SQL injection vulnerability in search.php in SiteX CMS 0.7.3 Beta allows remote attackers to execute arbitrary SQL commands via the search parameter. Date published : 2007-09-28 http://www.securityfocus.com/archive/1/480814/100/0/threaded http://www.waraxe.us/advisory-55.html
PHP remote file inclusion vulnerability in includes/archive/archive_topic.php in IntegraMOD Nederland 1.4.2 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. Date published : 2007-09-28 http://www.securityfocus.com/bid/25832 https://www.exploit-db.com/exploits/4463
PHP remote file inclusion vulnerability in admin/include/header.php in chupix 0.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the repertoire parameter. Date published : 2007-09-28 http://www.securityfocus.com/bid/25835...
PHP remote file inclusion vulnerability in forum/forum.php in lustig.cms BETA 2.5 allows remote attackers to execute arbitrary PHP code via a URL in the view parameter. Date published : 2007-09-28 http://www.securityfocus.com/bid/25833 https://www.exploit-db.com/exploits/4461
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the...
Cross-site scripting (XSS) vulnerability in DFD Cart 1.1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-09-28 http://sourceforge.net/forum/forum.php?forum_id=738710 http://osvdb.org/39625
Off-by-one error in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 up to 0.9.7l, and 0.9.8 up to 0.9.8f, might allow remote attackers to execute arbitrary code via a crafted packet that triggers a one-byte buffer...
Cisco Catalyst 6500 and Cisco 7600 series devices use 127/8 IP addresses for Ethernet Out-of-Band Channel (EOBC) internal communication, which might allow remote attackers to send packets to an interface for which network exposure...
Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service (CPU consumption) via a certain PNG file with a large tEXt chunk that possibly triggers an integer overflow in PNG...
Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors related to "the handling of thread contexts." Date published :...
SQL injection vulnerability in index.php in Interspire ActiveKB NX 2.x allows remote attackers to execute arbitrary SQL commands via the catId parameter in a browse action. NOTE: it was separately reported that ActiveKB 1.5...
SimpGB 1.46.02 allows remote attackers to obtain sensitive information via (1) an invalid lang parameter to admin/index.php or (2) a direct request to admin/trailer.php, which reveals the path in various error messages. Date published...
SimpGB 1.46.02 stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain sensitive configuration information via a direct request for admin/cfginfo.php; and (2) download arbitrary .inc...
SimpNews 2.41.03 on Windows, when PHP before 5.0.0 is used, allows remote attackers to obtain sensitive information via an certain link_date parameter to events.php, which reveals the path in an error message due to...