SQL injection vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to execute arbitrary SQL commands via the order parameter. Date published : 2007-03-22 http://www.securityfocus.com/archive/1/462702/100/100/threaded http://securityreason.com/securityalert/2453
** DISPUTED ** Directory traversal vulnerability in check_vote.php in Weekly Drawing Contest 0.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the order parameter. NOTE: another researcher disputes this...
PHP remote file inclusion vulnerability in module.php in Digital Eye Gallery 1.1 Beta (aka 0.1.1b) allows remote attackers to execute arbitrary PHP code via a URL in the menu parameter. Date published : 2007-03-22...
wp-login.php in WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information via the redirect_to parameter. Date published : 2007-03-22 http://www.securityfocus.com/archive/1/463291/100/0/threaded http://www.debian.org/security/2008/dsa-1601
Stack-based buffer overflow in InterVations FileCOPA FTP Server 1.01 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by filecopa.tar by Immunity. NOTE: some of these details are obtained from third...
Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and...
Multiple PHP remote file inclusion vulnerabilities in the NFN Address Book (com_nfn_addressbook) 0.4 component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to...
The Asterisk Extension Language (AEL) in pbx/pbx_ael.c in Asterisk does not properly generate extensions, which allows remote attackers to execute arbitrary extensions and have an unknown impact by specifying an invalid extension in a...
The handle_response function in chan_sip.c in Asterisk before 1.2.17 and 1.4.x before 1.4.2 allows remote attackers to cause a denial of service (crash) via a SIP Response code 0 in a SIP packet. Date...
net/ipv6/tcp_ipv6.c in Linux kernel 2.6.x up to 2.6.21-rc3 inadvertently copies the ipv6_fl_socklist from a listening TCP socket to child sockets, which allows local users to cause a denial of service (OOPS) or double free...
VsapiNT.sys in the Scan Engine 8.0 for Trend Micro AntiVirus 14.10.1041, and other products, allows remote attackers to cause a denial of service (kernel fault and system crash) via a crafted UPX file with...
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request. Date published : 2007-03-22 http://www.securityfocus.com/bid/23084 http://www.zope.org/Products/Zope/Hotfix-2007-03-20/announcement/view
Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR Mailserver before 4.2.15.0 allow remote attackers to execute arbitrary code via a long (1) EXAMINE, (2) DELETE, (3) SUBSCRIBE, (4) RENAME, (5) UNSUBSCRIBE, (6)...
PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same...