CVE-2006-1141

Buffer overflow in qmailadmin.c in QmailAdmin before 1.2.10 allows remote attackers to execute arbitrary code via a long PATHINFO environment variable...

Cross site scripting

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

CVE-2006-1089

Cross-site scripting XSS vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHPSELF variable is used to handle a punpage tag...

CVE-2006-1089

CVE-2006-1089 affects PunBB 1.2.10, where an XSS flaw resides in header.php. The vulnerability arises when handling the pun_page tag and relies on the PHP_SELF variable, allowing remote attackers to inject arbitrary script/HTML via the URL. The associated NVD entry lists a Medium base impact with...

18ZLZA.txt

Summary: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 http://www.zonelabs.com/ Details: During Windows startup the TrueVector service vsmon.exe - an integral piece of most Zone Labs products is set to startup automatically. The TrueVector service runs und...

Fantastic News 2.1.2 - script_path Remote Code Execution

Fantastic News 2.1.2 - scriptpath Remote Code Execution !/usr/bin/perl Fantastic News v2.1.2 and possibly below Remote Command Execution Bug Found By uid0 Exploit Coded by Zod c 2006 ExploiterCode.com usage: perl FNews.pl perl FNews.pl http://site.com/FNews/ http://site.com/cmd.txt cmd cmd shell...

Cross site scripting

Cross-site scripting XSS vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field mesto variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2006-0886

The provided sources describe a Cross-site scripting (XSS) vulnerability in DEV web management system 1.5, specifically in register.php, exploitable via the City/Region field (mesto variable). Remote attackers could inject arbitrary web script or HTML. The vulnerability affects the register.php h...

CVE-2006-0877

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable...

Cross site scripting

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable...

CVE-2006-0877

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable...

zoo contains exploitable buffer overflows

Topic: zoo contains exploitable buffer overflows Announced: 2006-02-22 Product: zoo Category: Applications/Archiving Impact: Remote code execution Credits: Jean-Sbastien Guay-Leroux I. BACKGROUND zoo is a file archiving utility for maintaining collections of files. It uses Lempel-Ziv compression ...

Remote file inclusion

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the includepath variable, which is not initialized before being used...

CVE-2006-0854

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the includepath variable, which is not initialized before being used...

CVE-2006-0791

PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use...

Sql injection

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php date.php was originally reported, but this appears to be in error...

CVE-2006-0775

BirthSys 3.1 contains SQL Injection in show.php exploitable via the $month parameter. The vulnerability allows remote attackers to craft arbitrary SQL queries; there is mention of an additional vector for $date/data.php that is considered in error. Public sources report exploitation is available ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2006-0707

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / slash characters, which is accessed using the PATHINFO variable...