1, via directory traversal in jscripts/tiny_mce/tiny_mce_gzip.php. The underlying flaw allows remote attackers to include arbitrary files by supplying .. and a trailing null (%00) byte in the language parameter of the advanced theme, enabling partial integ...

CVE-2006-3526

Multiple cross-site scripting XSS vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 name and 2 form parameters...

CVE-2006-3526

CVE-2006-3526 affects Sport-slo Advanced Guestbook 1.0: multiple cross-site scripting (XSS) vulnerabilities in guestbook.php that allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) form parameters. The provided documents do not include exploitation details or c...

CVE-2006-3526

Multiple cross-site scripting XSS vulnerabilities in guestbook.php in Sport-slo Advanced Guestbook 1.0 allow remote attackers to inject arbitrary web script or HTML via 1 name and 2 form parameters...

ag10.txt

Advanced Guestbook v1.0 Homepage: http://www.sport-slo.net/ Affected files: guestbook.php ----------------------------------------------- XSS vuln on guestbook.php: Data isn't sanatized before being submit to guestbook.txt and displayed onscreen. The code: if$POST'action' if$POST'name' &&...

Advanced Guestbook 2.3.1 /index.PHP/ SQL Injection

Advanced Guestbook 2.3.1 /index.PHP/ SQL Injection Credit : SpC-x | The-BeKiR Site : http://wWw.SaVSaK.CoM Greetz : | Nukedx | Ejder | Str0ke | joffer | Poizonb0x | Code : http://www.target.com/path/index.php?entry=SQL Example : http://www.nascarstation.de/phpguest/index.php?entry=SQL /SpC-x -- G...

VARIOMAT(advanced cms tool)SQL injection/XSS

=================================== Discovery By: CrAzY CrAcKeR Site: www.alshmokh.com nono225-mHOn-rageh-LoverHacker Breeeeh-LiNuXrOOt-BoNym-rootshill =================================== Example:- /news.php?mode=single&view=act&item=76&subcat=SQL /news.php?mode=single&view=act&item=76&subcat=XSS...

DEBIAN-CVE-2006-2458

Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via 1 the asfreadheader function in the ASF plugin plugins/asfextractor.c, and 2 the parsetrakatom function in the QT plugin plugins/qtextractor.c...

Remote file inclusion

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via the phpbbrootpath parameter...

CVE-2006-2152

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when registerglobals is enabled, allows remote attackers to include arbitrary files via the phpbbrootpath parameter...

CVE-2006-2152

CVE-2006-2152 affects phpBB Advanced Guestbook 2.4.0 and earlier, where admin/addentry.php fails to sanitize input to the phpbb_root_path parameter before using it in PHP include(). This PHP remote file inclusion vulnerability arises when register_globals is enabled, allowing an unauthenticated a...

phpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The version of Advanced Guestbook installed on the remote host fails to sanitize input to the 'phpbbrootpath' parameter of the 'admin/addentry.php' script before using it in a PHP 'include' function. Provided PHP's...

Sql injection

SQL injection vulnerability in include/classpoll.php in Advanced Poll 2.0.4 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header...