Buffer overflow in the fcgi_env_add function in mod_proxy_backend_fastcgi.c in the mod_fastcgi extension in lighttpd before 1.4.18 allows remote attackers to overwrite arbitrary CGI variables and execute arbitrary code via an HTTP request with a...
Stampit Web uses guessable id values for online stamp purchases, which allows remote attackers to cause a denial of service (stamp invalidation) via a SOAP request with an id value for a stamp that...
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function. Date published : 2007-09-11 http://www.securityfocus.com/archive/1/478988/100/0/threaded http://www.securityfocus.com/archive/1/478985/100/0/threaded
Multiple cross-application scripting (XAS) vulnerabilities in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. Date published : 2007-09-11 http://xs-sniper.com/blog/2007/08/20/say-cheeeeeese/ http://osvdb.org/45900
Multiple buffer overflows in Google Picasa have unspecified attack vectors and impact. NOTE: this information is based upon a vague pre-advisory. Date published : 2007-09-11 http://xs-sniper.com/blog/2007/08/20/say-cheeeeeese/ http://osvdb.org/45901
Cross-site request forgery (CSRF) vulnerability in the device management interface in Buffalo AirStation WHR-G54S 1.20 allows remote attackers to make configuration changes as an administrator via HTTP requests to certain HTML pages in the...
Buffer overflow in a certain ActiveX control in officeviewer.ocx 5.2.218.1 in EDraw Office Viewer Component 5.2 allows remote attackers to execute arbitrary code via a long first argument to the HttpDownloadFileToTempDir method, a different...
Absolute path traversal vulnerability in blanko.preview.php in Sisfo Kampus 2006 allows remote attackers to read arbitrary local files, and possibly execute local PHP scripts, via the nmf parameter. Date published : 2007-09-11 http://www.securityfocus.com/bid/25605 https://www.exploit-db.com/exploits/4380
Multiple cross-site scripting (XSS) vulnerabilities in Txx CMS 0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-09-11 http://www.securityfocus.com/archive/1/478870/100/0/threaded https://www.exploit-db.com/exploits/4381
Multiple PHP remote file inclusion vulnerabilities in Txx CMS 0.2 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) addons/plugin.php, (2) addons/sidebar.php, (3) mail/index.php, or (4)...
Unrestricted file upload vulnerability in the Restaurante (com_restaurante) component for Joomla! allows remote attackers to upload and execute arbitrary PHP code via an upload action specifying a filename with a double extension such as...
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long...
Multiple PHP remote file inclusion vulnerabilities in WebED in Markus Iser ED Engine 0.8999 alpha allow remote attackers to execute arbitrary PHP code via a URL in the Codebase parameter to (1) channeledit.php, (2)...
Buffer overflow in the SQLServer ActiveX control in the Distributed Management Objects OLE DLL (sqldmo.dll) 2000.085.2004.00 in Microsoft SQL Server Enterprise Manager 8.05.2004 allows remote attackers to execute arbitrary code via a long second...