Directory traversal vulnerability in printview.php in PNphpBB2 1.2i and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27039...
Absolute path traversal vulnerability in ZeusCMS 0.3 and earlier might allow remote attackers to list arbitrary directories via a full pathname in the dir parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27058 https://www.exploit-db.com/exploits/4798
SQL injection vulnerability in security.php in ZeusCMS 0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Referer HTTP header. Date published : 2008-01-03 http://www.securityfocus.com/bid/27058 https://www.exploit-db.com/exploits/4798
Directory traversal vulnerability in joovili.images.php in Joovili 3.0.0 through 3.0.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27056 https://www.exploit-db.com/exploits/4799
Directory traversal vulnerability in include/images.inc.php in Joovili 2.x allows remote attackers to read arbitrary files via a .. (dot dot) in the picture parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27056 https://www.exploit-db.com/exploits/4799
The Setup Wizard in Atlassian JIRA Enterprise Edition before 3.12.1 does not properly restrict setup attempts after setup is complete, which allows remote attackers to change the default language. Date published : 2008-01-03 http://www.securityfocus.com/bid/27095...
JIRA Enterprise Edition before 3.12.1 allows remote attackers to delete another user’s shared filter via a modified filter ID. Date published : 2008-01-03 http://www.securityfocus.com/bid/27095 http://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2007-12-24
Cross-site scripting (XSS) vulnerability in 500page.jsp in JIRA Enterprise Edition before 3.12.1 allows remote attackers to inject arbitrary web script or HTML, which is not properly handled when generating error messages, as demonstrated by...
Cross-site scripting (XSS) vulnerability in simpleforum.cgi in SimpleForum 4.6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the searchkey parameter in a search action. NOTE: some of these details...
Directory traversal vulnerability in includes/block.php in Agares Media phpAutoVideo 2.21 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the selected_provider parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27023 https://www.exploit-db.com/exploits/4782
PHP remote file inclusion vulnerability in admin/frontpage_right.php in Agares Media phpAutoVideo 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter, a related issue to CVE-2007-6542. Date published...
Stack-based buffer overflow in the print_iso9660_recurse function in iso-info (src/iso-info.c) in GNU Compact Disc Input and Control Library (libcdio) 0.79 and earlier allows context-dependent attackers to cause a denial of service (core dump) and...
Directory traversal vulnerability in DirHandler (lib/mongrel/handlers.rb) in Mongrel 1.0.4 and 1.1.x before 1.1.3 allows remote attackers to read arbitrary files via an HTTP request containing double-encoded sequences (".%252e"). Date published : 2008-01-03 http://lists.apple.com/archives/security-announce/2008//May/msg00001.html http://www.securityfocus.com/bid/27133
Cross-site scripting (XSS) vulnerability in view.php in Mantis before 1.1.0 allows remote attackers to inject arbitrary web script or HTML via a filename, related to bug_report.php. Date published : 2008-01-03 http://www.securityfocus.com/bid/27045 http://sourceforge.net/project/shownotes.php?release_id=562940