WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to obtain sensitive information via unspecified requests that trigger responses containing the saved-image folder pathname. Date published : 2009-09-29 http://www.securityfocus.com/archive/1/506555/100/0/threaded http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339
Directory traversal vulnerability in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allows remote attackers to read arbitrary files via unspecified vectors. Date published : 2009-09-29 http://www.securityfocus.com/archive/1/506555/100/0/threaded http://radnet.radactive.com/forum/Default.aspx?g=posts&t=339
Multiple cross-site scripting (XSS) vulnerabilities in WebCoreModule.ashx in RADactive I-Load before 2008.2.5.0 allow remote attackers to inject arbitrary web script or HTML via parameters with names beginning with __ (underscore underscore) sequences, which are...
MP3 Collector 2.3 allows remote attackers to cause a denial of service (application crash) via a long URL in a .m3u playlist file. Date published : 2009-09-29 http://www.exploit-db.com/exploits/9689
npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value...
Unrestricted file upload vulnerability in RADactive I-Load before 2008.2.5.0 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, and then sending a request for a predictable filename during...
Heap-based buffer overflow in textbox.c in newt 0.51.5, 0.51.6, and 0.52.2 allows local users to cause a denial of service (application crash) or possibly execute arbitrary code via a request to display a crafted...
Unspecified vulnerability in the Sender module in HP Remote Graphics Software (RGS) 5.1.3 through 5.2.6 allows remote authenticated users to execute arbitrary code via unknown vectors. Date published : 2009-09-29 http://www.securityfocus.com/archive/1/506783/100/0/threaded http://www.securityfocus.com/archive/1/506783/100/0/threaded
Unspecified vulnerability in HP ProCurve Identity Driven Manager (IDM) A.02.x through A.02.03 and A.03.x through A.03.00, on Windows Server 2003 with IAS and Windows Server 2008 with NPS, allows local users to gain privileges...
SQL injection vulnerability in the MyRemote Video Gallery (com_mytube) component 1.0 Beta for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a videos action to index.php. Date published...
Unspecified vulnerability in Code-Crafters Ability Mail Server before 2.70 allows remote attackers to cause a denial of service (daemon crash) via an IMAP4 FETCH command. Date published : 2009-09-28 http://www.securityfocus.com/bid/36519 http://www.code-crafters.com/abilitymailserver/updatelog.html
Cross-site scripting (XSS) vulnerability in email.php in e107 0.7.16 and earlier allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header in a news.1 (aka news to email) action....
SQL injection vulnerability in the Fastball (com_fastball) component 1.1.0 through 1.2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the league parameter to index.php. Date published : 2009-09-28 http://packetstormsecurity.org/0909-exploits/joomlafastball-sql.txt http://secunia.com/advisories/36878
The Meta tags (aka Nodewords) module before 6.x-1.1 for Drupal does not properly follow permissions during assignment of node meta tags, which allows remote attackers to obtain sensitive information via unspecified vectors. Date published...