V-webmail 1.6.4 includes/pear/File.php CONFIG[pear_dir] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/30162/info V-webmail is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues can allow an attacker to compromise the application and t...

Solaris 7.0 CDE dtmail/mailtool Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/832/info here are three buffer overflow vulnerabilities in the CDE mail utilities, all of which are installed sgid mail by default. The first is exploited through overrunning a buffer in the Content-Type: field, which wou...

Ipswitch IMail 5.0 Imapd Buffer Overflow DoS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/502/info The imapd login process is susceptible to a buffer overflow attack which will crash the service. Telnet to target machine, port 143 OK IMAP4 Server IMail 4.06 X LOGIN glob1 glob2 Where glob1 is 1200 characters an...

Jinzora 2.7.5 ajax_request.php Multiple Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27876/info Jinzora is prone to multiple HTML-injection and cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary...

RobTex Viking Server 1.0.6 Build 355 Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1614/info A number of unchecked buffers exists in Robotex Viking Server. This enables a malicious user to either crash the application or execute arbitrary code, depending on the data supplied. / Robotex Viking Server...

Quick Classifieds 1.0 - controlpannel/index.php3 DOCUMENT_ROOT Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/28417/info Quick Classifieds is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the applicati...

DGNews 1.5.1/2.1 News.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24201/info DGNews is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploits could allow an attacker to compromis...

Nenriki CMS 0.5 'ID' Cookie SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34067/info Nenriki CMS is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise t...

LiveCart 1.0.1 user/remindComplete email Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/27087/info LiveCart is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browse...

OlateDownload 3.4 search.php query Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/20278/info OlateDownload is prone to multiple input-validation vulnerabilities, including HTML-injection and SQL-injection issues, because the application fails to properly sanitize user-supplied input. A successful explo...

CoffeeCup Software Password Wizard 4.0 HTML Source Password Retrieval Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7023/info A problem with the software may make it possible for remote users to gain unauthorized access to restricted resources. This vulnerability exists in Password Wizard configured to generate Java applets to password...

CSV2XML 0.5.1 - Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12027/info It is reported that csv2xml is susceptible to a buffer overflow vulnerability. This issue is due to a failure of the application to properly bounds check user-supplied data prior to copying it into a fixed-size...

E-Cart <= 1.1 (index.cgi) Remote Command Execution Exploit

No description provided by source. !/usr/bin/perl Example added if code doesn't work for ya: http://SITE/DIRTOECART/index.cgi?action=viewart&cat=reproductoresdvd&art=reproductordvp-ns315.dat|uname%20-a| /str0ke info: [email protected] use IO::Socket; print \n\n www.badroot.org \n\n; print...

NukeCalendar 1.1 .a eid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/10082/info NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities. These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences inclu...

PHP <= 5.2.11 'htmlspecialcharacters()' Malformed Multibyte Character Cross Site Scripting Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/37389/info PHP is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an...

ezContents 2.0.3 toprated.php GLOBALS[language_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

ezContents 2.0.3 showguestbook.php GLOBALS[admin_home] Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/19776/info ezContents is prone to multiple remote file-include vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker can exploit these issues to include an arbitrary remote fi...

PortailPHP 2 mod_news/goodies.php chemin Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/22381/info PortailPHP is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. A successful exploit of these issues allows an attacker to execute arbitrary...

OneOrZero Helpdesk 1.4 TUpdate.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7609/info An SQL injection issue has been reported to affect OneOrZero Helpdesk. The error presents itself in a OneOrZero Helpdesk script that fails to sufficiently sanitize user-supplied input before including it in SQL...

Omniture SiteCatalyst Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/21620/info Omniture SiteCatalyst is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage these issues to have arbitrary...