Multiple SQL injection vulnerabilities in Softbiz Resource Repository Script 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) sbres_id parameter in (a) details_res.php, (b) refer_friend.php, and (c) report_link.php, and (2) the sbcat_id parameter in (d) showcats.php.
Directory traversal vulnerability in index.php in PHP Doc System 1.5.1 and earlier allows remote attackers to access or include arbitrary files via a .. (dot dot) in the show parameter.
Multiple SQL injection vulnerabilities in Simple Document Management System (SDMS) 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the (1) folder_id parameter in list.php and (2) mid parameter in a view action to messages.php.
Multiple SQL injection vulnerabilities in adcbrowres.php in AD Center ADC2000 NG Pro 1.2 and NG Pro Lite allow remote attackers to execute arbitrary SQL commands via the (1) cat and (2) lang parameters.
Multiple SQL injection vulnerabilities in Enterprise Connector 1.0.2 and earlier allow remote attackers to execute arbitrary SQL commands via the messageid parameter in (1) send.php or (2) a delete action in messages.php.
SQL injection vulnerability in netzbr.php in Netzbrett 1.5.1 and earlier allows remote attackers to execute arbitrary SQL commands via the p_entry parameter in an entry command to index.php.
Multiple SQL injection vulnerabilities in Ugroup 2.6.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) FORUM_ID parameter in forum.php, and the (2) TOPIC_ID, (3) FORUM_ID, and (4) CAT_ID parameters in topic.php.
Multiple SQL injection vulnerabilities in Joels Bulletin board (JBB) 0.9.9rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nr parameter in topiczeigen.php, (2) forum and (3) zeigeseite parameters in showforum.php, (4) forum parameter in newtopic.php, and (5) tidnr parameter in neuerbeitrag.php.
Multiple SQL injection vulnerabilities in edmobbs9r.php in edmoBBS 0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) table and (2) messageID parameters.
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term, (2) id, (3) stat, and (4) source parameters to index.php, and (5) through the image parameters with an add request.
Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used when performing a search.
Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used when performing a search.
SQL injection vulnerability in index.php in AllWeb search 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameter.
SQL injection vulnerability in index.php in SourceWell 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the cnt parameter. NOTE: various reports indicate that the affected version is 1.1.3, but as of 2005-11-29, the most recent version appears to be 1.1.2.
Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.
PHP remote file inclusion vulnerability in content.php in phpGreetz 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the content parameter.
PHP remote file inclusion vulnerability in athena.php in Oliver May Athena PHP Website Administration 0.1a allows remote attackers to execute arbitrary PHP code via a URL in the athena_dir parameter.
PHP remote file inclusion vulnerability in q-news.php in Q-News 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the id parameter.
Memory leak in the ip6_input_finish function in ip6_input.c in Linux kernel 2.6.12 and earlier might allow attackers to cause a denial of service via malformed IPv6 packets with unspecified parameter problems, which prevents the SKB from being freed.
The time_out_leases function in locks.c for Linux kernel before 2.6.15-rc3 allows local users to cause a denial of service (kernel log message consumption) by causing a large number of broken leases, which is recorded to the log using the printk function.
The Popular URL capability (popularurls.cpp) in Krusader 1.60.0 and 1.70.0-beta1 saves passwords in cleartext in the krusaderrc file when the user enters URLs containing passwords in the panel URL field, which might allow attackers to access other sites.
Cross-site scripting (XSS) vulnerability in index.php in EasyPageCMS allows remote attackers to inject arbitrary web script or HTML via the cat parameter.
SQL injection vulnerability in snews.php in sNews 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category parameters to index.php.
SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
Cross-site scripting (XSS) vulnerability in search.asp in Online Attendance System (OASYS) Lite 1.0 allows remote attackers to inject arbitrary web script or HTML via certain search parameters, possibly the keyword parameter.
Cross-site scripting (XSS) vulnerability in search.asp in Online Knowledge Base System (OKBSYS) Lite Edition 1.0 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the q parameter.
Cross-site scripting (XSS) vulnerability in the Search module in PmWiki up to 2.0.12 allows remote attackers to inject arbitrary web script or HTML via the q parameter.
Memory leak in the icmp_push_reply function in Linux 2.6 before 2.6.12.6 and 2.6.13 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted packets that cause the ip_append_data function to fail, aka "DST leak in icmp_push_reply."
The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.
SQL injection vulnerability in news.php in Fantastic News 2.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter.
SQL injection vulnerability in invoices.php in EZ Invoice Inc 2.0 allows remote attackers to execute arbitrary SQL commands via the i parameter. NOTE: the vendor has stated "EZ Invoice, Inc has a patah available. Please email support@ezinvoiceinc.com and EZI will email you the patch to fix this small issue."
SQL injection vulnerability in phpWordPress PHP News and Article Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the (1) poll and (2) category parameters to index.php, and (3) the ctg parameter in an archive action.
SQL injection vulnerability in index.php in pdjk-support suite 1.1a and earlier allows remote attackers to execute arbitrary SQL commands via the (1) rowstart, (2) news_id, and (3) faq_id parameters.
Cross-site scripting (XSS) vulnerability in kPlaylist 1.6 (build 400), and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the searchfor search parameter.
SQL injection vulnerability in kb.php in Omnistar Live 5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id and (2) category_id parameter. NOTE: due to a typo, an Internet Explorer issue was incorrectly assigned this identifier, but the correct identifier is CVE-2005-3240.
Cross-site scripting (XSS) vulnerability in SupportPRO Supportdesk allows remote attackers to inject arbitrary web script or HTML via the (1) post tickers and (2) view tickets options.
Multiple SQL injection vulnerabilities in search.php in IsolSoft Support Center 2.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) lorder, (2) Priority, (3) Status, (4) Category, (5) searchvalue, and (6) field parameter.
Cross-site scripting (XSS) vulnerability in the search module in sCssBoard 1.2 and 1.12, and earlier versions, allows remote attackers to inject arbitrary web script or HTML via the search_term parameter.
PHP remote file inclusion vulnerability in support/index.php in DeskLance 2.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the main parameter.
Cross-site scripting (XSS) vulnerability in search.php in Tunez 1.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchFor parameter.
SQL injection vulnerability in songinfo.php in Tunez 1.21 and earlier allows remote attackers to execute arbitrary SQL commands via the song_id parameter.
Stack-based buffer overflow in (1) CxUux60.dll and (2) CxUux60u.dll, as used in SpeedProject products including (a) Squeez 5.0 Build 4285, and (b) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
Stack-based buffer overflow in (1) CxZIP60.dll and (2) CxZIP60u.dll, as used in SpeedProject products including (a) ZipStar 5.0 Build 4285, (b) Squeez 5.0 Build 4285, and (c) SpeedCommander 11.0 Build 4430 and 10.51 Build 4430, allows user-assisted attackers to execute arbitrary code via a ZIP archive containing a long filename.
index.php in ActiveCampaign SupportTrio 1.4 and earlier allows remote attackers to read or include arbitrary files via the page parameter, possibly due to a directory traversal vulnerability.