Prozilla Topsites 1.0 allows remote attackers to perform administrative actions via a direct request to (1) addu.php, (2) editu.php, and (3) uidx.php in siteadmin/. Date published : 2008-04-15 http://www.securityfocus.com/bid/28641 https://www.exploit-db.com/exploits/5388
Prozilla Reviews 1.0 allows remote attackers to delete arbitrary users via a modified UserID parameter in a direct request to siteadmin/DeleteUser.php. Date published : 2008-04-15 http://www.securityfocus.com/bid/28642 https://www.exploit-db.com/exploits/5387
phpdemo/viewsource.php in Advanced Software Engineering ChartDirector 4.1 allows remote attackers to read sensitive files via the file parameter. Date published : 2008-04-15 http://www.securityfocus.com/bid/28674 https://www.exploit-db.com/exploits/5399
Unspecified vulnerability in the labeled networking functionality in Solaris 10 Trusted Extensions allows applications in separate labeling zones to bypass labeling restrictions via unknown vectors. Date published : 2008-04-14 http://www.securityfocus.com/bid/28734 http://www.securitytracker.com/id?1019832
Sun Solaris 8, 9, and 10 allows "remote privileged" users to cause a denial of service (panic) via unknown vectors related to self encapsulated IP packets. Date published : 2008-04-14 http://www.securityfocus.com/bid/28732 http://support.avaya.com/elmodocs2/security/ASA-2008-173.htm
Unspecified vulnerability in the floating point context switch implementation in Sun Solaris 9 and 10 on x86 platforms might allow local users to cause a denial of service (application exit), corrupt data, or trigger...
The eDirectory Host Environment service (dhost.exe) in Novell eDirectory 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via a long HTTP HEAD request to TCP port 8028. Date published :...
PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter. Date published : 2008-04-14 http://www.securityfocus.com/bid/28588 https://www.exploit-db.com/exploits/5348
Cross-site scripting (XSS) vulnerability in mindex.do in ManageEngine Firewall Analyzer 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the displayName parameter. NOTE: the provenance of this information is unknown; the...
SQL injection vulnerability in editlink.php in Pligg 9.9.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-04-14 http://www.securityfocus.com/bid/28681 https://www.exploit-db.com/exploits/5406
PHP remote file inclusion vulnerability in includes/header.inc.php in Dragoon 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the root parameter. Date published : 2008-04-14 http://www.securityfocus.com/bid/28660 https://www.exploit-db.com/exploits/5393
iScripts SocialWare stores passwords in cleartext in a database, which allows context-dependent attackers to obtain sensitive information. Date published : 2008-04-14 https://www.exploit-db.com/exploits/5402 http://www.osvdb.org/44326
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown"...
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. Date published : 2008-04-14 http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://www.securityfocus.com/bid/28756