SQL injection vulnerability in customprofile.php in 2daybiz Matrimonial Script allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2010-06-28 http://www.securityfocus.com/bid/41109 http://www.exploit-db.com/exploits/14008
SQL injection vulnerability in viewnews.php in 2daybiz Multi Level Marketing (MLM) Software allows remote attackers to execute arbitrary SQL commands via the nwsid parameter. Date published : 2010-06-28 http://www.securityfocus.com/bid/41097 http://www.exploit-db.com/exploits/14005
SQL injection vulnerability in customize.php in 2daybiz Web Template Software allows remote attackers to execute arbitrary SQL commands via the tid parameter. Date published : 2010-06-28 http://www.exploit-db.com/exploits/14020 http://secunia.com/advisories/40348
Multiple cross-site scripting (XSS) vulnerabilities in 2daybiz Web Template Software allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to category.php and the (2) password parameter to memberlogin.php....
SQL injection vulnerability in user-profile.php in 2daybiz Video Community Portal Script allows remote attackers to execute arbitrary SQL commands via the userid parameter. Date published : 2010-06-28 http://www.securityfocus.com/bid/41114 http://www.exploit-db.com/exploits/14018
Directory traversal vulnerability in the Picasa2Gallery (com_picasa2gallery) component 1.2.8 and earlier for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the controller...
Cross-site scripting (XSS) vulnerability in debug.cgi in Linksys WAP54Gv3 firmware 3.05.03 and 3.04.03 allows remote attackers to inject arbitrary web script or HTML via the data1 parameter. Date published : 2010-06-28 http://www.securityfocus.com/archive/1/511952/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/59699
Soft SaschArt SasCAM Webcam Server 2.6.5, 2.7, and earlier allows remote attackers to cause a denial of service (crash) via a large number of requests with a long line, as demonstrated using a long...
Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allows remote authenticated users to obtain sensitive information via HTTP header injection, aka SPL-31066. Date published : 2010-06-28 http://www.splunk.com/view/SP-CAAAFGD
Multiple cross-site scripting (XSS) vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) redirects, aka SPL-31067; (2) unspecified "user->user or user->admin"...
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow (1) remote attackers to read arbitrary files, aka SPL-31194; (2) remote authenticated users to modify arbitrary files, aka SPL-31063; or...
Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading...
Cross-site request forgery (CSRF) vulnerability in report/overview/report.php in the quiz module in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to hijack the authentication of arbitrary users for requests that delete quiz...
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML...