Multiple SQL injection vulnerabilities in ClickAndEmail allow remote attackers to execute arbitrary SQL commands via (1) the ID parameter to admin_dblayers.asp in an update action, (2) the adminid parameter to admin_loginCheck.asp (aka the USERNAME...
Cross-site scripting (XSS) vulnerability in the profile editing functionality in Injader before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details are obtained from...
SQL injection vulnerability in feeds.php in Injader before 2.1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2009-01-12 http://www.securityfocus.com/bid/32843 http://sourceforge.net/project/shownotes.php?release_id=646897
Cross-site scripting (XSS) vulnerability in user.asp in Click&Rank allows remote attackers to inject arbitrary web script or HTML via the action parameter. Date published : 2009-01-12 http://www.securityfocus.com/bid/32855 https://www.exploit-db.com/exploits/7486
Multiple SQL injection vulnerabilities in Click&Rank allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hitcounter.asp, (2) user_delete.asp, and (3) user_update.asp; (4) the userid parameter to admin_login.asp (aka the...
phplist before 2.10.8 allows remote attackers to include files via unknown vectors, related to a "local file include vulnerability." Date published : 2009-01-12 http://www.securityfocus.com/bid/32841 http://www.securityfocus.com/archive/1/499218/100/0/threaded
TAKempis Discussion Web 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing a password via a direct request for _private/discussion.mdb. NOTE:...
The Net Guys ASPired2Quote stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing usernames and passwords via a direct request for admin/quote.mdb....
AyeView 2.20 allows user-assisted attackers to cause a denial of service (application crash) via a GIF file with a malformed header. Date published : 2009-01-12 http://www.securityfocus.com/bid/31572 http://www.securityfocus.com/archive/1/497045/100/0/threaded
Absolute path traversal vulnerability in front-end/dir.php in mini-pub 0.3 and earlier allows remote attackers to list arbitrary directories via a full pathname in the sDir parameter. Date published : 2009-01-12 http://www.securityfocus.com/bid/31733 https://www.exploit-db.com/exploits/6734
SQL injection vulnerability in login.asp in Citrix Application Gateway – Broadcast Server (BCS) before 6.1, as used by Avaya AG250 – Broadcast Server before 2.0 and possibly other products, allows remote attackers to execute...
Multiple directory traversal vulnerabilities in playSMS 0.9.3 allow remote attackers to include and execute arbitrary local files via directory traversal sequences in the (1) gateway_module parameter to plugin/gateway/gnokii/init.php and the (2) themes_module parameter to...
Directory traversal vulnerability in attachmentlibrary.php in the XStandard component for Joomla! 1.5.8 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the X_CMS_LIBRARY_PATH HTTP header. Date published :...
Cross-site request forgery (CSRF) vulnerability in admin/agent_edit.asp in PollPro 3.0 allows remote attackers to create or modify accounts as administrators via the username, password, and name parameters. Date published : 2009-01-09 http://marc.info/?l=bugtraq&m=123117044713213&w=2 http://secunia.com/advisories/33319