CVEs

Unrestricted file upload vulnerability in RapidKill (aka PHP Rapid Kill) 5.7 Pro, and certain other versions, allows remote attackers to upload and execute arbitrary PHP scripts via the "Link to Download" field. NOTE: it is possible that the field value is restricted to files…

PHP remote file inclusion vulnerability in admin/e_data/visEdit_control.class.php in ActiveCampaign KnowledgeBuilder 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the visEdit_root parameter, a different vector than CVE-2003-1131.

PHP remote file inclusion vulnerability in common.php in Yuuki Yoshizawa Exporia 0.3.0 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: SecurityFocus disputes this issue, saying "further analysis reveals that the application is not…

Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. NOTE: this issue may overlap CVE-2006-5195.

index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.

PHP remote file inclusion vulnerability in index.php in Chris Mac gtcatalog (aka GimeScripts Shopping Catalog) 0.9.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter.

Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."

Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of…

Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.

SQL injection vulnerability in Products.asp in NuStore 1.0 allows remote attackers to execute arbitrary SQL commands via the SubCatagoryID parameter.

SQL injection vulnerability in propertysdetails.asp in Dynamic Dataworx NuRealestate (NuRems) 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the PropID parameter.

SQL injection vulnerability in CampusNewsDetails.asp in Dynamic Dataworx NuSchool 1.0 allows remote attackers to execute arbitrary SQL commands via the NewsID parameter.

SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

SQL injection vulnerability in printLog.php in BrewBlogger (BB) 1.3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in detail.asp in Superfreaker Studios USupport 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

SQL injection vulnerability in detail.asp in Superfreaker Studios UStore 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

SQL injection vulnerability in MoreInfo.asp in The Net Guys ASPired2Poll 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Multiple PHP remote file inclusion vulnerabilities in iWonder Designs Storystream 0.4.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the baseDir parameter to (1) mysql.php and (2) mysqli.php in include/classes/pear/DB/.

Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie, as demonstrated by injecting PHP sequences into an Apache…

PHP remote file inclusion vulnerability in core/core.php in EncapsCMS 0.3.6 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter.

Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer…

Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."

Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.

The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."

Multiple unspecified vulnerabilities in DirectAnimation ActiveX controls for Microsoft Internet Explorer 5.01 through 6 have unknown impact and remote attack vectors, possibly related to (1) Danim.dll and (2) Lmrt.dll, a different set of vulnerabilities than CVE-2006-4446 and…

PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.

Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.

Cross-site request forgery (CSRF) vulnerability in Edgewall Trac 0.10 and earlier allows remote attackers to perform unauthorized actions as other users via unknown vectors.

SQL injection vulnerability in default1.asp in ASPPortal 4.0.0 beta and earlier allows remote attackers to execute arbitrary SQL commands via the Poll_ID parameter, a different vector than CVE-2006-1353.

SQL injection vulnerability on the subMenu page in switch.asp in Munch Pro 1.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter.

SQL injection vulnerability in cl_CatListing.asp in Dynamic Dataworx NuCommunity 1.0 allows remote attackers to execute arbitrary SQL commands via the cl_cat_ID parameter.

Stack-based buffer overflow in the Broadcom BCMWL5.SYS wireless device driver 3.50.21.10, as used in Cisco Linksys WPC300N Wireless-N Notebook Adapter before 4.100.15.5 and other products, allows remote attackers to execute arbitrary code via an 802.11 response frame containing…

Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) dir parameter in (a) seldir.html, and the (2) user and (3) dir parameters in (b) newuser.html.

Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors.

PHP remote file inclusion vulnerability in inc/session.php for LetterIt 2 allows remote attackers to execute arbitrary PHP code via a URL in the lang parameter.

Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1)…

PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.

Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter.

Heap-based buffer overflow in the IMA_SECURE_DecryptData1 function in ImaSystem.dll for Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to execute arbitrary code via requests to the Independent Management Architecture (IMA) service…

The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped…

Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.

PHP remote file inclusion vulnerability in ad_main.php in PHPAdventure 1.1-Alpha and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _mygamefile parameter.

Multiple SQL injection vulnerabilities in Abarcar Realty Portal allow remote attackers to execute arbitrary SQL commands via the (1) neid parameter to newsdetails.php, or the (2) slid parameter to slistl.php. NOTE: the cat vector is already covered by CVE-2006-2853. NOTE: the…

Multiple PHP remote file inclusion vulnerabilities in dodosmail.php in DodosMail 2.0.1 and earlier, and possibly 2.1, allow remote attackers to execute arbitrary PHP code via a URL in the (1) dodosmail_header_file or (2) dodosmail_footer_file parameters.

The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information.

Cross-site scripting (XSS) vulnerability in index.php in Speedywiki 2.0 allows remote attackers to inject arbitrary web script or HTML via the showRevisions parameter.

Speedywiki 2.0 allows remote attackers to obtain the full path of the web server via the (1) showRevisions[] and (2) searchText[] parameters in (a) index.php, and (b) a direct request to upload.php without any parameters.

Unrestricted file upload vulnerability in index.php in Speedywiki 2.0 allows remote authenticated users to upload and execute arbitrary PHP code by setting the upload parameter to 1.

Directory traversal vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to read and include arbitrary files via a .. (dot dot) in the page parameter, a different vector than CVE-2006-5773.