Cross-site scripting (XSS) vulnerability in phpstats.php in Michael Wagner phpstats 0.1 alpha allows remote attackers to inject arbitrary web script or HTML via the baseDir parameter. Date published : 2008-03-24 http://www.securityfocus.com/bid/28291 http://www.securityfocus.com/archive/1/489722/100/0/threaded
Array index error in the sdpplin_parse function in input/libreal/sdpplin.c in xine-lib 1.1.10.1 allows remote RTSP servers to execute arbitrary code via a large streamid SDP parameter. Date published : 2008-03-24 http://www.securityfocus.com/bid/28312 http://sourceforge.net/project/shownotes.php?release_id=585488&group_id=9655
Cross-site scripting (XSS) vulnerability in SolutionSearch.do in ManageEngine SupportCenter Plus 7.0.0 allows remote attackers to inject arbitrary web script or HTML via the searchText parameter, a related issue to CVE-2008-1299. NOTE: the provenance of...
RaidSonic NAS-4220-B with 2.6.0-n(2007-10-11) firmware stores a partition encryption key in an unencrypted /system/.crypt file with base64 encoding, which allows local users to obtain the key. Date published : 2008-03-20 http://www.securityfocus.com/bid/28264 http://www.securityfocus.com/archive/1/489690/100/0/threaded
SQL injection vulnerability in links.asp in ASPapp allows remote attackers to execute arbitrary SQL commands via the CatId parameter. Date published : 2008-03-20 https://www.exploit-db.com/exploits/5276
Secure Internet Live Conferencing (SILC) Server before 1.1.1 allows remote attackers to cause a denial of service (daemon crash) via a NEW_CLIENT packet without a nickname. Date published : 2008-03-20 http://www.securityfocus.com/bid/28450 http://silcnet.org/docs/release/SILC%20Server%201.1.1
Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-beta7 module for Drupal allow remote attackers to inject arbitrary web script or HTML via a text attribute value for a product. Date published...
SQL injection vulnerability in the Joobi Acajoom (com_acajoom) 1.1.5 and 1.2.5 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mailingid parameter in a mailing view action to index.php. Date...
SQL injection vulnerability in album.asp in KAPhotoservice allows remote attackers to execute arbitrary SQL commands via the albumid parameter. Date published : 2008-03-20 http://www.securityfocus.com/bid/28306 http://www.securityfocus.com/archive/1/489891/100/0/threaded
SQL injection vulnerability in index.php in the gallery module in Easy-Clanpage 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a kate action. Date published : 2008-03-20 http://www.securityfocus.com/bid/28309 https://www.exploit-db.com/exploits/5275
The prerm script in axyl 2.1.7 allows local users to overwrite arbitrary files via a symlink attack on the axyl.conf temporary file. Date published : 2008-03-20 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=471227 https://exchange.xforce.ibmcloud.com/vulnerabilities/41406
Multiple PHP remote file inclusion vulnerabilities in PHPauction GPL 2.51 allow remote attackers to execute arbitrary PHP code via a URL in the include_path parameter to (1) converter.inc.php, (2) messages.inc.php, and (3) settings.inc.php in...
Directory traversal vulnerability in index.php in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to read arbitrary files via "../..//" (modified dot dot) sequences in the tab parameter. Date published : 2008-03-20...
Cross-site scripting (XSS) vulnerability in Multiple Time Sheets (MTS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the tab parameter to (1) index.php, as demonstrated using mixed case...