V3 Chat Instant Messenger - 'online.php?site_id' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18543/info V3 Chat Instant Messenger is prone to multiple cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage these issues to have...

vCard PRO - search.php?event_id SQL Injection

vCard PRO - search.php?eventid SQL Injection source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successfu...

vCard PRO - create.php?card_id SQL Injection

vCard PRO - create.php?cardid SQL Injection source: https://www.securityfocus.com/bid/18699/info VCard PRO is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful...

Woltlab Burning Board 2.x - Multiple SQL Injections

Woltlab Burning Board 2.x - Multiple SQL Injections source: https://www.securityfocus.com/bid/18423/info Woltlab Burning Board is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful...

Kmita FAQ 1.0 - search.php?q Cross-Site Scripting

Kmita FAQ 1.0 - search.php?q Cross-Site Scripting source: https://www.securityfocus.com/bid/18282/info Kmita FAQ is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application t...

Alex DownloadEngine 1.4.1 - comments.php SQL Injection

Alex DownloadEngine 1.4.1 - comments.php SQL Injection source: https://www.securityfocus.com/bid/18293/info DownloadEngine is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A...

Kmita FAQ 1.0 - 'search.php?q' Cross-Site Scripting

source: https://www.securityfocus.com/bid/18282/info Kmita FAQ is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. A...

DEBIAN-CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via 1 nested tags in a select tag, 2 a DOMNodeRemoved mutation event, 3 "Content-implemented tree views," 4 BoxObjects, 5 the XBL implementation, 6 an ifram...

Important: Red Hat Security Advisory: kernel security update

Updated kernel packages that fix several security issues in the Red Hat Enterprise Linux 4 kernel are now available. This security advisory has been rated as having important security impact by the Red Hat Security Response Team. The Linux kernel handles the basic functions of the operating syste...

JemWeb DownloadControl 1.0 - 'DC.php' SQL Injection

source: https://www.securityfocus.com/bid/18041/info DownloadControl is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise t...

Cross site scripting

Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting XSS attacks via a title element with HTML encoded sequences such as "", which are automatically decoded by some RSS readers. NOTE: this issue is not in Bugzilla itself, but rather...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date SQL Injection

Ocean12 Technologies Calendar Manager Pro 1.0 1 - adminmain.asp?date SQL Injection source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issu...

Creative Software UK Community Portal 1.1 - DiscReply.php?mid SQL Injection

Creative Software UK Community Portal 1.1 - DiscReply.php?mid SQL Injection source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/main.asp?date' Cross-Site Scripting

source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

Ocean12 Technologies Calendar Manager Pro 1.0 1 - '/admin/edit.asp?ID' SQL Injection

source: https://www.securityfocus.com/bid/17877/info Calendar Manager Pro is prone to multiple input-validation vulnerabilities. The issues include cross-site scripting and SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input...

Creative Software UK Community Portal 1.1 - 'ArticleView.php?article_id' SQL Injection

source: https://www.securityfocus.com/bid/17890/info Creative Community Portal is prone to multiple SQL-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. A successful exploit could allow an...

Blog 0.2.30.2.4 Mod - Weblog_posting.php SQL Injection

Blog 0.2.30.2.4 Mod - Weblogposting.php SQL Injection source: https://www.securityfocus.com/bid/17744/info Blog Mod is prone to an SQL-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. A successful...

CVE-2005-0038

Summary (CVE-2005-0038): The DNS implementation in PowerDNS 2.9.16 and earlier is vulnerable to remote denial of service via a compressed DNS packet with a label length byte offset error that can trigger an infinite loop. This is corroborated by multiple sources in the connected documents (NVD, S...

CVE-2005-0037

The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop...