Heap-based buffer overflow in IrfanView before 4.32 allows remote attackers to execute arbitrary code via crafted "Rows Per Strip" and "Samples Per Pixel" values in a TIFF image file. Date published : 2012-10-25 http://www.irfanview.com/history_old.htm...
Multiple SQL injection vulnerabilities in the selectUserIdByLoginPass function in seotoaster_core/application/models/LoginModel.php in Seotoaster 1.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login parameter to sys/login/index or (2) memberLoginName parameter...
SQL injection vulnerability in quickstart/profile/index.php in the Forum module in appRain CMF 0.1.5 allows remote attackers to execute arbitrary SQL commands via the PATH_INFO. Date published : 2012-10-25 http://www.securityfocus.com/bid/51105 http://www.exploit-db.com/exploits/18249
Cross-site scripting (XSS) vulnerability in the Search module (quickstart/search) in appRain CMF 0.1.5 allows remote attackers to inject arbitrary web script or HTML via the ss parameter. Date published : 2012-10-25 http://www.securityfocus.com/bid/51105 http://www.exploit-db.com/exploits/18249
Stack-based buffer overflow in the Syslog service (nssyslogd.exe) in Enterasys Network Management Suite (NMS) before 4.1.0.80 allows remote attackers to execute arbitrary code via a long PRIO field in a message to UDP port...
Cross-site request forgery (CSRF) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to hijack the authentication of an administrator for requests that trigger snapshots. Date published : 2012-10-25 http://www.securityfocus.com/bid/51089...
Cross-site scripting (XSS) vulnerability in wordpress_sentinel.php in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Date published : 2012-10-25 http://www.securityfocus.com/bid/51089 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel
SQL injection vulnerability in the Sentinel plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2012-10-25 http://www.securityfocus.com/bid/51089 http://plugins.trac.wordpress.org/changeset?reponame=&new=475315@wordpress-sentinel&old=474998@wordpress-sentinel
Cross-site request forgery (CSRF) vulnerability in logout.php in Cacti before 0.8.7i allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. Date published : 2012-10-25 http://www.securityfocus.com/bid/51048 http://bugs.cacti.net/view.php?id=2062
SQL injection vulnerability in rub2_w.php in PHP Flirt-Projekt 4.8 and possibly earlier allows remote attackers to execute arbitrary SQL commands via the rub parameter. Date published : 2012-10-25 http://www.securityfocus.com/bid/51106 http://packetstormsecurity.org/files/107971/flirtportal-sql.txt
Cross-site scripting (XSS) vulnerability in the getLog function in svnlook.php in WebSVN before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the path parameter to (1) comp.php, (2) diff.php, or...
Cross-site scripting (XSS) vulnerability in templates/default/Admin/Login.html in PHP-SCMS 1.6.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the lang parameter to index.php. Date published : 2012-10-25 http://www.securityfocus.com/bid/51062 http://www.rul3z.de/advisories/SSCHADV2011-035.txt
Directory traversal vulnerability in examples/show_code.php in mPDF 5.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. Date published : 2012-10-25 http://www.exploit-db.com/exploits/18248 http://osvdb.org/77939
SQL injection vulnerability in DotA OpenStats 1.3.9 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php. Date published : 2012-10-25 http://www.securityfocus.com/bid/51110 http://www.exploit-db.com/exploits/18250