Directory traversal vulnerability in index.php in IdeaCart 0.02 and 0.02a allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. Date published : 2011-09-09 http://www.securityfocus.com/bid/33765 http://www.exploit-db.com/exploits/8049
SQL injection vulnerability in secure/index.php in IdeaCart 0.02 allows remote attackers to execute arbitrary SQL commands via the cID parameter. Date published : 2011-09-09 http://www.securityfocus.com/bid/33765 http://www.exploit-db.com/exploits/8049
Directory traversal vulnerability in geohttpserver in Geovision Digital Video Surveillance System 8.2 allows remote attackers to read arbitrary files via a .. (dot dot) in a GET request. Date published : 2011-09-09 http://www.securityfocus.com/bid/33735 http://www.securityfocus.com/archive/1/500858/100/0/threaded
The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL...
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.125 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. Date published : 2011-09-09 http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks.html http://osvdb.org/75378
Multiple unspecified vulnerabilities in Google Chrome before 14.0.835.157 on the Acer AC700, Samsung Series 5, and Cr-48 Chromebook platforms have unknown impact and attack vectors. Date published : 2011-09-09 http://googlechromereleases.blogspot.com/2011/09/beta-channel-update-for-chromebooks_06.html http://osvdb.org/75377
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter. Date published : 2011-09-08 http://www.securityfocus.com/bid/49347 http://www.phorum.org/phorum5/read.php?64,149490,149490#msg-149490
IBM Rational Build Forge 7.1.2 relies on client-side JavaScript code to enforce the EditSecurity permission requirement for the Export Key File function, which allows remote authenticated users to read a key file by removing...
Cross-site scripting (XSS) vulnerability in the Sage add-on 1.3.10 and earlier for Firefox allows remote attackers to inject arbitrary web script or HTML via a crafted feed, a different vulnerability than CVE-2009-4102. Date published...
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2011-09-08 http://jvn.jp/en/jp/JVN71435255/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Date published : 2011-09-08 http://jvn.jp/en/jp/JVN71435255/index.html http://jvndb.jvn.jp/jvndb/JVNDB-2011-000068
Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service (daemon crash) or possibly gain privileges via (1) a crafted BMP file with RLE compression or (2) crafted...
Multiple buffer overflows in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via vectors related to (1) NAME, (2) PLYR, (3) CHTS, or...
Multiple off-by-one errors in order_cmd.cpp in OpenTTD before 1.1.3 allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted CMD_INSERT_ORDER command. Date published : 2011-09-08...