dom/base/nsJSEnvironment.cpp in Mozilla Firefox 3.5.x before 3.5.11 and 3.6.x before 3.6.7, Thunderbird 3.0.x before 3.0.6 and 3.1.x before 3.1.1, and SeaMonkey before 2.0.6 does not properly suppress a script’s URL in certain circumstances involving...
The clientautoresp function in family_icbm.c in the oscar protocol plugin in libpurple in Pidgin before 2.7.2 allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via an...
Buffer overflow in Apple iTunes before 9.2.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted itpc: URL. Date published : 2010-07-29 http://lists.apple.com/archives/security-announce/2010//Jul/msg00000.html http://support.apple.com/kb/HT4263
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the _a parameter in a downloads action. Date published : 2010-07-28 http://www.securityfocus.com/bid/41756 http://www.exploit-db.com/exploits/14404
SQL injection vulnerability in index.php in Kayako eSupport 3.70.02 allows remote attackers to execute arbitrary SQL commands via the newsid parameter in a viewnews action. Date published : 2010-07-28 http://www.securityfocus.com/bid/41779 http://www.exploit-db.com/exploits/14392
SQL injection vulnerability in the Ozio Gallery (com_oziogallery) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php. Date published : 2010-07-28 http://www.exploit-db.com/exploits/14462 http://packetstormsecurity.org/1007-exploits/joomlaoziogallery-sql.txt
SQL injection vulnerability in ttvideo.php in the TTVideo (com_ttvideo) component 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid parameter in a video action to index.php. Date published :...
SQL injection vulnerability in the Joomdle (com_joomdle) component 0.24 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the course_id parameter in a detail action to index.php. Date published :...
SQL injection vulnerability in the Huru Helpdesk (com_huruhelpdesk) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a detail action to index.php. Date published : 2010-07-28 http://www.securityfocus.com/bid/39366...
SQL injection vulnerability in articlesdetails.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2010-2905. Date published : 2010-07-28 http://www.exploit-db.com/exploits/14371...
SQL injection vulnerability in info.php in ScriptsFeed and BrotherScripts (BS) Scripts Directory allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2010-07-28 http://www.securityfocus.com/bid/41733 http://www.exploit-db.com/exploits/14370
Multiple cross-site scripting (XSS) vulnerabilities in the System Landscape Directory (SLD) component 6.4 through 7.02 in SAP NetWeaver allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to...
Google Chrome before 5.0.375.125 performs unexpected truncation and improper eliding of hostnames, which has unspecified impact and remote attack vectors. Date published : 2010-07-28 http://code.google.com/p/chromium/issues/detail?id=48597 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html
The SVG implementation in Google Chrome before 5.0.375.125 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Date published : 2010-07-28 http://code.google.com/p/chromium/issues/detail?id=48284 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update_26.html