CVE-2006-1089

CVE-2006-1089 affects PunBB 1.2.10, where an XSS flaw resides in header.php. The vulnerability arises when handling the pun_page tag and relies on the PHP_SELF variable, allowing remote attackers to inject arbitrary script/HTML via the URL. The associated NVD entry lists a Medium base impact with...

18ZLZA.txt

Summary: 18 ways to escalate privileges in Zone Labs ZoneAlarm Security Suite build 6.1.744.000 http://www.zonelabs.com/ Details: During Windows startup the TrueVector service vsmon.exe - an integral piece of most Zone Labs products is set to startup automatically. The TrueVector service runs und...

Fantastic News 2.1.2 - script_path Remote Code Execution

Fantastic News 2.1.2 - scriptpath Remote Code Execution !/usr/bin/perl Fantastic News v2.1.2 and possibly below Remote Command Execution Bug Found By uid0 Exploit Coded by Zod c 2006 ExploiterCode.com usage: perl FNews.pl perl FNews.pl http://site.com/FNews/ http://site.com/cmd.txt cmd cmd shell...

Cross site scripting

Cross-site scripting XSS vulnerability in register.php in DEV web management system 1.5 allows remote attackers to inject arbitrary web script or HTML via the "City/Region" field mesto variable. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...

CVE-2006-0886

The provided sources describe a Cross-site scripting (XSS) vulnerability in DEV web management system 1.5, specifically in register.php, exploitable via the City/Region field (mesto variable). Remote attackers could inject arbitrary web script or HTML. The vulnerability affects the register.php h...

CVE-2006-0877

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable...

Cross site scripting

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable...

CVE-2006-0877

Cross-site scripting vulnerability in Easy Forum 2.5 allows remote attackers to inject arbitrary web script or HTML via the image variable...

zoo contains exploitable buffer overflows

Topic: zoo contains exploitable buffer overflows Announced: 2006-02-22 Product: zoo Category: Applications/Archiving Impact: Remote code execution Credits: Jean-Sbastien Guay-Leroux I. BACKGROUND zoo is a file archiving utility for maintaining collections of files. It uses Lempel-Ziv compression ...

Remote file inclusion

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the includepath variable, which is not initialized before being used...

CVE-2006-0854

PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the includepath variable, which is not initialized before being used...

CVE-2006-0791

PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use...

Sql injection

Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. NOTE: a vector regarding the $date parameter and data.php date.php was originally reported, but this appears to be in error...

CVE-2006-0775

BirthSys 3.1 contains SQL Injection in show.php exploitable via the $month parameter. The vulnerability allows remote attackers to craft arbitrary SQL queries; there is mention of an additional vector for $date/data.php that is considered in error. Public sources report exploitation is available ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2006-0758

Multiple cross-site scripting XSS vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in 1 index.php and 2 possibly certain other scripts, which is not properly cleansed when accessed from the...

CVE-2006-0707

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / slash characters, which is accessed using the PATHINFO variable...

CVE-2006-0707

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / slash characters, which is accessed using the PATHINFO variable...

CVE-2006-0707

PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / slash characters, which is accessed using the PATHINFO variable...

Cross site request forgery (csrf)

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable...