CVE-2004-2675

ArGoSoft FTP Server vulnerable before 1.4.1.6. Remote authenticated users can crash the server by issuing SITE PASS with a long password, leading to database corruption. Affected: ArGoSoft FTP Server

CVE-2007-0115

CVE-2007-0115 affects Coppermine Photo Gallery 1.4.10 and earlier. The vulnerability is a static code injection that lets remote authenticated administrators run arbitrary PHP code. The attack path involves injecting PHP code via the Username field to login.php, which is injected into an error me...

CVE-2007-0058

Cisco Clean Access CCA 3.5.x through 3.5.9 and 3.6.x through 3.6.1.1 on the Clean Access Manager CAM allows remote attackers to bypass authentication and download arbitrary manual database backups by guessing the snapshot filename using brute force, then making a direct request for the file...

CVE-2006-7232

sqlselect.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service crash via an EXPLAIN SELECT FROM on the INFORMATIONSCHEMA table, as originally demonstrated using ORDER BY...

CVE-2006-6814

Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ dot dot backslash sequences in the BrowsePath parameter...

CVE-2006-6617

CVE-2006-6617 affects Microsoft Project Server 2003. The vulnerability lies in projectserver/logon/pdsrequest.asp where a GetInitializationData response can expose the UserName and Password fields, allowing remote authenticated users to obtain the MSProjectUser password for the SQL database. The ...

CVE-2006-6599

maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters ";" semicolon in the announce parameter...

CVE-2006-6573

The vulnerability CVE-2006-6573 affects Citrix Access Gateway: 4.5 Advanced Edition and 4.2 with Advanced Access Control 4.2 on Access Gateway appliances 4.2–4.2.2. A remote, authenticated user can gain access to data via unspecified vectors, causing information disclosure. Citrix notes updates a...

CVE-2006-6572

Unspecified vulnerability in Citrix Advanced Access Control AAC Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a differen...

CVE-2006-6548

Multiple cross-site scripting XSS vulnerabilities in cPanel WebHost Manager WHM 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the domain parameter to 1 scripts2/changeemail, 2 scripts2/limitbw, or 3 scripts/rearrangeacct. NOTE: the feature parameter to...

CVE-2006-6513

The CControl::Download function /dl URI in Winamp Web Interface Wawi 7.5.13 and earlier allows remote authenticated users to download arbitrary file types under the root via a trailing "." dot in a filename in the file parameter, related to erroneous behavior of the IsWinampFile function...

CVE-2006-6513

The CVE-2006-6513 issue affects Winamp Web Interface (Wawi) prior to or equal to 7.5.13, where the CControl::Download handler (/dl) can be triggered by an authenticated remote user. A trailing "." in the file parameter enables downloading arbitrary file types from the root, due to a bug in IsWina...

HR Assist 1.05 - 'vdateUsr.asp' Remote Authentication Bypass

Title : HR Assist = 1.05 vdateUsr.asp Remote Login ByPass SQL Injection Author : ajann Page : http://www.ezhrs.com Contact : : $$$ : $45 Example: http://target/path/ UserName: ' union select 0,0,0,0,0,0,0,0,0,0,0,0,0 from admin """"""""""""""""""""" ajann,Turkey ... Im not Hacker! milw0rm.com...

paFileDB 3.5.23.5.3 - Remote Authentication Bypass SQL Injection

paFileDB 3.5.23.5.3 - Remote Authentication Bypass SQL Injection PafileDB Login SQL injection = author : koray & [email protected] Risk : High Class : Remote Vulnerable Script : pafileDB Version : 3.5.2 / 3.5.3 google : powered by pafiledb 3.5.3/2 greetz : www.cigicigi.net & redhackers Vulnerabl...

paFileDB 3.5.2/3.5.3 - Remote Authentication Bypass / SQL Injection

PafileDB Login SQL injection = author : koray & [email protected] Risk : High Class : Remote Vulnerable Script : pafileDB Version : 3.5.2 / 3.5.3 google : powered by pafiledb 3.5.3/2 greetz : www.cigicigi.net & redhackers Vulnerable; include/admin/auth.php c0de ; if isset$COOKIE'pafiledbuser' &&...

CVE-2006-6290

Multiple stack-based buffer overflows in the IMAP module MEIMAPS.EXE in MailEnable Professional 1.6 through 1.82 and 2.0 through 2.33, and MailEnable Enterprise 1.1 through 1.30 and 2.0 through 2.33 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary...

CVE-2006-6239

webadmin in MailEnable NetWebAdmin Professional 2.32 and Enterprise 2.32 allows remote attackers to authenticate using an empty password...

security flaw

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

PT-2006-6644

Name of the Vulnerable Software and Affected Versions DirectAdmin version 1.28.1 Description The issue allows remote authenticated users to inject arbitrary web script or HTML. This can be achieved through various parameters and commands, including the user parameter to CMD SHOW RESELLER or CMD...

Hpecs Shopping Cart - Remote Authentication Bypass

Hpecs Shopping Cart - Remote Authentication Bypass vendor site:http://hpe.net/ product:hpecs shopping cart bug:injection sql risk:high login bypass : username: 'or''=' passwd: 'or''=' injection sql post : http://site.com/searchlist.asp variables: HpecsFind=maingroup&searchstring='sql or just post...