Cross-site request forgery (CSRF) vulnerability in security/xamppsecurity.php in XAMPP 1.6.8 allows remote attackers to hijack the authentication of users for requests that change a certain .htaccess password via the xampppasswd parameter. Date published :...
The Neostrada Livebox ADSL Router allows remote attackers to cause a denial of service (network outage) via multiple HTTP requests for the /- URI. Date published : 2009-03-19 http://www.securityfocus.com/bid/32696 http://www.securityfocus.com/archive/1/499010/100/0/threaded
Insecure method vulnerability in the VSPDFEditorX.VSPDFEdit ActiveX control in VSPDFEditorX.ocx 1.0.200.0 in VISAGESOFT eXPert PDF EditorX allows remote attackers to create or overwrite arbitrary files via the first argument to the extractPagesToFile method. Date...
Cross-site scripting (XSS) vulnerability in index.php in Fritz Berger yet another php photo album – next generation (yappa-ng) 2.3.2 allows remote attackers to inject arbitrary web script or HTML via the album parameter. Date...
ASP User Engine.NET stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for users.mdb. Date published : 2009-03-19 https://www.exploit-db.com/exploits/7332 https://exchange.xforce.ibmcloud.com/vulnerabilities/49400
Easy Content Management Publishing stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for Database/News.mdb. Date published : 2009-03-19 https://www.exploit-db.com/exploits/7340...
Unrestricted file upload vulnerability in process.php in Tizag Countdown Creator 3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension via index.php, then accessing the uploaded file via...
PHP remote file inclusion vulnerability in connexion.php in PHPGKit 0.9 allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. NOTE: the provenance of this information is unknown; the...
function/update_xml.php in FLABER 1.1 and earlier allows remote attackers to overwrite arbitrary files by specifying the target filename in the target_file parameter. NOTE: this can be leveraged for code execution by overwriting a PHP...
SQL injection vulnerability in MyAlbum component (com_myalbum) 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the album parameter to index.php. Date published : 2009-03-19 http://www.securityfocus.com/bid/28496 https://www.exploit-db.com/exploits/5318
Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.0.0.1 through 7.4.0.1 allows remote attackers to create arbitrary directories via a .. (backslash dot dot) in an MKD request. Date...
Cross-site scripting (XSS) vulnerability in the choose_primary_blog function in wp-includes/wpmu-functions.php in WordPress MU (WPMU) before 2.7 allows remote attackers to inject arbitrary web script or HTML via the HTTP Host header. Date published :...
Stack-based buffer overflow in POP Peeper 3.4.0.0 and earlier allows remote POP3 servers to execute arbitrary code via a long Date header, related to Imap.dll. Date published : 2009-03-19 http://www.securityfocus.com/bid/34093 http://www.securityfocus.com/archive/1/501701/100/0/threaded
Stack-based buffer overflow in ediSys eZip Wizard 3.0 allows remote attackers to execute arbitrary code via a crafted .zip file. Date published : 2009-03-19 http://www.securityfocus.com/bid/34044 https://www.exploit-db.com/exploits/8180