Unspecified vulnerability in the php2phps function in Claroline before 1.8.9 has unknown impact and attack vectors. Date published : 2008-02-19 http://sourceforge.net/project/shownotes.php?release_id=575934 http://secunia.com/advisories/28942
Unspecified vulnerability in the Header Image Module before 5.x-1.1 for Drupal allows remote attackers to access the administration pages via unknown attack vectors. Date published : 2008-02-19 http://www.securityfocus.com/bid/27787 http://drupal.org/node/221359
Directory traversal vulnerability in index.php in Scribe 0.2 allows remote attackers to read arbitrary local files via a .. (dot dot) in the page parameter. Date published : 2008-02-19 http://www.securityfocus.com/bid/27803 http://www.securityfocus.com/archive/1/488140/100/0/threaded
SQL injection vulnerability in admin/traffic/knowledge_searchm.php in OSI Codes Inc. PHP Live! 3.2.2 allows remote attackers to execute arbitrary SQL commands via the questid parameter in an expand_question action. Date published : 2008-02-19 http://www.securityfocus.com/bid/27807 https://www.exploit-db.com/exploits/5125
** DISPUTED ** Cross-site scripting (XSS) vulnerability in index.php in Etomite 0.6.1.4 Final allows remote attackers to inject arbitrary web script or HTML via $_SERVER[‘PHP_INFO’]. NOTE: the vendor disputes this issue in a followup,...
Directory traversal vulnerability in index.php in PlutoStatus Locator 1.0 pre alpha allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. Date published : 2008-02-19...
Multiple directory traversal vulnerabilities in freePHPgallery 0.6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang cookie to (1) comment.php, (2) index.php, and (3) show.php....
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements. Date published : 2008-02-18 http://bugs.mysql.com/31611...
Multiple stack-based buffer overflows in the legacy mod_jk2 2.0.3-DEV and earlier Apache module allow remote attackers to execute arbitrary code via a long (1) Host header, or (2) Hostname within a Host header. Date...
SQL injection vulnerability in the com_filebase component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the filecatid parameter in a selectfolder action. Date published : 2008-02-18 http://www.securityfocus.com/bid/27829 http://www.securityfocus.com/archive/1/488268/100/0/threaded
SQL injection vulnerability in the com_sg component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the pid parameter in an order task. Date published : 2008-02-18 http://www.securityfocus.com/bid/27821 http://www.securityfocus.com/archive/1/488272/100/0/threaded
SQL injection vulnerability in the com_mezun component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit task. Date published : 2008-02-18 http://www.securityfocus.com/bid/27755 http://www.securityfocus.com/archive/1/487992/100/100/threaded
Directory traversal vulnerability in download.php in Tracking Requirements & Use Cases (TRUC) 0.11.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the upload_filename parameter. Date published : 2008-02-18 http://www.securityfocus.com/bid/27839...
Directory traversal vulnerability in Download.php in XPWeb 3.0.1, 3.3.2, and possibly other versions, allows remote attackers to read arbitrary files via a .. (dot dot) in the url parameter. Date published : 2008-02-18 http://www.securityfocus.com/bid/27838...