The web management interface in Netgear WGR614v9 allows remote attackers to cause a denial of service (crash) via a request that contains a question mark ("?"). Date published : 2009-02-11 http://www.securityfocus.com/bid/32290 http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065619.html
CRLF injection vulnerability in SocialEngine (SE) 2.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the PHPSESSID cookie. Date published : 2009-02-11 http://www.securityfocus.com/bid/32382 http://marc.info/?l=bugtraq&m=122720734728665&w=2
SQL injection vulnerability in profile_comments.php in SocialEngine (SE) 2.7 and earlier allows remote attackers to execute arbitrary SQL commands via the comment_secure parameter. Date published : 2009-02-11 http://www.securityfocus.com/bid/32382 http://marc.info/?l=bugtraq&m=122720734728665&w=2
Static code injection vulnerability in gooplecms/admin/account/action/editpass.php in Goople CMS 1.7 allows remote attackers to inject arbitrary PHP code into admin/userandpass.php via the (1) username and (2) password parameters. NOTE: the provenance of this information...
win/content/upload.php in Goople CMS 1.7 allows remote attackers to bypass authentication and gain administrative access by setting the loggedin cookie to 1. Date published : 2009-02-11 http://www.securityfocus.com/bid/32437 https://www.exploit-db.com/exploits/7205
SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action. Date published : 2009-02-11 http://www.securityfocus.com/bid/32434 https://www.exploit-db.com/exploits/7202
SQL injection vulnerability in the EXtrovert Software Thyme (com_thyme) 1.0 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the event parameter to index.php. Date published : 2009-02-11 http://www.securityfocus.com/bid/32417 https://www.exploit-db.com/exploits/7182
SQL injection vulnerability in directory.php in Prozilla Hosting Index allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action, a different vector than CVE-2008-2083. Date published : 2009-02-11...
SQL injection vulnerability in product_details.php in the Mytipper Zogo-shop 1.15.4 plugin for e107 allows remote attackers to execute arbitrary SQL commands via the product parameter. Date published : 2009-02-11 http://www.securityfocus.com/bid/32423 https://www.exploit-db.com/exploits/7184
Cross-site scripting (XSS) vulnerability in SemanticScuttle before 0.90 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the (1) username and (2) profile page. Date published : 2009-02-11...
Multiple directory traversal vulnerabilities in Ez Ringtone Manager allow remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a detail action to (1) main.php and (2) template.php...
SQL injection vulnerability in blog.php in NetArt Media Vlog System 1.1 allows remote attackers to execute arbitrary SQL commands via the note parameter. Date published : 2009-02-11 http://www.securityfocus.com/bid/32425 https://www.exploit-db.com/exploits/7186
at in bos.rte.cron on IBM AIX 5.2.0, 5.3.0 through 5.3.9, and 6.1.0 through 6.1.2 allows local users to read arbitrary files via unspecified vectors, related to failure to drop root privileges. Date published :...
Directory traversal vulnerability in export.php in Thyme 1.3 and earlier, when register_globals is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the export_to parameter. Date published : 2009-02-11...