Unspecified vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to bypass intended access restrictions and cause a denial of service via unknown vectors. Date published : 2010-10-28 http://marc.info/?l=bugtraq&m=128811259326540&w=2 http://marc.info/?l=bugtraq&m=128811259326540&w=2
Cross-site scripting (XSS) vulnerability in HP Insight Control Virtual Machine Management before 6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2010-10-28 http://marc.info/?l=bugtraq&m=128811259326540&w=2 http://marc.info/?l=bugtraq&m=128811259326540&w=2
Multiple SQL injection vulnerabilities in the Administrative Interface in the IIS extension in Symantec IM Manager before 8.4.16 allow remote attackers to execute arbitrary SQL commands via (1) the rdReport parameter to rdpageimlogic.aspx, related...
ess.pm in NitroSecurity NitroView ESM 8.4.0a, when ESSPMDebug is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the Request parameter to ess. Date published : 2010-10-27 http://www.securityfocus.com/bid/44421 http://www.exploit-db.com/exploits/15318
monotone before 0.48.1, when configured to allow remote commands, allows remote attackers to cause a denial of service (crash) via an empty argument to the mtn command. Date published : 2010-10-27 http://www.securityfocus.com/bid/44383 http://www.monotone.ca/NEWS
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Aardvark Topsites PHP 5.2.0 and 5.2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) mail, (2) title, (3) u, and (4)...
share/ma/keys_for_user in Monkeysphere 0.31 and 0.32 allows local users to execute arbitrary code via unknown manipulations related to the "monkeysphere-authentication keys-for-user" command. Date published : 2010-10-27 http://web.monkeysphere.info/news/CVE-2010-4096/ https://lists.riseup.net/www/arc/monkeysphere/2010-10/msg00066.html
Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs. Date published : 2010-10-27 http://weblog.rubyonrails.org/2010/10/15/security-vulnerability-in-nested-attributes-code-in-ruby-on-rails-2-3-9-and-3-0-0...
Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the –remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using (backslash) as a separator of path...
Mozilla Firefox 3.5.x through 3.5.14 and 3.6.x through 3.6.11, Thunderbird 3.1.6 before 3.1.6 and 3.0.x before 3.0.10, and SeaMonkey 2.x before 2.0.10, when JavaScript is enabled, allows remote attackers to execute arbitrary code via...
rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by...
Cross-site scripting (XSS) vulnerability in Joomla! 1.5.x before 1.5.21 and 1.6.x before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via vectors involving "multiple encoded entities," as demonstrated by the query...
libpurple in Pidgin before 2.7.4 does not properly validate the return value of the purple_base64_decode function, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and application crash) via...
Buffer overflow in the smiGetNode function in lib/smi.c in libsmi 0.4.8 allows context-dependent attackers to execute arbitrary code via an Object Identifier (aka OID) represented as a numerical string containing many components separated by...