XRMS CRM 1.99.2 allows remote attackers to obtain configuration information via a direct request to tests/info.php, which calls the phpinfo function. Date published : 2008-07-31 http://www.securityfocus.com/archive/1/494754/100/0/threaded https://www.exploit-db.com/exploits/6131
PHP remote file inclusion vulnerability in activities/workflow-activities.php in XRMS CRM 1.99.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the include_directory parameter. Date published : 2008-07-31 http://www.securityfocus.com/archive/1/494754/100/0/threaded https://www.exploit-db.com/exploits/6131
Multiple cross-site scripting (XSS) vulnerabilities in XRMS CRM 1.99.2 allow remote attackers to inject arbitrary web script or HTML via the msg parameter to unspecified components, possibly including login.php. NOTE: this may overlap CVE-2008-1129....
Cross-site scripting (XSS) vulnerability in Runesoft Cerberus CMS before 3_1.4_0.9 allows remote attackers to inject arbitrary web script or HTML via a cerberus_user cookie. Date published : 2008-07-31 http://www.securityfocus.com/bid/30416 http://gl2logic.com/cerberus/cerberus.php?app=Old_News&SHOWID=7
Unreal Tournament 2004 (UT2004) 3369 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain sequence of malformed packets. Date published : 2008-07-31 http://www.securityfocus.com/bid/30427...
Calacode @Mail 5.41 on Linux uses weak world-readable permissions for (1) webmail/libs/Atmail/Config.php and (2) webmail/webadmin/.htpasswd, which allows local users to obtain sensitive information by reading these files. NOTE: the provenance of this information is...
Multiple cross-site scripting (XSS) vulnerabilities in search.cfm in BookMine allow remote attackers to inject arbitrary web script or HTML via the (1) gallery and (2) search_string parameters. Date published : 2008-07-31 http://www.securityfocus.com/bid/30432 http://holisticinfosec.org/content/view/79/45/
SQL injection vulnerability in events.cfm in BookMine allows remote attackers to execute arbitrary SQL commands via the events_id parameter. Date published : 2008-07-31 http://www.securityfocus.com/bid/30432 http://holisticinfosec.org/content/view/79/45/
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp. Date published : 2008-07-31 http://depo2.nm.ru/WebWiz_Forum_v9.5_CSRF.txt http://secunia.com/advisories/31281
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp. Date published : 2008-07-31...
Directory traversal vulnerability in libraries/general.init.php in Minishowcase Image Gallery 09b136, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter. Date...
Multiple SQL injection vulnerabilities in Def-Blog 1.0.3 allow remote attackers to execute arbitrary SQL commands via the article parameter to (1) comaddok.php and (2) comlook.php. Date published : 2008-07-30 http://www.securityfocus.com/bid/30289 http://www.securityfocus.com/archive/1/494534/100/0/threaded
SQL injection vulnerability in show.php in PHPFootball 1.6 allows remote attackers to execute arbitrary SQL commands via the dbtable parameter. Date published : 2008-07-30 http://www.securityfocus.com/bid/30296 https://www.exploit-db.com/exploits/6102
SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086. Date published : 2008-07-30 http://www.securityfocus.com/bid/30272 https://www.exploit-db.com/exploits/6092