Cross-site request forgery (CSRF) vulnerability in zp-core/admin-options.php in Zenphoto 1.2.5 allows remote attackers to hijack the authentication of administrators for requests that change the administrative password via the 0-adminpass and 0-adminpass_2 parameters in a...
Cross-site scripting (XSS) vulnerability in zp-core/admin.php in Zenphoto 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the from parameter. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9166 http://osvdb.org/55922
Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9165...
SQL injection vulnerability in profile.php in WebLeague 2.2.0 allows remote attackers to execute arbitrary SQL commands via the name parameter. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9162 https://exchange.xforce.ibmcloud.com/vulnerabilities/51777
Cross-site scripting (XSS) vulnerability in the Submitted By module 6.x before 6.x-1.3 for Drupal allows remote authenticated users, with "administer content types" privileges, to inject arbitrary web script or HTML via an input string...
The Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, does not properly enforce privilege requirements for unspecified pages, which...
Cross-site scripting (XSS) vulnerability in the Image Assist module 5.x-1.x before 5.x-1.8, 5.x-2.x before 2.0-alpha4, 6.x-1.x before 6.x-1.1, 6.x-2.x before 2.0-alpha4, and 6.x-3.x-dev before 2009-07-15, a module for Drupal, allows remote authenticated users, with...
Quick Heal AntiVirus Plus 2009 10.00 SP1 and Quick Heal Total Security 2009 10.00 SP1 use weak permissions (Everyone: Full Control) for the product files, which allows local users to gain privileges by replacing...
Multiple cross-site request forgery (CSRF) vulnerabilities in AgoraCart 5.2.005 and 5.2.006 and AgoraCart GOLD 5.5.005 allow remote attackers to hijack the authentication of administrators for requests that (1) modify a .htaccess file via an...
Multiple cross-site scripting (XSS) vulnerabilities in Snitz Forums 2000 3.4.07 allow remote attackers to inject arbitrary web script or HTML via (1) the url parameter to pop_send_to_friend.asp, related to a crafted onload attribute of...
Stack-based buffer overflow in iRehearse allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long string in a .m3u playlist file. Date published :...
Cross-site scripting (XSS) vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php. Date published : 2010-01-04 http://www.securityfocus.com/bid/35870 http://www.exploit-db.com/exploits/9339
SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. Date published : 2010-01-04 http://www.securityfocus.com/bid/35870...
SQL injection vulnerability in the Kunena Forum (com_kunena) component 1.5.3 and 1.5.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the func parameter to index.php. Date published : 2010-01-04 http://www.securityfocus.com/bid/36020 http://www.exploit-db.com/exploits/9408