The installer for Metasploit Framework 3.5.1, when running on Windows, uses weak inherited permissions for the Metasploit installation directory, which allows local users to gain privileges by replacing critical files with a Trojan horse....
SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm. Date published : 2011-02-21 http://www.securityfocus.com/bid/46373 http://www.exploit-db.com/exploits/16171
Unspecified vulnerability in the PEF input file loader in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors. Date published : 2011-02-21 http://www.securityfocus.com/bid/46525 https://www.hex-rays.com/vulnfix.shtml
Unspecified vulnerability in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (out-of-memory exception and inability to analyze code) via a...
Integer overflow in the PSX/GEOS input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. Date published : 2011-02-21 http://www.securityfocus.com/bid/46525 https://www.hex-rays.com/vulnfix.shtml
Integer overflow in the COFF/EPOC/EXPLOAD input file loaders in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to memory allocation. Date published : 2011-02-21 http://www.securityfocus.com/bid/46525 https://www.hex-rays.com/vulnfix.shtml
Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface." Date...
Buffer overflow in the Mach-O input file loader in Hex-Rays IDA Pro 5.7 and 6.0 allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted...
SQL injection vulnerability in product.php in MihanTools 1.33 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2011-02-21 http://www.securityfocus.com/bid/46287 http://www.exploit-db.com/exploits/16143
Multiple SQL injection vulnerabilities in VastHTML Forum Server (aka ForumPress) plugin 1.6.1 and 1.6.5 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) search_max parameter in a search action to...
IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all...
Unspecified vulnerability in the Rendition Engine (aka P8RE) 4.0.1 through 4.5.1 in IBM FileNet P8 Content Manager (CM) allows remote attackers to gain privileges via unknown vectors. Date published : 2011-02-21 http://www.securityfocus.com/bid/46424 http://www-01.ibm.com/support/docview.wss?uid=swg21462440
RealNetworks RealPlayer 11.0 through 11.1, SP 1.0 through 1.1.5, and 14.0.0 through 14.0.1, and Enterprise 2.0 through 2.1.4, uses predictable names for temporary files, which allows remote attackers to conduct cross-domain scripting attacks and...
actionpack/lib/action_view/template/resolver.rb in Ruby on Rails 3.0.x before 3.0.4, when a case-insensitive filesystem is used, does not properly implement filters associated with the list of available templates, which allows remote attackers to bypass intended access...