tss 0.8.1 allows local users to read arbitrary files via the -a parameter, which is processed while tss is running with privileges. Date published : 2008-04-17 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475747 https://exchange.xforce.ibmcloud.com/vulnerabilities/41929
PHP remote file inclusion vulnerability in index.php in VisualPic 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the _CONFIG[files][functions_page] parameter. Date published : 2008-04-17 https://www.exploit-db.com/exploits/5375 http://www.vupen.com/english/advisories/2008/1127/references
SQL injection vulnerability in index.php in Terong PHP Photo Gallery (aka Advanced Web Photo Gallery) 1.0 allows remote attackers to execute arbitrary SQL commands via the photo_id parameter. Date published : 2008-04-17 http://www.securityfocus.com/bid/28626 https://www.exploit-db.com/exploits/5364
SQL injection vulnerability in account/user/mail.html in Xpoze Pro 3.05 and earlier allows remote authenticated users to execute arbitrary SQL commands via the reed parameter. Date published : 2008-04-17 http://www.securityfocus.com/bid/28618 https://www.exploit-db.com/exploits/5358
Cross-site scripting (XSS) vulnerability in the private message feature in Nuke ET 3.2 and 3.4, when using Internet Explorer, allows remote authenticated users to inject arbitrary web script or HTML via a CSS property...
SQL injection vulnerability in home.news.php in Comdev News Publisher 4.1.2 allows remote attackers to execute arbitrary SQL commands via the arcmonth parameter. NOTE: some of these details are obtained from third party information. Date...
SQL injection vulnerability in links.php in Scriptsagent.com Links Directory 1.1 allows remote authenticated users to execute arbitrary SQL commands via the cat_id parameter in a list action. Date published : 2008-04-17 http://www.securityfocus.com/bid/28655 https://www.exploit-db.com/exploits/5377
SQL injection vulnerability in getdata.php in PIGMy-SQL 1.4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-04-17 http://www.securityfocus.com/bid/28634 https://www.exploit-db.com/exploits/5367
SQL injection vulnerability in Site Sift Listings allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail action to index.php. NOTE: this issue might be site-specific. Date published :...
admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information. Date published...
SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php. Date published : 2008-04-17 http://www.securityfocus.com/bid/28645 https://www.exploit-db.com/exploits/5382
admin/modif_config.php in Blog Pixel Motion (aka PixelMotion) does not require admin authentication, which allows remote authenticated users to upload arbitrary PHP scripts in a ZIP archive, which is written to templateZip/ and then automatically...
Stack-based buffer overflow in the msx_readnode function in libmosix.c in openmosix-tools (aka userspace-tools) in openMosix might allow local users to cause a denial of service (application crash) via a third-party program that calls this...
SQL injection vulnerability in project.php in Prozilla Freelancers allows remote attackers to execute arbitrary SQL commands via the project parameter. Date published : 2008-04-17 http://www.securityfocus.com/bid/28653 https://www.exploit-db.com/exploits/5390