Static code injection vulnerability in process.php in AimStats 3.2 and earlier allows remote attackers to inject PHP code into config.php via the databasehost parameter. NOTE: the provenance of this information is unknown; the details...
Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action. Date published : 2007-04-22 http://www.securityfocus.com/bid/23573 http://www.x-pose.org/aimstats.php
PHP remote file inclusion vulnerability in administration/user/lib/group.inc.php in OpenSurveyPilot (osp) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfgPathToProjectAdmin parameter. Date published : 2007-04-22 http://www.securityfocus.com/bid/23563 https://www.exploit-db.com/exploits/3765
The Auth API in ProFTPD before 20070417, when multiple simultaneous authentication modules are configured, does not require that the module that checks authentication is the same as the module that retrieves authentication data, which...
Konqueror 3.5.5 release 45.4 allows remote attackers to cause a denial of service (browser crash or abort) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Date published...
Apple Safari allows remote attackers to cause a denial of service (browser crash) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Date published : 2007-04-22 http://www.securityfocus.com/archive/1/466017/100/0/threaded http://www.securityfocus.com/archive/1/466043/100/0/threaded
(1) Mozilla Firefox 2.0.0.3 and (2) GNU IceWeasel 2.0.0.3 allow remote attackers to cause a denial of service (browser crash or system hang) via JavaScript that matches a regular expression against a long string,...
Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (browser hang) via JavaScript that matches a regular expression against a long string, as demonstrated using /(.)*/. Date published : 2007-04-22...
Multiple cross-site request forgery (CSRF) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to perform unauthorized actions as an arbitrary user, a...
Multiple cross-site scripting (XSS) vulnerabilities in the Database Administration (dba) module 4.6.x-*, and before 4.7.x-1.2 in the 4.7.x-1.* series, for Drupal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors...
Heap-based buffer overflow in kde.dll in IBM Tivoli Monitoring Express 6.1.0 before Fix Pack 2, as used in Tivoli Universal Agent, Windows OS Monitoring agent, and Enterprise Portal Server, allows remote attackers to execute...
Stack-based buffer overflow in bgs_sdservice.exe in BMC Patrol PerformAgent allows remote attackers to execute arbitrary code by connecting to TCP port 10128 and sending certain XDR data, which is not properly parsed. Date published...
** DISPUTED ** PatrolAgent.exe in BMC Performance Manager does not require authentication for requests to modify configuration files, which allows remote attackers to execute arbitrary code via a request on TCP port 3181 for...
PHP remote file inclusion vulnerability in index.php in jGallery 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the G_JGALL[inc_path] parameter. Date published : 2007-04-19 https://www.exploit-db.com/exploits/3760 http://secunia.com/advisories/24956