gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen locking...
The ActiveScan Installer ActiveX control in as2stubie.dll before 1.3.3.0 in PandaActiveScan Installer 2.0 in Panda ActiveScan downloads software in an as2guiie.cab archive located at an arbitrary URL, and does not verify the archive’s digital...
Cross-site scripting (XSS) vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the return parameter. NOTE: the provenance of this information is unknown; the details are...
evalSMSI 2.1.03 stores passwords in cleartext in the database, which allows attackers with database access to gain privileges. NOTE: remote attack vectors are possible by leveraging a separate SQL injection vulnerability. Date published :...
Cross-site scripting (XSS) vulnerability in assess.php in evalSMSI 2.1.03 allows remote attackers to inject arbitrary web script or HTML via the reports comment box in a continue_assess action. NOTE: some of these details are...
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions....
Directory traversal vulnerability in viewfile.php in ARWScripts Fonts Script allows remote attackers to read arbitrary local files via directory traversal sequences in a base64-encoded f parameter. NOTE: the provenance of this information is unknown;...
Unspecified vulnerability in DocumentManager before 4.0 has unknown impact and attack vectors, related to file rights. Date published : 2010-02-11 http://freshmeat.net/projects/dmanager/releases/311735 http://www.osvdb.org/62032
Multiple SQL injection vulnerabilities in adminlogin.php in Baal Systems 3.8 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. Date published : 2010-02-11 http://www.securityfocus.com/bid/38139 http://www.exploit-db.com/exploits/11346
Multiple SQL injection vulnerabilities in the Photoblog (com_photoblog) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the blog parameter in an images action to index.php. NOTE: a separate vector for...
SQL injection vulnerability in header.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the nova_name cookie parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...
SQL injection vulnerability in index.php in NovaBoard 1.1.2 allows remote attackers to execute arbitrary SQL commands via the forums[] parameter in a search action. Date published : 2010-02-11 http://www.securityfocus.com/bid/37988 http://www.exploit-db.com/exploits/11278
Cross-site scripting (XSS) vulnerability in Forms/status_statistics_1 in the Sterlite SAM300 AX Router allows remote attackers to inject arbitrary web script or HTML via the Stat_Radio parameter. Date published : 2010-02-11 http://marc.info/?l=full-disclosure&m=126531284626756&w=2 http://packetstormsecurity.org/1002-exploits/sterlite-xss.txt
Cross-site scripting (XSS) vulnerability in scp/ajax.php in osTicket before 1.6.0 Stable allows remote authenticated users to inject arbitrary web script or HTML via the f parameter, possibly related to an error message generated by...