Multiple insecure method vulnerabilities in the VImpX.VImpAX ActiveX control (VImpX.ocx) 4.8.8.0 in DB Software Laboratory VImp X, possibly 4.7.7, allow remote attackers to overwrite arbitrary files via (1) the LogFile property and ClearLogFile method,...
Format string vulnerability in the URI handler in KVirc 3.4.0, when set as the default application for processing IRC URIs, allows remote attackers to cause a denial of service (application crash) and possibly execute...
Unspecified vulnerability in the search feature in Sun Java System LDAP JDK before 4.20 allows context-dependent attackers to obtain sensitive information via unknown attack vectors related to the LDAP JDK library. Date published :...
Multiple SQL injection vulnerabilities in Uniwin eCart Professional 2.0.17 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to (1) search.asp and (2) cartUtil.asp. Date published : 2008-10-27 http://www.uniwin.com/eCart_revisions.asp http://secunia.com/advisories/31545
Cross-site scripting (XSS) vulnerability in emailFriend.asp in Uniwin eCart Professional 2.0.17 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-10-27 http://www.uniwin.com/eCart_revisions.asp http://secunia.com/advisories/31545
SQL injection vulnerability in product_detail.php in DXShopCart 4.30mc allows remote attackers to execute arbitrary SQL commands via the pid parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/30772 http://www.packetstormsecurity.org/0808-exploits/dxshopcart-sql.txt
SQL injection vulnerability in index.php in QuidaScript FAQ Management Script allows remote attackers to execute arbitrary SQL commands via the catid parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/30775 http://www.packetstormsecurity.org/0808-exploits/faqman-sql.txt
Multiple cross-site scripting (XSS) vulnerabilities in interface/Login.php in TimeTrex 2.2.11 allow remote attackers to inject arbitrary web script or HTML via the (1) password and (2) user_name parameters. Date published : 2008-10-27 http://www.securityfocus.com/bid/30789 http://www.securityfocus.com/archive/1/495660/100/0/threaded
Directory traversal vulnerability in index.php in FAR-PHP 1.00, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the c parameter. Date published : 2008-10-27 http://www.securityfocus.com/bid/30781 http://marc.info/?l=bugtraq&m=121933211712734&w=2
Directory traversal vulnerability in templater.php in the ZZ_Templater module in TinyCMS 1.1.2, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot...
Directory traversal vulnerability in index.php in PlugSpace 0.1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the navi parameter. Date published :...
SQL injection vulnerability in gallery.php in MyCard 1.0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-10-24 http://www.securityfocus.com/bid/31447 https://www.exploit-db.com/exploits/6603
Cross-site scripting (XSS) vulnerability in wholite.cgi in WhoDomLite 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the dom parameter. Date published : 2008-10-24 http://www.securityfocus.com/bid/31436 http://www.tryag.com/cc/showthread.php?t=27577
SQL injection vulnerability in index.php in RPG.Board 0.8 Beta2 and earlier allows remote attackers to execute arbitrary SQL commands via the showtopic parameter. Date published : 2008-10-24 http://www.securityfocus.com/bid/31417 http://marc.info/?l=bugtraq&m=122244414700901&w=2