Cross-site scripting (XSS) vulnerability in liste_article.php in Blog Pixel Motion (aka PixelMotion) allows remote attackers to inject arbitrary web script or HTML via the jours parameter. Date published : 2008-04-27 http://www.securityfocus.com/bid/28920 http://www.z0rlu.ownspace.org/index.php?/archives/63-Blog-PixelMotion-XSS.html
Cross-site scripting (XSS) vulnerability in base.php in DigitalHive 2.0 RC2 allows remote attackers to inject arbitrary web script or HTML via the mt parameter, possibly related to membres.php. Date published : 2008-04-27 http://www.securityfocus.com/bid/28918 http://www.z0rlu.ownspace.org/index.php?/archives/65-hive-v2.RC2-XSS.html
The eTrust Common Services (Transport) Daemon (eCSqdmn) in CA Secure Content Manager 8.0.28000.511 and earlier allows remote attackers to cause a denial of service (crash or CPU consumption) via a malformed packet to TCP...
Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. Date published : 2008-04-27...
SQL injection vulnerability in ss_load.php in the Spreadsheet (wpSS) 0.6 and earlier plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ss_id parameter. Date published : 2008-04-27 http://www.securityfocus.com/bid/28894 http://timrohrer.com/blog/?p=120
Cross-site request forgery (CSRF) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to perform unauthorized actions as other users via unspecified vectors. Date published :...
Cross-site scripting (XSS) vulnerability in E-Publish 5.x before 5.x-1.1 and 6.x before 6.x-1.0 beta1, a Drupal module, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-04-27...
The Discovery Service (casdscvc) in CA ARCserve Backup 12.0.5454.0 and earlier allows remote attackers to cause a denial of service (crash) via a packet with a large integer value used in an increment to...
Cross-site scripting (XSS) vulnerability in the Ubercart 5.x before 5.x-1.0 rc3 module for Drupal allows remote authenticated users to inject arbitrary web script or HTML via node titles related to unspecified product features, a...
Cross-site request forgery (CSRF) vulnerability in the Internationalization (i18n) Drupal module 5.x before 5.x-2.3 and 5.x-1.1, and 6.x before 6.x-1.0 beta 1, allows remote attackers to change node translation relationships via unspecified vectors. Date...
Multiple cross-site scripting (XSS) vulnerabilities in the Drupal modules (1) Internationalization (i18n) 5.x before 5.x-2.3 and 5.x-1.1 and 6.x before 6.x-1.0 beta 1; and (2) Localizer 5.x before 5.x-3.4, 5.x-2.1, and 5.x-1.11; allow remote...
SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter. Date published : 2008-04-27 http://www.securityfocus.com/bid/28899 https://www.exploit-db.com/exploits/5487
Cross-site scripting (XSS) vulnerability in addevent.php in Horde Kronolith 2.1.7, Groupware Webmail Edition 1.0.6, and Groupware 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the url parameter. Date published :...
Heap-based buffer overflow in SubEdit Player build 4056 and 4066 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long subtitle file. Date published : 2008-04-27 http://www.securityfocus.com/bid/28858...