Cross-site scripting (XSS) vulnerability in High Norm Sound Master 2nd 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-09-17 http://www.securityfocus.com/bid/31076 http://high-norm.rash.jp/script_soundmaster2nd.html
Unspecified vulnerability in a web page in the PRM module in Sun Management Center (SunMC) 3.6.1 and 4.0 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors. Date published...
Buffer overflow in Apple QuickTime 7.5.5 and iTunes 8.0 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a long type attribute in a quicktime tag...
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for...
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with...
MySQL 5.0.51a allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are associated with symlinks within...
libraries/database_interface.lib.php in phpMyAdmin before 2.11.9.1 allows remote authenticated users to execute arbitrary code via a request to server_databases.php with a sort_by parameter containing PHP sequences, which are processed by create_function. Date published : 2008-09-17...
Multiple unspecified vulnerabilities in Adobe Illustrator CS2 on Macintosh allow user-assisted attackers to execute arbitrary code via a crafted AI file. Date published : 2008-09-17 http://www.securityfocus.com/bid/31208 http://www.adobe.com/support/security/advisories/apsa08-07.html
Directory traversal vulnerability in bin/configure in TWiki before 4.2.3, when a certain step in the installation guide is skipped, allows remote attackers to read arbitrary files via a query string containing a .. (dot...
Multiple buffer overflows in the QIP Server Service (aka qipsrvr.exe) in LANDesk Management Suite, Security Suite, and Server Manager 8.8 and earlier allow remote attackers to execute arbitrary code via a crafted heal request,...
Acresso InstallShield Update Agent does not properly verify the authenticity of Rule Scripts obtained from GetRules.asp web pages on FLEXnet Connect servers, which allows remote man-in-the-middle attackers to execute arbitrary VBScript code via Trojan...
TalkBack 2.3.6 allows remote attackers to obtain configuration information via a direct request to install/info.php, which calls the phpinfo function. Date published : 2008-09-16 https://www.exploit-db.com/exploits/6451 http://securityreason.com/securityalert/4267
srv.sys in the Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows remote attackers to cause a denial of...
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit copying...