Sql injection

SQL injection vulnerability in index.php in BoonEx Barracuda 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the 1 linkdirtarget and 2 linkidtarget parameter, possibly involving the linkedit functionality...

Buffer overflow

Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when...

CVE-2006-2027

CVE-2006-2027 describes a buffer overflow in Unicode processing within the logging functionality of Pablo Software Solutions Quick 'n Easy FTP Server (Professional and Lite, probably v3.0). The flaw could allow remote authenticated users to execute arbitrary code by sending a command with a long ...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

[Full-disclosure] Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability

Microsoft Internet Explorer DBCS Remote Memory Corruption Vulnerability By Sowhat of Nevis Labs Date: 2006.04.11 http://www.nevisnetworks.com http://secway.org/advisory/AD20060411.txt http://www.microsoft.com/technet/security/bulletin/MS06-013.mspx CVE: CVE-2006-1189 Vendor Microsoft Inc. Product...

Sql injection

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the 1 group, 2 seite, and 3 id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows...

Cross site scripting

Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...

CVE-2006-1687

Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...

CVE-2006-1685

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the 1 group, 2 seite, and 3 id parameter, possibly involving the artikel functionality. NOTE: this vulnerability also allows...

CVE-2006-1687

Cross-site scripting XSS vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality...

Default credentials

Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password...

CVE-2006-1049

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors...

CVE-2006-1047

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

Code injection

Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors...

Sql injection

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors...

CVE-2006-1049

CVE-2006-1049 affects Joomla! Admin functionality in Joomla! 1.0.7 and earlier. The vulnerability is described as multiple SQL injection flaws that allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors. The record confirms affected software version...

CVE-2006-1049

Multiple SQL injection vulnerabilities in the Admin functionality in Joomla! 1.0.7 and earlier allow remote authenticated administrators to execute arbitrary SQL commands via unknown attack vectors...

CVE-2006-1047

CVE-2006-1047 concerns Joomla! 1.0.7 and earlier, with an unspecified vulnerability in the Remember Me login functionality. The connected sources confirm the affected product and component, but describe the impact and attack vectors as unknown and do not provide a concrete root cause, exploit det...

MySQL 5.0.18 - Query Logging Bypass

source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysqlrealquery' function and in the query-logging functionality. This issue allows attackers to bypass the...

MySQL 5.0.18 - Query Logging Bypass

MySQL 5.0.18 - Query Logging Bypass source: https://www.securityfocus.com/bid/16850/info MySQL is prone to a query-logging-bypass vulnerability. This issue is due to a discrepancy between the handling of NULL bytes in the 'mysqlrealquery' function and in the query-logging functionality. This issu...