167 matches found
CVE-2006-2486
SQL injection vulnerability in find.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the userID parameter...
CVE-2006-1265
SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter...
CVE-2006-1265
CVE-2006-1265 targets the xhawk.net discussion 2.0 beta2 application, where a flaw in the discussion.class.php logic allows a remote attacker to inject SQL via the view parameter, potentially impacting confidentiality, integrity, and availability. The public data lists a base CVSS v2 score of 7.5...
Farsinews 2.1 - 'Loginout.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/16440/info FarsiNews is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious P...
security flaw
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings...
security flaw
The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings...
HylaFAX vulnerability
Hi, I've found classical format bug while I was playing with HylaFAX server v4.1 beta2: $ -u /usr/sbin/hfaxd && /usr/sbin/hfaxd -q 'nn' SUID uucp Segmentation fault It crashes while calling syslog with user supplied fmt. Looks nasty. Sorry, I have no working exploit, I won't have one and I have n...