Unspecified vulnerability in the Qmaster daemon in Sun N1 Grid Engine 6.1 allows local users to cause a denial of service (daemon crash) via unspecified vectors. Date published : 2008-04-11 http://www.securityfocus.com/bid/28731 http://www.osvdb.org/44363
Directory traversal vulnerability in the showSource function in showSource.php in World of Phaos 4.0.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter. Date published : 2008-04-11 http://www.securityfocus.com/bid/28719...
Symantec Altiris Deployment Solution before 6.9.164 stores the Deployment Solution Agent (aka AClient) password in cleartext in memory, which allows local users to obtain sensitive information by dumping the AClient.exe process memory. Date published...
Cross-site scripting (XSS) vulnerability in system/workplace/admin/workplace/sessions.jsp in Alkacon OpenCMS 7.0.3 allows remote attackers to inject arbitrary web script or HTML via the searchfilter parameter, a different vector than CVE-2008-1510. Date published : 2008-04-11 http://www.securityfocus.com/bid/28637...
ezRADIUS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain credentials via a direct request for (1) config.ini or (2) database.ini. NOTE: some of these...
Multiple directory traversal vulnerabilities in index.php in Ksemail allow remote attackers to read arbitrary local files via a .. (dot dot) in the (1) language and (2) lang parameters. Date published : 2008-04-11 http://www.securityfocus.com/bid/28724...
SQL injection vulnerability in Integry Systems LiveCart 1.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to the /category URI. Date published : 2008-04-11 http://www.securityfocus.com/bid/28723 http://seclists.org/bugtraq/2008/May/0021.html
SQL injection vulnerability in puarcade.class.php 2.2 and earlier in the Pragmatic Utopia PU Arcade (com_puarcade) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the gid parameter to index.php. Date published...
SQL injection vulnerability in showpredictionsformatch.php in Prediction Football 1.x allows remote attackers to execute arbitrary SQL commands via the matchid parameter in a dupa action. Date published : 2008-04-11 http://www.securityfocus.com/bid/28704 https://www.exploit-db.com/exploits/5410
The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in...
Directory traversal vulnerability in download.html in ARWScripts Gallery Script Lite (aka gallery-script-lite or Free Photo Gallery Site Script), as of 20080411, allows remote attackers to read arbitrary local files via directory traversal sequences in...
The menu system in Drupal 6 before 6.2 has incorrect menu settings, which allows remote attackers to (1) edit the profile pages of arbitrary users, and obtain sensitive information from (2) tracker and (3)...
ConnectionManagerImpl.java in Ignite Realtime Openfire 3.4.5 allows remote authenticated users to cause a denial of service (daemon outage) by triggering large outgoing queues without reading messages. Date published : 2008-04-11 http://www.securityfocus.com/bid/28722 http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html
KnowledgeQuest 2.5 and 2.6 does not require authentication for access to admincheck.php, which allows remote attackers to create arbitrary admin accounts. Date published : 2008-04-11 https://www.exploit-db.com/exploits/5418 http://www.osvdb.org/44257