Cross-site scripting (XSS) vulnerability in public/index.php in Linea21 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a resultats-recherche action. Date published : 2009-07-13 http://www.packetstormsecurity.com/0907-exploits/linea-xss.txt http://secunia.com/advisories/35745
Cross-site scripting (XSS) vulnerability in ogp_show.php in Online Guestbook Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via the entry parameter. Date published : 2009-07-13 http://www.packetstormsecurity.com/0907-exploits/ogp51-xss.txt http://secunia.com/advisories/35762
Cross-site scripting (XSS) vulnerability in index.php in JNM Guestbook 3.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2009-07-13 http://packetstormsecurity.org/0907-exploits/jnm-xss.txt http://secunia.com/advisories/35760
Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this...
Cross-site scripting (XSS) vulnerability in index.php in the search module in ClanSphere 2009.0 and 2009.0.2 allows remote attackers to inject arbitrary web script or HTML via the text parameter in a list action. NOTE:...
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Rentventory 1.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) username (aka Login) and (2) password parameters in a login action....
SQL injection vulnerability in page.php in Online Dating Software MyPHPDating 1.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter. Date published : 2009-07-13 http://www.securityfocus.com/bid/35603 http://packetstormsecurity.org/0907-exploits/myphpdating10-sql.txt
The Sametime server in IBM Lotus Instant Messaging and Web Conferencing 6.5.1 generates error messages for a failed logon attempt with different time delays depending on whether the user account exists, which allows remote...
Buffer overflow in the syscall implementation in IBM AIX 5.3 allows local users to gain privileges via unspecified vectors. Date published : 2009-07-13 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ54713 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ54714
Stack-based buffer overflow in the AddFavorite method in Microsoft Internet Explorer allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a long URL in the...
WordPress and WordPress MU before 2.8.1 allow remote attackers to obtain sensitive information via a direct request to wp-settings.php, which reveals the installation path in an error message. Date published : 2009-07-10 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
WordPress 2.7.1 places the username of a post’s author in an HTML comment, which allows remote attackers to obtain sensitive information by reading the HTML source. Date published : 2009-07-10 http://www.securityfocus.com/archive/1/504795/100/0/threaded http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked
Unspecified vulnerability in auditconfig in Sun Solaris 8, 9, 10, and OpenSolaris snv_01 through snv_58, when Solaris Auditing is enabled, allows local users with an RBAC execution profile for auditconfig to gain privileges via...
SmartFilter Web Gateway Security 4.2.1.00 stores user credentials in cleartext in admin_backup.xml files and uses insecure permissions for these files, which allows local users to gain privileges. NOTE: the provenance of this information is...