SQL injection vulnerability in frs/shownotes.php in Gforge 4.5.19 and earlier allows remote attackers to execute arbitrary SQL commands via the release_id parameter. Date published : 2009-02-19 http://www.securityfocus.com/bid/31674 http://gforge.org/tracker/index.php?func=detail&aid=5553&group_id=1&atid=105
Stack-based buffer overflow in RaidenFTPD 2.4 build 3620 allows remote authenticated users to cause a denial of service (crash) or execute arbitrary code via long (1) CWD and (2) MLST commands. Date published :...
NoticeWare Email Server NG 5.1.2.2 allows remote attackers to cause a denial of service (crash) via multiple POP3 requests with a long PASS command. Date published : 2009-02-19 http://www.securityfocus.com/bid/31697 https://www.exploit-db.com/exploits/6719
SQL injection vulnerability in the OwnBiblio (com_ownbiblio) component 1.5.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a catalogue action to index.php. Date published : 2009-02-19 http://www.securityfocus.com/bid/31725...
Multiple directory traversal vulnerabilities in index.php in My PHP Indexer 1.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) d and (2) f parameters. Date published :...
SQL injection vulnerability in the Ignite Gallery (com_ignitegallery) component 0.8.0 through 0.8.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the gallery parameter in a view action to index.php. Date published...
SQL injection vulnerability in the Mad4Joomla Mailforms (com_mad4joomla) component before 1.1.8.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the jid parameter to index.php. Date published : 2009-02-19 http://www.securityfocus.com/bid/31712 http://www.mad4media.de/mad4joomla-mailforms-faq.html
SQL injection vulnerability in system/nlb_user.class.php in NewLife Blogger 3.0 and earlier, and possibly 3.3.1, allows remote attackers to execute arbitrary SQL commands via the nlb3 cookie. Date published : 2009-02-19 http://www.securityfocus.com/bid/31728 http://www.securityfocus.com/archive/1/497283/100/0/threaded
SQL injection vulnerability in sug_cat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter, a different vector than CVE-2007-4069. Date published : 2009-02-19 http://www.securityfocus.com/bid/31744 https://www.exploit-db.com/exploits/6746
Unrestricted file upload vulnerability in editor/filemanager/browser/default/connectors/php/connector.php in FCKeditor 2.2, as used in Falt4 CMS, Nuke ET, and other products, allows remote attackers to execute arbitrary code by creating a file with PHP sequences preceded...
Multiple directory traversal vulnerabilities in LightBlog 9.8, when magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) username parameter to view_member.php, (2)...
SilverSHielD 1.0.2.34 allows remote attackers to cause a denial of service (application crash) via a crafted argument to the opendir SFTP command. Date published : 2009-02-19 http://www.securityfocus.com/bid/31884 https://www.exploit-db.com/exploits/6815
Cross-site scripting (XSS) vulnerability in admin/postlister/index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the liste parameter. Date published : 2009-02-19 http://www.securityfocus.com/bid/31890 http://www.digitrustgroup.com/advisories/web-application-security-jetbox2.html
Cross-site scripting (XSS) vulnerability in fullscreen.php in ClipShare Pro 4.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter. Date published : 2009-02-19 http://www.securityfocus.com/bid/31898 http://downloads.securityfocus.com/vulnerabilities/exploits/31898.html