Cross-site scripting (XSS) vulnerability in search.php for sBlog 0.7.3 Beta allows remote attackers to inject arbitrary HTML and web script via a leading ‘"/> sequence in the search string. Date published : 2007-07-31 http://www.securityfocus.com/bid/25098...
Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php. Date published : 2007-07-31...
MLDonkey before 2.9.0 does not load certain code from $MLDONKEY/web_infos/ before the network modules become active, which allows remote attackers to bypass the IP blocklist. Date published : 2007-07-31 http://www.securityfocus.com/bid/25093 http://sourceforge.net/project/shownotes.php?release_id=527976
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags...
Tor before 0.1.2.15 can select a guard node beyond the first listed never-before-connected-to guard node, which allows remote attackers with control of certain guard nodes to obtain sensitive information and possibly leverage further attacks....
Tor before 0.1.2.15 does not properly distinguish "streamids from different exits," which might allow remote attackers with control over Tor routers to inject cells into arbitrary streams. Date published : 2007-07-30 http://www.securityfocus.com/bid/25035 http://archives.seul.org/or/announce/Jul-2007/msg00000.html
Tor before 0.1.2.15 sends "destroy cells" containing the reason for tearing down a circuit, which allows remote attackers to obtain sensitive information, contrary to specifications. Date published : 2007-07-30 http://www.securityfocus.com/bid/25035 http://archives.seul.org/or/announce/Jul-2007/msg00000.html
Buffer overflow in Tor before 0.1.2.15, when using BSD natd support, allows remote attackers to cause a denial of service via unspecified vectors. Date published : 2007-07-30 http://www.securityfocus.com/bid/25035 http://archives.seul.org/or/announce/Jul-2007/msg00000.html
SQL injection vulnerability in BSM Store Dependent Forums 1.02 allows remote attackers to execute arbitrary SQL commands via a Username field in an unspecified component, probably the FrmUserName parameter in login.asp. Date published :...
PHP remote file inclusion vulnerability in library/authorize.php in IDevSpot PhpHostBot allows remote attackers to execute arbitrary PHP code via a URL in the login_form parameter, a different vector than CVE-2006-3776. Date published : 2007-07-30...
Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request...
Directory traversal vulnerability in index.php in iFoto 1.0.1 and earlier allows remote attackers to list arbitrary directories, and possibly download arbitrary photos, via a .. (dot dot) in the dir parameter. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in Vikingboard 0.1.2 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to inc/lib/screen.php or (2) the title parameter to post.php. NOTE: vector 2...
Vikingboard 0.1.2 allows remote attackers to obtain sensitive information via the debug parameter to (1) forum.php, (2) cp.php, and possibly other unspecified components. Date published : 2007-07-30 http://www.securityfocus.com/bid/25060 http://lostmon.blogspot.com/2007/07/vikingboard-debug-information.html