MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table. Date published : 2007-07-15 http://www.securityfocus.com/bid/25017 http://www.securityfocus.com/archive/1/473874/100/0/threaded
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the...
MySQL Community Server before 5.0.45 allows remote attackers to cause a denial of service (daemon crash) via a malformed password packet in the connection protocol. Date published : 2007-07-15 http://www.securityfocus.com/bid/25017 http://www.securityfocus.com/archive/1/473874/100/0/threaded
PHP local file inclusion vulnerability in gpg_pop_init.php in the G/PGP (GPG) Plugin before 20070707 for Squirrelmail allows remote attackers to include and execute arbitrary local files, related to the MOD parameter. Date published :...
The G/PGP (GPG) Plugin 2.0, and 2.1dev before 20060912, for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the messageSignedText parameter to the gpg_check_sign_pgp_mime function in gpg_hook_functions.php. NOTE: a parameter...
avg7core.sys 7.5.0.444 in Grisoft AVG Anti-Virus 7.5.448 and Free Edition 7.5.446, provides an internal function that copies data to an arbitrary address, which allows local users to gain privileges via arbitrary address arguments to...
Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allow remote attackers to obtain sensitive information via unspecified vectors that reveal the SNMP community strings and configuration settings, aka (1) CSCsj20668...
Unspecified vulnerability in Cisco Unified Communications Manager (CUCM, formerly CallManager) and Unified Presence Server (CUPS) allows remote attackers to cause a denial of service (loss of cluster services) via unspecified vectors, aka (1) CSCsj09859...
Dvbbs 7.1.0 SP1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Data/Dvbbs7.mdb. Date published : 2007-07-15 http://www.securityfocus.com/archive/1/473374/100/0/threaded http://osvdb.org/39747
Cross-site request forgery (CSRF) vulnerability in the Email-Template module in Generic YouTube Clone Script allows remote attackers to upload files with arbitrary file types to templates/emails/ as administrators. Date published : 2007-07-15 http://www.securityfocus.com/archive/1/473192/100/0/threaded http://chxsecurity.org/advisories/adv-2-mid.txt
Directory traversal vulnerability in news/show.php in PsNews 1.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the newspath parameter. Date published : 2007-07-15 https://www.exploit-db.com/exploits/4174 http://osvdb.org/37684
Stack-based buffer overflow in the Internet E-mail Auto-Protect feature in Symantec AntiVirus Corporate Edition before 10.1, and Client Security before 3.1, allows local users to cause a denial of service (service crash) via a...
The terminal_helper_execute function in terminal/terminal.c in Xfce Terminal 0.2.6 allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a crafted link, as demonstrated using the "Open Link" functionality. Date published :...
Cross-site scripting (XSS) vulnerability in the mirrored server management interface in SurgeFTP 2.3a1 allows user-assisted, remote FTP servers to inject arbitrary web script or HTML via a malformed response without a status code, which...