CVE-2007-0345

The CVE-2007-0345 description is supported by connected records: on Mac OS X 10.4.8, three utilities located in /Applications/Utilities (Activity Monitor.app/Contents/Resources/pmTool, Keychain Access.app/Contents/Resources/kcproxy, and ODBC Administrator.app/Contents/Resources/iodbcadmintool) ha...

MOTIONBORG Web Real Estate <= 2.1 SQL Injection Vulnerability

Exploit for unknown platform in category web applications ============================================================= MOTIONBORG Web Real Estate $1,475.00 ajann SQL Injector Beta= Script Tables & Columns -dtproperties- id objectid property value uvalue lvalue version -Events- EventId EventDay...

CVE-2006-4758

phpBB 2.0.21 does not properly handle pathnames ending in %00, which allows remote authenticated administrative users to upload arbitrary files, as demonstrated by a query to admin/adminboard.php with an avatarpath parameter ending in .php%00...

phpCommunityCalendar 4.0.3 - Cross-Site Scripting / SQL Injection

author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS' http://SERVER/PATH/event.php?AddressLink="alert'XSS'" SQL...

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection

phpCommunityCalendar 4.0.3 - Cross-Site Scripting SQL Injection author : X0r1 release : 23.05.06 software : http://www.appideas.com/ googledork : "Calendar programming by AppIdeas.com" filetype:php XSS: http://SERVER/PATH/week.php?LoName=alert'XSS' http://SERVER/PATH/month.php?LoName=alert'XSS'...

DSA-1066-1 phpbb2 - missing input sanitising

Bulletin has no description...

CVE-2006-0438

Cross-site request forgery CSRF vulnerability in phpBB 2.0.19, when Link to off-site Avatar or bbcode IMG are enabled, allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag in a user profile, as demonstrated using links to 1 admin/adminusers.php and 2...

CVE-2005-2489

The CVE concerns Web Content Management News System. The vulnerability originates from a direct request to Admin/Users/AddModifyInput.php that lets remote attackers create arbitrary user accounts and gain privileges. This implies a bypass of normal authorization checks and potential privilege esc...

CVE-2005-2489

Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php...

Poster 2.0 - Unauthorized Privileged User Access

Poster 2.0 - Unauthorized Privileged User Access source: https://www.securityfocus.com/bid/8426/info A vulnerability has been reported for Poster.version:two. The problem occurs due to the application failing to lock the 'setup' variable after initialization. As a result, an attacker may access...

Security Bulletin MS01-008

--------------------------------------------------------------------- Title: NTLMSSP Privilege Elevation Vulnerability Date: 07 February 2001 Software: Windows NT 4.0 Impact: Privilege Elevation Bulletin: MS01-008 Microsoft encourages customers to review the Security Bulletin at:...