Design/Logic Flaw

Dynamic code evaluation vulnerability in tests/tmssql.php test script in ADOdb for PHP before 4.70, as used in multiple products including 1 Mantis, 2 PostNuke, 3 Moodle, 4 Cacti, 5 Xaraya, 6 PhpOpenChat, possibly 7 MAXdev MD-Pro, and 8 Simplog, allows remote attackers to execute arbitrary PHP...

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

DEBIAN-CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

CVE-2006-0151

sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158...

CVE-2006-0097

Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...

CVE-2006-0079

SQL injection vulnerability in auth.php in ScozNet ScozBook BETA 1.1 allows remote attackers to execute arbitrary SQL commands via the username field adminname variable...

EV0004.txt

New eVuln Advisory: Chipmunk Guestbook XSS Vulnerability --------------------Summary---------------- Vendor: Chipmunk http://www.chipmunk-scripts.com/ Software: Chipmunk Guestbook Versions: 1.4 and earlier Critical Level: Harmless Type: Cross-Site Scripting Class: Remote Status: Unpatched Exploit...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

InTouch 0.5.1 Alpha - User Variable SQL Injection

source: https://www.securityfocus.com/bid/16110/info inTouch is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromise of the...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-4864

Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable...

CVE-2005-4837

snmpapi.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service crash by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different...

CVE-2005-4604

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable...

DEBIAN-CVE-2005-4837

snmpapi.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service crash by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different...

Linux printer drivers mtink buffer overflow

Buffer overflow on oversized HOME environment variable...

Tolva.txt

Script: Tolva PHP website system Version: 0.1.0 Language: PHP Official Website: http://sourceforge.net/projects/twebs Problem: Remote File Include Discovered by: beford Description: ============ A complete collection of php scripts that work tightly together to create a highly customizable, dynam...

MySQL MaxDB WebTools special character buffer overflow

Added: 12/22/2005 CVE: CVE-2005-0684 BID: 13368 OSVDB: 15816 Background MaxDB is a SAP-certified open-source database developed by MySQL. The WebTools component offers a set of database tools which are accessible from a web browser. The wahttp program listens on port 9999 and processes HTTP...

CVE-2005-4212

Directory traversal vulnerability in coinincludes/db.php in phpCOIN 1.2.2 allows remote attackers to read arbitrary local files via ".." dot dot sequences in the $CCFGPKGPATHDBSE variable...

CVE-2005-4193

Cross-site scripting XSS vulnerability in UseBB before 0.7 allows remote attackers to inject arbitrary web script or HTML via the $SERVER'PHPSELF' variable...