SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php. Date published : 2009-07-09 http://www.securityfocus.com/bid/35519 http://www.exploit-db.com/exploits/9040
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action,...
SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...
Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the ldt_rewrite_syscall function. Date published...
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly...
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary...
Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl module in an arbitrary directory. Date...
SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary SQL commands via the id parameter in a...
Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are obtained from third...
SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter. Date published : 2009-07-08 http://www.securityfocus.com/bid/35538 http://www.exploit-db.com/exploits/9054
admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN. Date published : 2009-07-08 http://www.exploit-db.com/exploits/9053 http://osvdb.org/55505
Gizmo 3.1.0.79 on Linux does not verify a server’s SSL certificate, which allows remote servers to obtain the credentials of arbitrary users via a spoofed certificate. Date published : 2009-07-08 http://www.securityfocus.com/bid/35508 http://www.securityfocus.com/archive/1/504572/100/0/threaded
Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable. Date published : 2009-07-08 http://www.securityfocus.com/bid/35342 http://www.4homepages.de/forum/index.php?topic=25057.0
Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter. Date published : 2009-07-08 http://www.securityfocus.com/bid/35537...