PHP remote file inclusion vulnerability in includes/moderation.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the includes_directory parameter....
SQL injection vulnerability in index.php in Katalog Stron Hurricane 1.3.5, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the get parameter. Date published : 2010-02-22 http://www.exploit-db.com/exploits/11452 http://packetstormsecurity.org/1002-exploits/katalog-rfisql.txt
Directory traversal vulnerability in index.php in the RWCards (com_rwcards) component 3.0.18 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter. Date published : 2010-02-22 http://www.securityfocus.com/bid/38267...
Cross-site scripting (XSS) vulnerability in index.php in BGSvetionik BGS CMS 2.2.1 allows remote attackers to inject arbitrary web script or HTML via the search parameter in a search action. NOTE: some of these details...
StatCounteX 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for path/stats.mdb. Date published : 2010-02-22 http://www.exploit-db.com/exploits/11434 http://packetstormsecurity.org/1002-exploits/statcountex-disclose.txt
SQL injection vulnerability in cplphoto.php in the Copperleaf Photolog plugin 0.16, and possibly earlier, for WordPress allows remote attackers to execute arbitrary SQL commands via the postid parameter. Date published : 2010-02-22 http://www.securityfocus.com/bid/38239 http://www.exploit-db.com/exploits/11458
SQL injection vulnerability in index.php in WSN Guest 1.02 allows remote attackers to execute arbitrary SQL commands via the orderlinks parameter. Date published : 2010-02-22 http://www.securityfocus.com/bid/38236 http://www.exploit-db.com/exploits/11436
SQL injection vulnerability in index.php in KR MEDIA Pogodny CMS allows remote attackers to execute arbitrary SQL commands via the id parameter in a niusy action. Date published : 2010-02-22 http://www.securityfocus.com/bid/38253 http://www.securityfocus.com/archive/1/509554/100/0/threaded
Unspecified vulnerability in the IP-Tech JQuarks (com_jquarks) Component before 0.2.4 for Joomla! allows attackers to obtain the installation path for Joomla! via unknown vectors. Date published : 2010-02-22 http://www.iptechinside.com/labs/news/show/6 https://exchange.xforce.ibmcloud.com/vulnerabilities/56523
openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors. Date published : 2010-02-22 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, and SeaMonkey before 2.0.3, does not properly restrict read access to object properties in showModalDialog, which allows remote attackers to bypass the Same Origin Policy...
Use-after-free vulnerability in the HTML parser in Mozilla Firefox 3.0.x before 3.0.18 and 3.5.x before 3.5.8, Thunderbird before 3.0.2, and SeaMonkey before 2.0.3 allows remote attackers to execute arbitrary code via unspecified method calls...
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages. Date published : 2010-02-21 http://www.securityfocus.com/bid/38058 http://www.securityfocus.com/archive/1/516397/100/0/threaded
Unspecified vulnerability in the OpenID Identity Authentication extension in TYPO3 4.3.0 allows remote attackers to bypass authentication and gain access to a backend user account via unknown attack vectors in which both the attacker...