Cross-site scripting (XSS) vulnerability in account-closed.tcl in ]project-open[ (aka ]po[) 3.4.x, 3.5.0.1-2, and possibly other versions allows remote attackers to inject arbitrary web script or HTML via the message parameter to register/account-closed. Date published...
Multiple SQL injection vulnerabilities in login2.php in XRay CMS 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. Date published : 2012-02-07 http://www.securityfocus.com/bid/51870 http://archives.neohapsis.com/archives/bugtraq/2012-02/0068.html
Absolute path traversal vulnerability in file in Enigma2 Webinterface 1.6.0 through 1.6.8, 1.6rc3, and 1.7.0 allows remote attackers to read arbitrary files via a full pathname in the file parameter. Date published : 2012-02-07...
Directory traversal vulnerability in file in Enigma2 Webinterface 1.5rc1 and 1.5beta4 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter. Date published : 2012-02-07 http://www.exploit-db.com/exploits/18343 https://exchange.xforce.ibmcloud.com/vulnerabilities/73109
Open redirect vulnerability in admin/index.php in 4images 1.7.10 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirect parameter. Date published : 2012-02-07 http://www.securityfocus.com/bid/51774...
SQL injection vulnerability in admin/categories.php in 4images 1.7.10 remote attackers to execute arbitrary SQL commands via the cat_parent_id parameter in an addcat action. Date published : 2012-02-07 http://www.securityfocus.com/bid/51774 http://packetstormsecurity.org/files/109290/4images-xss.txt
Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. Date published : 2012-02-07 http://www.securityfocus.com/bid/51774 http://packetstormsecurity.org/files/109290/4images-xss.txt
Multiple cross-site scripting (XSS) vulnerabilities in login.php in NexorONE Online Banking allow remote attackers to inject arbitrary web script or HTML via the (1) visitor_language parameter to register.php or (2) message parameter. Date published...
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile,...
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the from parameter. Date published : 2012-02-07...
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) ip_addr[0][2], or (3) ip_addr[0][9] parameters. Date published...
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a certain value, then uploading a...
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a PHP file, then accessing it...
OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. Date published : 2012-02-07 http://www.exploit-db.com/exploits/18453 http://secpod.org/advisories/SecPod_Exploit_OfficeSIP_Server_DOS_Vuln.txt