Web Wiz Guestbook 6.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database and obtain sensitive information via a direct request for database/WWGguestbook.mdb. NOTE:...
SQL injection vulnerability in index.php in Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action. Date published : 2009-04-02 http://www.securityfocus.com/bid/32819 https://www.exploit-db.com/exploits/7586
login.php in PhpAddEdit 1.3 allows remote attackers to bypass authentication and gain administrative access by setting the addedit cookie parameter. Date published : 2009-04-02 http://www.securityfocus.com/bid/32779 http://www.phpaddedit.com/page/new/
The Red_Reservations script for ColdFusion stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request to (1) makered.mdb and (2) makered97.mdb....
Race condition in the HFS vfs sysctl interface in XNU 1228.8.20 and earlier on Apple Mac OS X 10.5.6 and earlier allows local users to cause a denial of service (kernel memory corruption) by...
Multiple memory leaks in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allow local users to cause a denial of service (kernel memory consumption) via a crafted (1) SYS_add_profil or...
Heap-based buffer overflow in the AppleTalk networking stack in XNU 1228.3.13 and earlier on Apple Mac OS X 10.5.6 and earlier allows remote attackers to cause a denial of service (system crash) via a...
XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and...
Opera 9.64 allows remote attackers to cause a denial of service (application crash) via an XML document containing a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 9.52...
Apple Safari 3.2.2 and 4 Beta on Windows allows remote attackers to cause a denial of service (application crash) via an XML document containing many nested A elements. Date published : 2009-04-02 http://www.securityfocus.com/bid/34318 https://www.exploit-db.com/exploits/8325
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE:...
Unspecified vulnerability in the eClient in IBM DB2 Content Manager 8.4.1 before 8.4.1.1 has unknown impact and attack vectors. Date published : 2009-04-02 http://www-1.ibm.com/support/docview.wss?uid=swg1IO08969 http://www.securityfocus.com/bid/34326
Static code injection vulnerability in index.php in Podcast Generator 1.1 and earlier allows remote authenticated administrators to inject arbitrary PHP code into config.php via the recent parameter in a config change action. Date published...
SQL injection vulnerability in Arcadwy Arcade Script allows remote attackers to execute arbitrary SQL commands via the user cookie parameter. Date published : 2009-04-02 http://www.securityfocus.com/bid/34284 https://www.exploit-db.com/exploits/8304