Vulnerabilities (CVE)

Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters.

SQL injection vulnerability in the ReMOSitory Server add-on module to Mambo Portal 4.5.1 (1.09) and earlier allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in the com_remository option.

Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCa ... Multiple cross-site scripting (XSS) vulnerabilities in Scout Portal Toolkit (SPT) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the ss parameter in SPT--QuickSearch.php; (2) ParentId parameter in SPT--BrowseResources.php; (3) the ResourceId parameter in SPT--FullRecord.php; (4) ResourceOffset parameter in SPT--Home.php, (5) F_SearchString parameter in SPT--QuickSearch.php; (6) F_UserName and (7) F_Password parameters in SPT--UserLogin.php; (8) F_SearchCat1, (9) F_TextField1, (10) F_SearchCat2, (11) F_TextField2, (12) F_SearchCat3, (13) F_TextField3, (14) F_SearchCat4, (15) F_TextField4, (16) ResourceType, (17) Language, (18) Audience, (19) Format parameters in SPT--AdvancedSearch.php.

Show More

PHP remote file inclusion vulnerability in Redaxo 3.0 up to 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the REX[INCLUDE_PATH] parameter to image_resize/pages/index.inc.php.

SQL injection vulnerability in index.php in CavoxCms 1.0.16 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local users to gain privileges via the save option in the Database Manager, which is running with setgid bin privileges.

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.

dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.

nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.

Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the lvc_include_dir parameter to (1) config.inc.php or (2) new-visitor.inc.php in common/visiteurs/include/.

calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.

The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.

Multiple stack-based buffer overflows in the AirPort wireless driver on Apple Mac OS X 10.3.9 and 10.4.7 allow physically proximate attackers to execute arbitrary code by injecting crafted frames into a wireless network.

Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of service (server crash).

SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.

SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.

Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook.

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.

CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and earlier allows remote attackers to inject arbitrary HTTP headers and possibly conduct HTTP Response Splitting attacks via CRLF sequences in the Location header.

Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php.

Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.

Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element.

Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attackers to execute arbitrary code via (1) a long URL content type in CGI::readFile, (2) a long path in diskusage, and (3) a long fname in flist.

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors.

gFTP FTP client 1.13, and other versions before 2.0.0, records a password in plaintext in (1) the log window, or (2) in a log file.

The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.

PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php.

Directory traversal vulnerability in RadioBird Software WebServer 4 Everyone 1.23 and 1.27, and other versions before 1.30, allows remote attackers to read arbitrary files via an HTTP request with ".." (dot-dot) sequences containing URL-encoded forward slash ("%2F") characters.

The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.

Multiple cross-site scripting (XSS) vulnerabilities in QuickPayPro 3.1 allow remote attackers to inject arbitrary web script or HTML via various fields, such as those in (1) communication/subscribers.tracking.add.php, (2) support/tickets.add.php, and (3) mycompany/categories.php.

marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to obtain sensitive information via an invalid (1) file or (2) category parameter, which reveal the path in an error message.

Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) Mount and (2) PPP dissectors.

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.

The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.

The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to cause a denial of service (CPU consumption) via certain attacks that force the product to "compute unexpected conditions" and "perform cryptographic operations."