Multiple cross-site scripting (XSS) vulnerabilities in models.parser in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to inject arbitrary web script or HTML via crafted BBcode (1) img or (2)...
Multiple cross-site request forgery (CSRF) vulnerabilities in PyForum 1.0.3 and possibly earlier versions, and possibly zForum, allow remote attackers to hijack the authentication of victims for requests that change passwords, and other unspecified requests,...
Cross-site scripting (XSS) vulnerability in Forms/login1 in American Power Conversion (APC) Switched Rack PDU AP7932 B2, running rpdu 3.3.3 or 3.7.0 on AOS 3.3.4, and possibly other versions, allows remote attackers to inject arbitrary...
Multiple unspecified vulnerabilities in Trac before 0.11.6 have unknown impact and attack vectors, possibly related to (1) "policy checks in report results when using alternate formats" or (2) a "check for the ‘raw’ role...
Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "–maxlines" option and a crafted email message. NOTE: some of these...
Cross-site scripting (XSS) vulnerability in index.php in Rumba XML 1.8 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: some of these details are obtained from third party information....
The default configuration of SQL-Ledger 2.8.24 allows remote attackers to perform unspecified administrative operations by providing an arbitrary password to the admin interface. Date published : 2009-12-23 http://www.securityfocus.com/bid/37431 http://www.securityfocus.com/archive/1/508559/100/0/threaded
nm-connection-editor in NetworkManager (NM) 0.7.x exports connection objects over D-Bus upon actions in the connection editor GUI, which allows local users to obtain sensitive information by reading D-Bus signals, as demonstrated by using dbus-monitor...
NetworkManager (NM) 0.7.2 does not ensure that the configured Certification Authority (CA) certificate file for a (1) WPA Enterprise or (2) 802.1x network remains present upon a connection attempt, which might allow remote attackers...
Condor 6.5.4 through 7.2.4, 7.3.x, and 7.4.0, as used in MRG, Grid for MRG, and Grid Execute Node for MRG, allows remote authenticated users to queue jobs as an arbitrary user, and thereby gain...
SQL-Ledger 2.8.24 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http...
Directory traversal vulnerability in the Preferences menu item in SQL-Ledger 2.8.24 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the countrycode field. Date published : 2009-12-23...
Multiple SQL injection vulnerabilities in the delete subroutine in SQL-Ledger 2.8.24 allow remote authenticated users to execute arbitrary SQL commands via the (1) id and possibly (2) db parameters in a Delete action to...
Multiple cross-site scripting (XSS) vulnerabilities in SQL-Ledger 2.8.24 allow remote authenticated users to inject arbitrary web script or HTML via (1) the DCN Description field in the Accounts Receivables menu item for Add Transaction,...