Request Validation (aka the ValidateRequest filters) in ASP.NET in Microsoft .NET Framework without the MS07-040 update does not properly detect dangerous client input, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as...
Cross-site scripting (XSS) vulnerability in admin/search_links.php in Freeway eCommerce 1.4.1.171 allows remote attackers to inject arbitrary web script or HTML via the search_link parameter. Date published : 2008-08-27 http://www.securityfocus.com/archive/1/495549/100/0/threaded http://www.openfreeway.org/download/change-log.html
Crafty Syntax Live Help (CSLH) 2.14.6 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Date published : 2008-08-27 http://www.securityfocus.com/archive/1/495729/100/0/threaded http://www.gulftech.org/?node=research&article_id=00127-08252008
Unspecified vulnerability in the NFS module in the kernel in Sun Solaris 10 and OpenSolaris snv_59 through snv_87, when configured as an NFS server without the nodevices option, allows local users to cause a...
Unspecified vulnerability in the NFS Remote Procedure Calls (RPC) zones implementation in Sun Solaris 10 and OpenSolaris before snv_88 allows local administrators of non-global zones to read and modify NFS traffic for arbitrary non-global...
Swfdec 0.6 before 0.6.8 allows remote attackers to cause a denial of service (application crash) via a 1×1 JPEG image. Date published : 2008-08-27 http://www.openwall.com/lists/oss-security/2008/08/19/3 http://www.openwall.com/lists/oss-security/2008/08/19/2
Buffer overflow in Ipswitch WS_FTP Home client allows remote FTP servers to have an unknown impact via a long "message response." Date published : 2008-08-27 http://www.securityfocus.com/bid/30728 https://www.exploit-db.com/exploits/6257
The REXML module in Ruby 1.8.6 through 1.8.6-p287, 1.8.7 through 1.8.7-p72, and 1.9 allows context-dependent attackers to cause a denial of service (CPU consumption) via an XML document with recursively nested entities, aka an...
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups. Date published : 2008-08-27 http://www.securityfocus.com/bid/30837 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496073
The (1) get_edit_post_link and (2) get_edit_comment_link functions in wp-includes/link-template.php in WordPress before 2.6.1 do not force SSL communication in the intended situations, which might allow remote attackers to gain administrative access by sniffing the...
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. Date published...
The Upload module in Drupal 6.x before 6.4 allows remote authenticated users to edit nodes, delete files, and download unauthorized attachments via unspecified vectors. Date published : 2008-08-27 http://www.securityfocus.com/bid/30689 http://drupal.org/node/295053
Multiple cross-site request forgery (CSRF) vulnerabilities in Drupal 5.x before 5.10 and 6.x before 6.4 allow remote attackers to hijack the authentication of administrators for requests that (1) add or (2) delete user access...
Multiple cross-site request forgery (CSRF) vulnerabilities in forms in Drupal 6.x before 6.4 allow remote attackers to perform unspecified actions via unknown vectors, related to improper token validation for (1) cached forms and (2)...