The finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to read arbitrary files via a link corresponding to a (1) .plan or (2) .project file. Date published : 2008-09-05 http://deathrow.vistech.net/DEFCON16/VMS.PDF...
SQL injection vulnerability in index.php in Words tag 1.2 allows remote attackers to execute arbitrary SQL commands via the word parameter in a claim action. Date published : 2008-09-05 https://www.exploit-db.com/exploits/6336 http://secunia.com/advisories/31653
SQL injection vulnerability in index.php in ACG-PTP 1.0.6 allows remote attackers to execute arbitrary SQL commands via the adid parameter in an adorder action. Date published : 2008-09-05 http://www.securityfocus.com/bid/31005 https://www.exploit-db.com/exploits/6362
SQL injection vulnerability in listtest.php in eZoneScripts Living Local 1.1 allows remote attackers to execute arbitrary SQL commands via the r parameter. Date published : 2008-09-05 http://www.securityfocus.com/bid/31001 https://www.exploit-db.com/exploits/6361
SQL injection vulnerability in landsee.php in Full PHP Emlak Script allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-09-05 http://www.securityfocus.com/bid/30962 http://packetstormsecurity.org/0808-exploits/phpemlak-sql.txt
Cross-site scripting (XSS) vulnerability in BizDirectory 2.04 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter in a search action to the default URI. Date published :...
Format string vulnerability in the finger client in HP TCP/IP Services for OpenVMS 5.x allows local users to gain privileges via format string specifiers in a (1) .plan or (2) .project file. Date published...
Directory traversal vulnerability in the web interface in AVTECH PageR Enterprise before 5.0.7 allows remote attackers to read arbitrary files via directory traversal sequences in the URI. Date published : 2008-09-05 http://www.securityfocus.com/bid/30987 http://lists.grok.org.uk/pipermail/full-disclosure/2008-September/064227.html
Cross-site request forgery (CSRF) vulnerability in user_admin.php in Open Media Collectors Database (OpenDb) 1.0.6 allows remote attackers to change arbitrary passwords via an update_password action. Date published : 2008-09-05 http://packetstorm.linuxsecurity.com/0808-exploits/omcd-xssxsrf.txt http://secunia.com/advisories/31719
Multiple cross-site scripting (XSS) vulnerabilities in Open Media Collectors Database (OpenDb) 1.0.6 allow remote attackers to inject arbitrary web script or HTML via the (1) user_id parameter in an edit action to user_admin.php, the...
The web interface in Dreambox DM500C allows remote attackers to cause a denial of service (application hang) via a long URI. Date published : 2008-09-05 http://www.securityfocus.com/bid/30919 http://www.securityfocus.com/archive/1/495837/100/0/threaded
Cross-site scripting (XSS) vulnerability in DIC shop_v50 3.0 and earlier and shop_v52 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-09-05 http://www.securityfocus.com/bid/31006 http://www.d-ic.com/free/05/shop_v50.html
The kernel in FreeBSD 6.3 through 7.0 on amd64 platforms can make an extra swapgs call after a General Protection Fault (GPF), which allows local users to gain privileges by triggering a GPF during...
Multiple cross-site scripting (XSS) vulnerabilities in XRMS allow remote attackers to inject arbitrary web script or HTML via (1) the real name field, related to the user list; (2) the target parameter to login.php,...