9133 matches found
CVE-2006-6652
Buffer overflow in the glob implementation glob.c in libc in NetBSD-current before 20050914, NetBSD 2. and 3. before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results fro...
CVE-2006-6588
The forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz trusts the 1 dataResourceTypeId, 2 contentTypeId, and certain other hidden form fields, which allows remote attackers to create unauthorized types of content, modify content, or have other unknown...
CVE-2006-6587
Cross-site scripting XSS vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project OFBiz allows remote attackers to inject arbitrary web script or HTML by posting a message...
AnnonceScriptHP 2.0 - '/Templates/commun.dwt.php?email' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to ste...
AnnonceScriptHP 2.0 - '/Templates/admin.dwt.php?email' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to ste...
AnnonceScriptHP 2.0 - 'erreurinscription.php?email' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to ste...
AnnonceScriptHP 2.0 - '/admin/admin_config/Aide.php?email' Cross-Site Scripting
source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to ste...
AnnonceScriptHP 2.0 - '/admin/admin_membre/fiche_membre.php?idmembre' SQL Injection
source: https://www.securityfocus.com/bid/21514/info AnnonceScriptHP is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because it fails to sufficiently sanitize user-supplied data. Exploiting these issues could allow an attacker to ste...
Hastymail IMAP SMTP命令注入漏洞
Hastymail IMAP是一款由PHP编写的IMAP协议实现客户端。 Hastymail IMAP不充分过滤用户提交的URI输入,远程攻击者可以利用漏洞执行其他SMTP命令。 由于对命令和信息缺少验证,可导致恶意用户注入任意IMAP/SMTP命令到邮件服务器,可导致绕过限制进行访问。 Hastymail Hastymail 1.5 Hastymail Hastymail 1.2 Hastymail Hastymail 1.1 Hastymail Hastymail 1.0.2 Hastymail Hastymail 1.0.1 升级程序: Hastymail Hastymail...
UApplication Uguestbook 1.0 - index.asp SQL Injection
UApplication Uguestbook 1.0 - index.asp SQL Injection source: https://www.securityfocus.com/bid/21426/info Uapplication Uguestbook is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could...
Clickblog - 'Displaycalendar.asp' SQL Injection
source: https://www.securityfocus.com/bid/21310/info Clickblog is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or...
ClickContact - default.asp Multiple SQL Injections
ClickContact - default.asp Multiple SQL Injections source: https://www.securityfocus.com/bid/21302/info ClickContact is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow...
MidiCart ASP - Item_Show.asp?ID2006quant SQL Injection
MidiCart ASP - ItemShow.asp?ID2006quant SQL Injection source: https://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacke...
Fixit iDms Pro Image Gallery - 'filelist.asp' Multiple SQL Injections
source: https://www.securityfocus.com/bid/21282/info Fixit iDMS Pro is prone to multiple input-validation vulnerabilities, including SQL-injection issues and an HTML-injection issue, because the application fails to properly sanitize user-supplied input. Successful exploits of these vulnerabiliti...
MidiCart ASP - 'Item_Show.asp?ID2006quant' SQL Injection
source: https://www.securityfocus.com/bid/21273/info MidiCart ASP is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data...
JiRos Link Manager 1.0 - openlink.asp?LinkID SQL Injection
JiRos Link Manager 1.0 - openlink.asp?LinkID SQL Injection source: https://www.securityfocus.com/bid/21226/info JiRos Links Manager is prone to multiple input-validation vulnerabilities, including SQL- and HTML-injection issues, because it fails to sufficiently sanitize user-supplied data...
CreaDirectory 1.2 - search.asp?category SQL Injection
CreaDirectory 1.2 - search.asp?category SQL Injection source: https://www.securityfocus.com/bid/21230/info Creascripts creadirectory is prone to multiple input-validation vulnerabilities, inculding SQL-injection issues and a cross-site scripting issue, because the application fails to sufficientl...
vSpin Classified System 2004 - search.asp?minprice Cross-Site Scripting
vSpin Classified System 2004 - search.asp?minprice Cross-Site Scripting source: https://www.securityfocus.com/bid/21190/info vSpin Classified System is prone to multiple input-validation vulnerabilities, including SQL-injection and cross-site scripting issues, because the application fails to...
Debian DSA-1206-1 : php4 - several vulnerabilities
Several remote vulnerabilities have been discovered in PHP, a server-side, HTML-embedded scripting language, which may lead to the execution of arbitrary code. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3353 Tim Starling discovered that missing...
Enthrallweb eClassifieds - 'dirSub.asp?sid' SQL Injection
source: https://www.securityfocus.com/bid/21192/info eClassifieds is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access ...