Directory traversal vulnerability in download.cgi in EZFactory KDDI Download CGI 1.x allows remote attackers to read and download arbitrary files via a .. (dot dot) in the name parameter. Date published : 2007-07-11 http://www.au.kddi.com/ezfactory/tec/dlcgi/info.html...
Multiple SQL injection vulnerabilities in changePW.php in AV Tutorial Script (avtutorial) 1.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) userid parameters, a different...
The Forward module before 4.7-1.1 and 5.x before 5.x-1.0 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node...
The Print module before 4.7-1.0 and 5.x before 5.x-1.2 for Drupal allows remote attackers to read restricted posts in (1) Organic Groups, (2) Taxonomy Access Control, (3) Taxonomy Access Lite, and other unspecified node...
Multiple cross-site request forgery (CSRF) vulnerabilities in DotClear 1.2.6 allow remote attackers to perform actions as arbitrary users via the (1) tool_url parameter to ecrire/tools.php and multiple fields on the (2) blogconf, (3) blogroll,...
SQL injection vulnerability in inferno.php in the Inferno Technologies RPG Inferno 2.4 and earlier, a vBulletin module, allows remote authenticated attackers to execute arbitrary SQL commands via the id parameter in a ScanMember do...
CRLF injection vulnerability in db.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary HTTP headers and data via CRLF sequences in the HTTP_REFERER parameter. Date published : 2007-07-11...
Cross-site scripting (XSS) vulnerability in rpc.php in Unobtrusive Ajax Star Rating Bar before 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. Date published : 2007-07-11 http://www.securityfocus.com/bid/24840 http://www.cirt.net/advisories/unobtrusive_ajax_star_rating.shtml
Multiple SQL injection vulnerabilities in Unobtrusive Ajax Star Rating Bar before 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) q and (2) t parameters in (a) db.php and (b) rpc.php....
SQL injection vulnerability in pagetopic.php in Aigaion 1.3.3 and earlier allows remote attackers to execute arbitrary SQL commands via the topic_id parameter. Date published : 2007-07-11 http://www.securityfocus.com/bid/24836 https://www.exploit-db.com/exploits/4164
SQL injection vulnerability in index.php in OpenLD 1.2.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-07-11 http://www.securityfocus.com/bid/24838 https://www.exploit-db.com/exploits/4167
The IOCTL 9031 (BIOCGSTATS) handler in the NPF.SYS device driver in WinPcap before 4.0.1 allows local users to overwrite memory and execute arbitrary code via malformed Interrupt Request Packet (Irp) parameters. Date published :...
Stack-based buffer overflow in the odm_searchpath function in libodm in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary code via a long ODMPATH environment variable. Date published : 2007-07-11 http://www-1.ibm.com/support/docview.wss?uid=isg1IY97632 http://www.securityfocus.com/bid/24841
Stack-based buffer overflow in the MSWord text-import extension (Word 6-2000 Filter.xnt) in QuarkXPress 7.2 for Windows, when using the Rectangle Text Box tool for importing text, allows user-assisted remote attackers to execute arbitrary code...