SQL injection vulnerability in modules/myalbum/viewcat.php in the myAlbum-P 2.0 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the cid parameter. Date published : 2007-04-02 http://www.securityfocus.com/bid/23229 https://www.exploit-db.com/exploits/3632
SQL injection vulnerability in categos.php in the RM+Soft Gallery (rmgallery) 1.0 module for Xoops allows remote attackers to execute arbitrary SQL commands via the idcat parameter. Date published : 2007-04-02 http://www.securityfocus.com/bid/23250 https://www.exploit-db.com/exploits/3633
SQL injection vulnerability in genre.php in the debaser 0.92 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the genreid parameter. Date published : 2007-04-02 http://www.securityfocus.com/bid/23253 https://www.exploit-db.com/exploits/3630
PulseAudio 0.9.5 allows remote attackers to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2)...
Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses. Date published : 2007-04-02 http://www.securityfocus.com/bid/23207 http://jvn.jp/jp/JVN%2308951968/index.html
Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-04-02 http://www.securityfocus.com/bid/23207 http://jvn.jp/jp/JVN%2340511721/index.html
Directory traversal vulnerability in inc/lang.php in sBLOG 0.7.3 Beta allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the conf_lang_default parameter, as demonstrated by injecting PHP sequences...
Cisco Secure ACS does not require authentication when Cisco Trust Agent (CTA) transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE:...
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.3 only checks for the ".." string, which allows remote attackers to overwrite arbitrary files via modified ".." sequences in a torrent filename, as demonstrated by...
Buffer overflow in the drmgr command in IBM AIX 5.2 and 5.3 allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long path name. Date published...
Multiple integer overflows in ImageMagick before 6.3.3-5 allow remote attackers to execute arbitrary code via (1) a crafted DCM image, which results in a heap-based overflow in the ReadDCMImage function, or (2) the (a)...
Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 have unspecified attack vectors and impact. Date published : 2007-04-02 http://developers.jccorp.net/modules/newbb/viewtopic.php?topic_id=33&forum=8 http://osvdb.org/34988
JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from...
The Javascript engine in Mozilla 1.7 and earlier on Sun Solaris 8, 9, and 10 might allow remote attackers to execute arbitrary code via vectors involving garbage collection that causes deletion of a temporary...