Stack-based buffer overflow in AldFs32.dll in Adobe PageMaker 7.0.1 and 7.0.2 allows user-assisted remote attackers to execute arbitrary code via a malformed .PMD file, related to "Key Strings," a different vulnerability than CVE-2007-5169 and...
Unrestricted file upload vulnerability in the "Add Image Macro" feature in WebCards 1.3 allows remote authenticated administrators to execute arbitrary code by uploading a file with an executable extension, then accessing it via a...
SQL injection vulnerability in admin.php in WebCards 1.3, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: some of these details are obtained from third party...
Cross-site scripting (XSS) vulnerability in the web server component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote attackers to inject arbitrary web script or HTML via the request URL,...
Directory traversal vulnerability in the web server in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 allows remote authenticated users to read arbitrary files via a .. (dot dot) in a GET...
The web component in Philips Electronics VOIP841 DECT Phone with firmware 1.0.4.50 and 1.0.4.80 has a back door "service" account with "service" as its password, which makes it easier for remote attackers to obtain...
board.cgi in Sepal SPBOARD 4.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter during a down_file action. Date published : 2008-10-31 http://www.securityfocus.com/bid/31972 https://www.exploit-db.com/exploits/6864
Cross-site scripting (XSS) vulnerability in bidhistory.php in iTechBids Gold 5.0 allows remote attackers to inject arbitrary web script or HTML via the item_id parameter. NOTE: the provenance of this information is unknown; the details...
Cross-site scripting (XSS) vulnerability in My Little Forum 1.75 and 2.0 Beta 23 allows remote attackers to inject arbitrary web script or HTML via BBcode IMG tags. Date published : 2008-10-31 http://www.securityfocus.com/bid/27746 http://www.securityfocus.com/archive/1/487987/100/200/threaded
dovecot 1.0.7 in Red Hat Enterprise Linux (RHEL) 5, and possibly Fedora, uses world-readable permissions for dovecot.conf, which allows local users to obtain the ssl_key_password parameter value. Date published : 2008-10-31 https://bugzilla.redhat.com/show_bug.cgi?id=436287 http://security.gentoo.org/glsa/glsa-200812-16.xml
FFmpeg 0.4.9, as used by MPlayer, allows context-dependent attackers to cause a denial of service (memory consumption) via unknown vectors, aka a "Tcp/udp memory leak." Date published : 2008-10-31 http://archives.neohapsis.com/archives/fulldisclosure/2008-09/0103.html http://security.gentoo.org/glsa/glsa-200903-33.xml
Unspecified vulnerability in the avcodec_close function in libavcodec/utils.c in FFmpeg 0.4.9 before r14787, as used by MPlayer, has unknown impact and attack vectors, related to a free "on random pointers." Date published : 2008-10-31...
Buffer overflow in libavcodec/dca.c in FFmpeg 0.4.9 before r14917, as used by MPlayer, allows context-dependent attackers to have an unknown impact via vectors related to an incorrect DCA_MAX_FRAME_SIZE value. Date published : 2008-10-31 http://www.securityfocus.com/bid/33308...
Multiple buffer overflows in libavformat/utils.c in FFmpeg 0.4.9 before r14715, as used by MPlayer, allow context-dependent attackers to have an unknown impact via vectors related to execution of DTS generation code with a delay...