Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php. Date...
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter. Date published : 2009-08-21 http://www.exploit-db.com/exploits/9140 https://exchange.xforce.ibmcloud.com/vulnerabilities/52463
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3)...
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php. Date...
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter. Date published : 2009-08-21 http://www.securityfocus.com/bid/35802 http://www.pixaria.com/news/article/234
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field). Date...
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail,...
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field. Date published : 2009-08-21 http://www.securityfocus.com/bid/33545 http://securityreason.com/exploitalert/5644
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving...
Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u...
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname. Date published...
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action. Date published : 2009-08-21 http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt http://secunia.com/advisories/36294
neon before 0.28.6, when OpenSSL or GnuTLS is used, does not properly handle a ‘’ character in a domain name in the subject’s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle...
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document...