Unspecified vulnerability in NFS / ONCplus B.11.31_06 and B.11.31_07 on HP HP-UX B.11.31 allows local users to cause a denial of service via unknown attack vectors. Date published : 2009-07-02 http://www.securityfocus.com/bid/35547 http://marc.info/?l=bugtraq&m=124654506100944&w=2
PHP remote file inclusion vulnerability in the Green Mountain Information Technology and Consulting Database Query (com_dbquery) component 1.4.1.1 and earlier for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in...
Multiple PHP remote file inclusion vulnerabilities in V-webmail 1.6.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[pear_dir] parameter to (a) Mail/RFC822.php, (b) Net/Socket.php, (c) XML/Parser.php, (d) XML/Tree.php,...
Optimum Web Design Tutorial Share 3.5.0 and earlier allows remote attackers to bypass authentication and obtain administrative access by setting the usernamed cookie parameter. Date published : 2009-07-01 http://www.securityfocus.com/bid/35075 http://www.exploit-db.com/exploits/8766
Cross-site scripting (XSS) vulnerability in Appleple a-News 2.32 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2009-07-01 http://www.securityfocus.com/bid/35070 http://www.appleple.com/news/index.php?ID=170
Unspecified vulnerability in LoginToboggan 6.x-1.x before 6.x-1.5, a module for Drupal, when "Allow users to login using their e-mail address" is enabled, allows remote blocked users to bypass intended access restrictions via unspecified vectors....
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event...
Cross-site scripting (XSS) vulnerability in index.php in Arcade Trade Script 1.0 beta allows remote attackers to inject arbitrary web script or HTML via the q parameter in a gamelist action. Date published : 2009-07-01...
statuswml.cgi in Nagios before 3.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) ping or (2) Traceroute parameters. Date published : 2009-07-01 http://tracker.nagios.org/view.php?id=15 http://www.nagios.org/development/history/core-3x/
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause...
Buffer overflow in compface 1.5.2 and earlier allows user-assisted attackers to cause a denial of service (crash) via a long declaration in a .xbm file. NOTE: this issue only affects compface on distributions that...
Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 allows context-dependent attackers to cause a denial of service (crash) via a crafted TIFF image, a different vulnerability than CVE-2008-2327. Date published : 2009-07-01 http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html...
Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark. Date published : 2009-07-01 http://www.phpmyadmin.net/home_page/security/PMASA-2009-5.php https://www.redhat.com/archives/fedora-package-announce/2009-July/msg00256.html
Multiple cross-site scripting (XSS) vulnerabilities in the help jsp scripts in Sun Java Web Console 3.0.2 through 3.0.5, and Sun Java Web Console in Solaris 10, allow remote attackers to inject arbitrary web script...