Directory traversal vulnerability in get_message.cgi in QuarkMail allows remote attackers to read arbitrary files via a .. (dot dot) in the tf parameter. Date published : 2009-09-09 http://packetstormsecurity.org/0908-exploits/quarkmail-lfi.txt http://www.vupen.com/english/advisories/2009/2460
Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter. Date published : 2009-09-09 http://packetstormsecurity.org/0908-exploits/wapmotor-lfi.txt http://osvdb.org/57426
The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors. Date published : 2009-09-09 http://www.securityfocus.com/bid/36165 http://drupal.org/node/560298
Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2009-09-09 http://www.securityfocus.com/bid/36165 http://drupal.org/node/560298
Cross-site scripting (XSS) vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third...
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. Date published : 2009-09-09 http://www.securityfocus.com/bid/36180 http://packetstormsecurity.org/0908-exploits/phpfusiondsmsf-sql.txt
SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle...
SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter. Date published : 2009-09-09 http://www.exploit-db.com/exploits/9538 http://secunia.com/advisories/36124
SQL injection vulnerability in index.php in Uiga Church Portal allows remote attackers to execute arbitrary SQL commands via the year parameter in a calendar action. Date published : 2009-09-09 http://www.exploit-db.com/exploits/9535 http://osvdb.org/57464
SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party...
The RSS reader widget in IBM Lotus Notes 8.0 and 8.5 saves items from an RSS feed as local HTML documents, which allows remote attackers to execute arbitrary script in Internet Explorer’s Local Machine...
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.2, 3.x, and 2.x allows remote attackers to gain write access to product reviews via a crafted parameter. Date published : 2009-09-09 http://www.oxidforge.org/wiki/Security_bulletins/2009-002
Unspecified vulnerability in OXID eShop Professional, Enterprise, and Community Edition before 4.1.0 allows remote attackers to gain administrator privileges and access the shop backend via a crafted parameter. Date published : 2009-09-09 http://www.oxidforge.org/wiki/Security_bulletins/2009-001
The rad_decode function in FreeRADIUS before 1.1.8 allows remote attackers to cause a denial of service (radiusd crash) via zero-length Tunnel-Password attributes, as demonstrated by a certain module in VulnDisco Pack Professional 7.6 through...