Format string vulnerability in EMC DiskXtender MediaStor 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted message to the RPC interface. Date published : 2008-04-14 http://www.securityfocus.com/bid/28727 http://www.securityfocus.com/bid/28729
Stack-based buffer overflow in the File System Manager for EMC DiskXtender 6.20.060 allows remote authenticated users to execute arbitrary code via a crafted request to the RPC interface. Date published : 2008-04-14 http://www.securityfocus.com/bid/28728 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=684
EMV DiskXtender 6.20.060 has a hard-coded login and password, which allows remote attackers to bypass authentication via the RPC interface. Date published : 2008-04-14 http://www.securityfocus.com/bid/28727 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=683
dhost.exe in Novell eDirectory 8.7.3 before sp10 and 8.8.2 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with (1) multiple Connection headers or (2) a Connection header...
Integer overflow in the hrtimer_forward function (hrtimer.c) in Linux kernel 2.6.21-rc4, when running on 64-bit systems, allows local users to cause a denial of service (infinite loop) via a timer with a large expiry...
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs." Date published : 2008-04-12 http://www.phpbb.com/community/viewtopic.php?f=14&t=879735 http://www.vupen.com/english/advisories/2008/1236/references
Unspecified vulnerability in Opera before 9.27 has unknown impact and attack vectors related to "keyboard handling of password inputs." Date published : 2008-04-12 http://www.opera.com/docs/changelogs/linux/927/ http://www.opera.com/docs/changelogs/windows/927/
SQL injection vulnerability in _blogadata/include/sond_result.php in Blogator-script 0.95 allows remote attackers to execute arbitrary SQL commands via the id_art parameter. Date published : 2008-04-12 http://www.securityfocus.com/bid/28635 http://www.securityfocus.com/archive/1/490500/100/0/threaded
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted scaled image pattern in an HTML CANVAS element, which triggers memory corruption. Date...
Opera before 9.27 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted newsfeed source, which triggers an invalid memory access. Date published : 2008-04-12 http://www.securityfocus.com/bid/28585...
Multiple PHP remote file inclusion vulnerabilities in Blogator-script before 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the incl_page parameter in (1) struct_admin.php, (2) struct_admin_blog.php, and (3) struct_main.php in...
SQL injection vulnerability in the jeuxflash module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php, a different vector than CVE-2007-4922. Date published : 2008-04-12 http://www.securityfocus.com/bid/28601 https://www.exploit-db.com/exploits/5352
SQL injection vulnerability in the ConcoursPhoto module for KwsPHP allows remote attackers to execute arbitrary SQL commands via the C_ID parameter to index.php. Date published : 2008-04-12 http://www.securityfocus.com/bid/28738 https://www.exploit-db.com/exploits/5353
Cross-site scripting (XSS) vulnerability in index.php in the ConcoursPhoto module for KwsPHP 1.0 allows remote attackers to inject arbitrary web script or HTML via the VIEW parameter. Date published : 2008-04-12 http://www.securityfocus.com/bid/28612 http://www.securityfocus.com/archive/1/490470/100/0/threaded