Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP6 allows remote attackers to bypass entitlements for instances of a floatable WLP portlet via unknown vectors. Date published : 2008-02-20 http://dev2dev.bea.com/pub/advisory/257 http://www.securitytracker.com/id?1019451
Admin Tools in BEA WebLogic Portal 8.1 SP3 through SP6 can inadvertently remove entitlements for pages when an administrator edits the page definition label, which might allow remote attackers to bypass intended access restrictions....
BEA WebLogic Server and WebLogic Express 9.0 and 9.1 exposes the web service’s WSDL and security policies, which allows remote attackers to obtain sensitive information and potentially launch further attacks. Date published : 2008-02-20...
IBM Lotus Notes 6.0, 6.5, 7.0, and 8.0 signs an unsigned applet when a user forwards an email message to another user, which allows user-assisted remote attackers to bypass Execution Control List (ECL) protection....
Cross-site scripting (XSS) vulnerability in leg/Main.nsf in IBM Lotus Quickplace 7.0 allows remote attackers to inject arbitrary web script or HTML via an h_SearchString sub-parameter in the PreSetFields parameter of an EditDocument action. Date...
Unspecified vulnerability in the AVG plugin in Kerio MailServer before 6.5.0 has unspecified impact via unknown remote attack vectors related to null DACLs. Date published : 2008-02-20 http://www.securityfocus.com/bid/27868 http://www.kerio.com/kms_history.html
Unspecified vulnerability in Kerio MailServer before 6.5.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to decoding of uuencoded input, which triggers memory corruption. Date published : 2008-02-20...
Buffer overflow in the Visnetic anti-virus plugin in Kerio MailServer before 6.5.0 might allow remote attackers to execute arbitrary code via unspecified vectors. Date published : 2008-02-20 http://www.securityfocus.com/bid/27868 http://www.kerio.com/kms_history.html
SQL injection vulnerability in index.php in WoltLab Burning Board 3.0.3 PL 1 allows remote attackers to execute arbitrary SQL commands via the sortOrder parameter to the PMList page. Date published : 2008-02-20 http://www.securityfocus.com/bid/27885 http://www.securityfocus.com/archive/1/488345/100/0/threaded
Multiple SQL injection vulnerabilities in e-Vision CMS 2.02 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) iframe.php and (2) print.php. NOTE: the provenance of this information is unknown;...
SQL injection vulnerability in the Facile Forms (com_facileforms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Date published : 2008-02-20 http://www.securityfocus.com/bid/27880 http://www.securityfocus.com/archive/1/488335/100/0/threaded
SQL injection vulnerability in the com_salesrep component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the rid parameter in a showrep action to index.php. Date published : 2008-02-20 http://www.securityfocus.com/bid/27827...
SQL injection vulnerability in the com_detail component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. NOTE: this issue might be site-specific. If so, it...
freeSSHd 1.2 and earlier allows remote attackers to cause a denial of service (crash) via a SSH2_MSG_NEWKEYS packet to TCP port 22, which triggers a NULL pointer dereference. Date published : 2008-02-20 http://www.securityfocus.com/bid/27845 http://www.securityfocus.com/archive/1/488363/100/0/threaded