CVEs

Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier allows remote attackers to read or write arbitrary files via a .. (dot dot) in the id parameter to the (1) upload or (2) attachment scripts.

Unknown vulnerability in "various plugins" for NanoBlogger 3.2.1 and earlier allows remote attackers to execute arbitrary commands.

Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 through 10.0 for Windows, and 9.0.4019 through 9.1.307 for Netware allows remote attackers to execute arbitrary code via a CONNECT_CLIENT_AUTH request with authentication method type 3 (Windows credentials) and…

Multiple cross-site scripting vulnerabilities in Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ref parameter to login.php, (2) id or (3) page parameter to viewtopic.php, id parameter to (4) profile.php,…

JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain sensitive information via a GET request (1) with a "%." (percent dot), which reveals the installation path or (2) with a % (percent) before a filename, which reveals the contents of the file.

Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).

Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch 1 and Sun ONE Messaging Server 6.2 allows remote attackers to execute arbitrary Javascript, possibly due to a cross-site scripting (XSS) vulnerability.

The send_pinentry_environment function in asshelp.c in gpg2 on SUSE Linux 9.3 does not properly handle certain options, which can prevent pinentry from being found and causes S/MIME signing to fail.

Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers to cause a denial of service via (1) certain "unusual HTML messages" or (2) "certain malformed headers" such as Content-Type.

amaroK Web Frontend 1.3 stores the globals.inc file under the web root without a .php extension and insufficient access control, which allows remote attackers to obtain the database username and password via a direct request to the file.

Directory traversal vulnerability in XAMPP before 1.4.14 allows remote attackers to inject arbitrary HTML and PHP code via lang.php.

The mmap function in the Linux Kernel 2.6.10 can be used to create memory maps with a start address beyond the end address, which allows local users to cause a denial of service (kernel crash).

Gaim before 1.3.1 allows remote attackers to cause a denial of service (application crash) via a Yahoo! message with non-ASCII characters in a file name.

The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote attackers to bypass access restrictions and perform unauthorized actions on other domains via a redirect.

Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 allows remote attackers to inject arbitrary web script or HTML via "javascript:" URLs when a new window or frame is opened, which allows remote attackers to bypass access restrictions and perform unauthorized…

AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does not properly remove an ACL when a file is copied to a directory that does not use ACLs, which will override the POSIX file permissions for that ACL.

Buffer overflow in the legacy client support for AFP Server for Mac OS X 10.4.1 allows attackers to execute arbitrary code.

Unknown vulnerability in the CoreGraphics Window Server for Mac OS X 10.4.x up to 10.4.1 allows local users to inject arbitrary commands into root sessions.

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.4 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in (1) the URL or (2) an e-mail message.

The eping_validaddr function in functions.php for the ePing plugin for e107 portal allows remote attackers to execute arbitrary commands via shell metacharacters after a valid argument to the eping_host parameter.

Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 Milestone 2 and earlier allow remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the (1) products_id or (2) pid parameter to index.php or (3) goto parameter…

Directory traversal vulnerability in Pico Server (pServ) 3.3 allows remote attackers to read arbitrary files and execute arbitrary commands via a /./ (slash dot slash) before each .. (dot dot) sequence in the URL, which results in an incorrect directory depth count.

singapore 0.9.11 allows remote attackers to obtain sensitive information via a direct request to (1) admin.class.php, (2) any .tpl.php file in templates/admin_default/, or (3) any .tpl.php file in templates/default/, which reveal the path in an error message.

Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 allows remote attackers to inject arbitrary web script or HTML via the (1) errorcode parameter to index.php or (2) certain fields to clients.php.

Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive information via certain requests to (1) reports.php, (2) knowledgebase.php, or (3) configuration.php, which leaks the information in a PHP error message.

PHP remote file inclusion vulnerability in siteframe.php for Broadpool Siteframe allows remote attackers to execute arbitrary code via a URL in the LOCAL_PATH parameter.

Multiple SQL injection vulnerabilities in ProductCart Ecommerce before 2.7 allow remote attackers to execute arbitrary SQL commands via the (1) idcategory parameter to viewPrd.asp, (2) lid parameter to editCategories.asp, (3) icd parameter to modCustomCardPaymentOpt.asp, or (4)…

Symantec pcAnywhere 10.5x and 11.x before 11.5, with "Launch with Windows" enabled, allows local users with physical access to execute arbitrary commands via the Caller Properties feature.

Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta and earlier allows remote attackers to include arbitrary local files via ".." sequences in the language parameter.

Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 Update 1 allows applications to assign permissions to themselves and gain privileges.

Unspecified vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 and 5.0 Update 1 and J2SE 1.4.2 up to 1.4.2_07, as used in multiple products and platforms including (1) HP-UX and (2) APC PowerChute, allows applications to assign permissions to themselves and gain…

Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.

Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain sensitive information via an invalid (zero) id parameter to (1) viewtopic.php, (2) profile.php, or (3) newpost.php, which reveals the path in an error message.

Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information on registered users via a direct request to db/users.dat.

Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a hard-coded account and password for debugging, which allows remote attackers to gain privileges.

Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does not properly restrict certain debugging commands to the ADMIN account, which could allow attackers to obtain sensitive information or modify the registry.

Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords in the users.dat file, which allows attackers to easily decrypt the passwords and gain privileges, possibly after exploiting CVE-2005-2005 to obtain users.dat.

Multiple SQL injection vulnerabilities in socialMPN allow remote attackers to execute arbitrary SQL commands via (1) the sid parameter to article.php, (2) uname parameter to user.php, (3) siteid parameter to viewforum.php, (4) username parameter to newtopic.php, the (5) secid or…

Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows local users to overwrite arbitrary files.

SQL injection vulnerability in login.asp for Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to execute arbitrary SQL commands via the password.

modifyUser.asp in Cool Cafe (Cool Café) Chat 1.2.1 allows remote attackers to obtain the administrator password and email address via a modified nickname value.

Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 allows remote attackers to inject arbitrary web script or HTML via onmouseover or other events in HTML tags.

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 and 1.5 RC 1 allow remote attackers to inject arbitrary web script or HTML via the (1) show_course parameter to browse.php, (2) subject parameter to contact.php, (3) cid parameter to content.php, (4) l parameter…

Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to cause a denial of service (CPU consumption and slowdown) via a message with a long Content-Type header without any boundaries.

The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."

Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.

PHP remote file inclusion vulnerability in start.php in Bitrix Site Manager 4.0.x allows remote attackers to execute arbitrary PHP code via the _SERVER[DOCUMENT_ROOT] parameter.

show.php in McGallery 1.1 allows remote attackers to connect to arbitrary databases, or gain sensitive information by triggering an error, via a modified host parameter.

Directory traversal vulnerability in admin.php in McGallery 1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter.

Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in paFileDB 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) sortby or (2) filelist parameters to the category action (category.php), or (3) pages parameter in the viewall action…