Unspecified vulnerability in HP-UX B.11.31, when running ARPA Transport, allows remote attackers to cause a denial of service via unknown vectors. Date published : 2008-01-23 http://www.securityfocus.com/archive/1/486852/100/0/threaded http://www.securityfocus.com/archive/1/486852/100/0/threaded
AlstraSoft Forum Pay Per Post Exchange 2.0 stores passwords in cleartext, which makes it easier for attackers to access user accounts. Date published : 2008-01-23 https://www.exploit-db.com/exploits/4956
Cross-site scripting (XSS) vulnerability in templates/default/admincp/attachments_header.php in DeluxeBB 1.1 allows remote attackers to inject arbitrary web script or HTML via the lang_listofmatches parameter. Date published : 2008-01-23 http://www.securityfocus.com/bid/27401 http://www.securityfocus.com/archive/1/486804/100/0/threaded
Cross-site scripting (XSS) vulnerability in the font rendering functionality in Novemberborn sIFR 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the txt parameter to a Flash (SWF) file, as demonstrated...
Multiple buffer overflows in the WebHPVCInstall.HPVirtualRooms14 ActiveX control in HPVirtualRooms14.dll 1.0.0.100, as used in the installation process for HP Virtual Rooms, allow remote attackers to execute arbitrary code via a long (1) AuthenticationURL, (2)...
Cross-site scripting (XSS) vulnerability in profile-upload/upload.asp in PD9 Software MegaBBS 1.5.14b allows remote attackers to inject arbitrary web script or HTML via the target parameter. Date published : 2008-01-23 http://www.securityfocus.com/bid/27368 http://www.securityfocus.com/archive/1/486723/100/0/threaded
Directory traversal vulnerability in index.php in OZJournals 2.1.1 allows remote attackers to read portions of arbitrary files via a .. (dot dot) in the id parameter in a printpreview action. Date published : 2008-01-23...
Format string vulnerability in the AXIMilter module in AXIGEN Mail Server 5.0.2 allows remote attackers to execute arbitrary code via format string specifiers in the CNHO command. Date published : 2008-01-23 http://www.securityfocus.com/bid/27363 http://www.securityfocus.com/archive/1/486722/100/0/threaded
PHP remote file inclusion vulnerability in theme/phpAutoVideo/LightTwoOh/sidebar.php in Agares phpAutoVideo 2.21 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadpage parameter, a different vector than CVE-2007-6614. Date...
Cross-site scripting (XSS) vulnerability in index.php in phpAutoVideo 2.21 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Date published : 2008-01-23 http://www.securityfocus.com/bid/27346 http://www.securityfocus.com/archive/1/486591/100/0/threaded
Directory traversal vulnerability in administrator/download.php in IDMOS (aka Phoenix) 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the fileName parameter. Date published : 2008-01-23 http://www.securityfocus.com/bid/27379 https://www.exploit-db.com/exploits/4954
SQL injection vulnerability in form.php in 360 Web Manager 3.0 allows remote attackers to execute arbitrary SQL commands via the IDFM parameter. Date published : 2008-01-23 http://www.securityfocus.com/bid/27364 https://www.exploit-db.com/exploits/4944
SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action. Date published : 2008-01-23 http://www.securityfocus.com/bid/27381...
Multiple SQL injection vulnerabilities in the login function in system/class_permissions.php in bloofoxCMS 0.3 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to admin/index.php. Date published :...