useradmin.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 does not require administrative authentication, which allows remote attackers to (1) add or (2) remove an Administrator account. Date published : 2008-09-22 http://www.securityfocus.com/bid/31161 https://www.exploit-db.com/exploits/6437
Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many...
admin/user/create_user.php in Kolab Groupware Server 1.0.0 places a user password in an HTTP GET request, which allows local administrators, and possibly remote attackers, to obtain cleartext passwords by reading the ssl_access_log file or the...
cron.php in MemHT Portal 3.9.0 and earlier allows remote attackers to obtain sensitive information via a direct request, which reveals the installation path in an error message. Date published : 2008-09-22 https://www.exploit-db.com/exploits/6393 http://securityreason.com/securityalert/4288
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors. Date published : 2008-09-22 http://www.securityfocus.com/bid/31252 http://marc.info/?l=bind-announce&m=122180244228376&w=2
Open redirect vulnerability in admin/auth.php in NooMS 1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the g_site_url parameter. Date published : 2008-09-22 http://www.securityfocus.com/archive/1/496236/100/0/threaded...
SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote attackers to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action....
Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to...
SQL injection vulnerability in index.php in Jaw Portal and Zanfi CMS lite and allows remote attackers to execute arbitrary SQL commands via the page (pageid) parameter. Date published : 2008-09-22 http://www.securityfocus.com/bid/31116 https://www.exploit-db.com/exploits/6423
Multiple directory traversal vulnerabilities in index.php in Zanfi CMS lite 1.2 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) flag and (2) inc parameters....
SQL injection vulnerability in groups.php in Vastal I-Tech phpVID 1.1 allows remote attackers to execute arbitrary SQL commands via the cat parameter, a different vector than CVE-2007-3610. NOTE: it was later reported that 1.2.3...
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file....
SQL injection vulnerability in print.php in CustomCms (CCMS) Gaming Portal 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-09-19 http://www.securityfocus.com/bid/30787 https://www.exploit-db.com/exploits/6284
Multiple directory traversal vulnerabilities in EasySite 2.3 allow remote attackers to read arbitrary files or list directories via a .. (dot dot) in the (1) module or (2) action parameter in (a) www/index.php; the...