SQL injection vulnerability in the hotpot_delete_selected_attempts function in report.php in the HotPot module in Moodle 1.6 before 1.6.7, 1.7 before 1.7.5, 1.8 before 1.8.6, and 1.9 before 1.9.2 allows remote attackers to execute arbitrary...
The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in net-snmp 5.0.9 through 5.4.2.1, when using TCP wrappers for client authorization, does not properly parse hosts.allow rules, which allows remote attackers to bypass intended access restrictions and execute SNMP...
Buffer overflow in Becky! Internet Mail 2.48.02 and earlier allows remote attackers to execute arbitrary code via a mail message with a crafted return receipt request. Date published : 2009-02-12 http://www.securityfocus.com/bid/33756 http://www.rimarts.jp/downloads/B2/Readme-e.txt
Cross-site scripting (XSS) vulnerability in the Additional Report Settings interface in ESET Remote Administrator before 3.0.105 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details...
Evolution 2.22.3.1 checks S/MIME signatures against a copy of the e-mail text within a signed-data blob, not the copy of the e-mail text displayed to the user, which allows remote attackers to spoof a...
Stack-based buffer overflow in NewsGator FeedDemon 2.7 and earlier allows user-assisted remote attackers to execute arbitrary code via a long text attribute in an outline element in a .opml file. Date published : 2009-02-12...
cgi-bin/kerbynet in ZeroShell 1.0beta11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the type parameter in a NoAuthREQ x509List action. Date published : 2009-02-12 http://www.securityfocus.com/archive/1/500763/100/0/threaded https://www.exploit-db.com/exploits/8023
Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length. Date published : 2009-02-12 http://www.securityfocus.com/bid/33674 http://gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git;a=commitdiff;h=d1c4875e1f220652fe7ff8358f56dee3b2aba31b
ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres. Date published...
SQL injection vulnerability in ProFTPD Server 1.3.1 through 1.3.2rc2 allows remote attackers to execute arbitrary SQL commands via a "%" (percent) character in the username, which introduces a "’" (single quote) character during variable...
filter.d/wuftpd.conf in Fail2ban 0.8.3 uses an incorrect regular expression that allows remote attackers to cause a denial of service (forced authentication failures) via a crafted reverse-resolved DNS name (rhost) entry that contains a substring...
Race condition in AFP Server in Apple Mac OS X 10.5.6 allows local users to cause a denial of service (infinite loop) via unspecified vectors related to "file enumeration logic." Date published : 2009-02-12...
XTerm in Apple Mac OS X 10.4.11 and 10.5.6, when used with luit, creates tty devices with insecure world-writable permissions, which allows local users to write to the Xterm of another user. Date published...
Unspecified vulnerability in the SMB component in Apple Mac OS X 10.4.11 and 10.5.6 allows remote SMB servers to cause a denial of service (memory exhaustion and system shutdown) via a crafted file system...