Multiple cross-site scripting (XSS) vulnerabilities in sample.php in WiKID wClient-PHP 3.0-2 and earlier allow remote attackers to inject arbitrary web script or HTML via the PHP_SELF variable. Date published : 2008-10-27 http://www.securityfocus.com/bid/28740 http://www.securityfocus.com/archive/1/490768/100/0/threaded
Stack-based buffer overflow in freeSSHd 1.2.1 allows remote authenticated users to cause a denial of service (service crash) and potentially execute arbitrary code via a long argument to the (1) rename and (2) realpath...
Cross-site scripting (XSS) vulnerability in includes/htmlArea/plugins/HtmlTidy/html-tidy-logic.php in Kayako eSupport 3.20.2 allows remote attackers to inject arbitrary web script or HTML via the jsMakeSrc parameter. NOTE: the provenance of this information is unknown; the details...
SQL injection vulnerability in lecture.php in Graphiks MyForum 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31926 https://www.exploit-db.com/exploits/6844
Directory traversal vulnerability in download.php in BuzzyWall 1.3.1 allows remote attackers to read arbitrary local files via a .. (dot dot) in the id parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31914 https://www.exploit-db.com/exploits/6835
Directory traversal vulnerability in download_file.php in PHP-Daily allows remote attackers to read arbitrary local files via a .. (dot dot) in the fichier parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31915 https://www.exploit-db.com/exploits/6833
Multiple SQL injection vulnerabilities in PHP-Daily allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to (a) add_postit.php (b) delete.php, and (c) mod_prest_date.php; and the (2) prev parameter to (d)...
Cross-site scripting (XSS) vulnerability in add_prest_date.php in PHP-Daily allows remote attackers to inject arbitrary web script or HTML via the date parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31915 https://www.exploit-db.com/exploits/6833
SQL injection vulnerability in gotourl.php in PozScripts Classified Auctions Script allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31925 https://www.exploit-db.com/exploits/6839
SQL injection vulnerability in forum.php in Scripts for Sites (SFS) Ez Forum allows remote attackers to execute arbitrary SQL commands via the forum parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31924 https://www.exploit-db.com/exploits/6843
SQL injection vulnerability in EditUrl.php in AJ Square RSS Reader allows remote attackers to execute arbitrary SQL commands via the url parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/31910 https://www.exploit-db.com/exploits/6829
TlNews 2.2 allows remote attackers to bypass authentication and gain administrative access by setting the tlNews_login cookie to admin. Date published : 2008-10-27 http://www.securityfocus.com/bid/31919 https://www.exploit-db.com/exploits/6836
Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the pg parameter, a different vector than CVE-2005-4597. Date published : 2008-10-27 http://www.securityfocus.com/bid/31911...
Stack-based buffer overflow in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allows remote attackers to execute arbitrary code via a long LogFile property. Date published : 2008-10-27...