[Full-disclosure] Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability

Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability By Sowhat of Nevis Labs Date: 2006.04.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx CVE: CVE-2006-1189 Vendor Microsoft Inc. Product...

Sql injection

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the 1 group, 2 seite, and 3 id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows...

Cross site scripting

Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...

CVE-2006-1687

Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...

CVE-2006-1685

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the 1 group, 2 seite, and 3 id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows...

CVE-2006-1687

Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...

Default credentials

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password...

Sql injection

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors...

Code injection

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

CVE-2006-1047

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

CVE-2006-1049

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors...

CVE-2006-1047

CVE-2006-1047 concerns Joomla! 1.0.7 and earlier, with an unspecified vulnerability in the Remember Me login functionality. The connected sources confirm the affected product and component, but describe the impact and attack vectors as unknown and do not provide a concrete root cause, exploit det...

CVE-2006-1049

CVE-2006-1049 affects Joomla! Admin functionality in Joomla! 1.0.7 and earlier. The vulnerability is described as multiple SQL injection flaws that allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. The record confirms affected software version...

CVE-2006-1049

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors...

MySQL 5.0.18 - Query Logging Bypass

MySQL 5.0.18 - Query Logging Bypass source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysqlrealquery' function and in the query-logging functionality. This issu...

MySQL 5.0.18 - Query Logging Bypass

source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysqlrealquery' function and in the query-logging functionality. This issue allows attackers to bypass the...

CVE-2006-0699

Cross-site scripting XSS vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter...

CVE-2006-0639

Cross-site scripting XSS vulnerability in search.php in MyBB aka MyBulletinBoard 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E...

CVE-2006-0639

Cross-site scripting XSS vulnerability in search.php in MyBB aka MyBulletinBoard 1.0.2 allows remote attackers with knowledge of the table prefix to inject arbitrary web script or HTML via a URL encoded value of the keywords parameter, as demonstrated by %3Cscript%3E...

Cross site scripting

Cross-site scripting XSS vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter...