Microsoft Exchange Collaboration Data Objects Crafted Email Code Execution
Microsoft Exchange contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to an error within the EXCDO (Exchange Collaboration Data Objects) and CDOEX (Collaboration Data Objects for Exchange) functionality when processing iCal and vCal properties in email messages. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.. Read more.
phpRaid auth.php Multiple Variable Remote File Inclusion
phpRaid contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to auth.php not properly sanitizing user input supplied to the 'phpbb_root_path' and 'smf_root_path' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
Ocean12 Calendar Manager Pro admin/edit.asp ID Variable SQL Injection
Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/edit.asp' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Ocean12 Calendar Manager Pro admin/main.asp date Variable SQL Injection
Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/main.asp' script not properly sanitizing user-supplied input to the 'date' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Ocean12 Calendar Manager Pro admin/main.asp date Variable XSS
Ocean12 Calendar Manager Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'date' variable upon submission to the 'admin/main.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
Ocean12 Calendar Manager Pro admin/view.asp SearchFor Variable SQL Injection
Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/view.asp' script not properly sanitizing user-supplied input to the 'SearchFor' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
PassMasterFlexPlus User-Agent HTTP Header Field XSS
PassMasterFlexPlus contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP User-Agent header field upon displaying it in the application log files. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when that user is viewing the log files, leading to a loss of integrity.. Read more.
Flexcustomer /admin/index.php Multiple Variable SQL Injection
Flexcustomer contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the '/admin/index.php' script not properly sanitizing user-supplied input to the 'checkuser' and 'checkpass' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Flexcustomer index.php Multiple Variable SQL Injection
Flexcustomer contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
Linux Kernel Socket Data Buffering Local DoS
The Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when the kernel buffers data for transfer over a socket pair. A flaw in the checking for available memory can result in a kernel panic when many socket pairs are created with the maximum kernel buffer size allocated to them. If the allocating process is then turned into a 'zombie' or if the corresponding file descriptors are closed but references are still held, the data to transfer will be held in the kernel, eventually resulting in memory exhaustion and hence in loss of availability for the platform.. Read more.
Vuln: Xine Playlist Handling Remote Format String Vulnerability
Xine Playlist Handling Remote Format String Vulnerability. Read more.
Vuln: PAFileDB Pafiledb_Constants.PHP Remote File Include Vulnerability
PAFileDB Pafiledb_Constants.PHP Remote File Include Vulnerability. Read more.
Vuln: Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
Adobe Dreamweaver Generated Code SQL Injection Vulnerabilities
. Read more.
Vuln: GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability
GNOME Foundation GDM .ICEauthority Improper File Permissions Vulnerability. Read more.
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability
ZDI-06-014: Verisign I-Nav ActiveX Control Code Execution Vulnerability. Read more.
Re: Firefox 1.5.0.3 - DoS
Re: Firefox 1.5.0.3 - DoS
. Read more.
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING
Re: IGNORING SSH CONNECTION USES ARP CACHE POISSONING. Read more.
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities
[ MDKSA-2006:084 ] - Updated MySQL packages fix several vulnerabilities. Read more.
