CVE-2008-1191

Technical details for CVE-2008-1191 are not provided in the supplied documents. Please monitor for updates.

WebCalendar 1.1.6 - search.php Cross-Site Scripting

WebCalendar 1.1.6 - search.php Cross-Site Scripting source: https://www.securityfocus.com/bid/27461/info WebCalendar is prone to multiple HTML-injection and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically...

GeoBlog MOD_1.0 - deleteblog.php?id Arbitrary Blog Deletion

GeoBlog MOD1.0 - deleteblog.php?id Arbitrary Blog Deletion source: https://www.securityfocus.com/bid/24966/info geoBlog is prone to multiple security-bypass vulnerabilities because the application fails to properly validate users when deleting user blogs and comments. An attacker may exploit thes...

Zend Platform 2.2.1 - PHP.INI File Modification

Zend Platform 2.2.1 - PHP.INI File Modification source: https://www.securityfocus.com/bid/22802/info The Zend Platform is prone to an issue that may let local attackers modify the PHP configuration file 'php.ini'. This issue occurs because the application is installed with an 'inimodifier' progra...

MOPB-01-2007:PHP 4 Userland ZVAL Reference Counter Overflow Vulnerability

Summary The Month of PHP Bugs starts with a PHP 4 security vulnerability that exploits a problem known for many years among the PHP developers. When a PHP application is run in PHP 4 it can overflow the variable reference counter because it is only 16 bit wide. Whenever this happens it will resul...

BigACE 1.8.2 - 'admin.cmd.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/19723/info Bigace is prone to multiple remote file-include vulnerabilities because it fails to properly sanitize user-supplied input. An attacker can exploit these issues to include arbitrary remote PHP code and execute it in the context of the webserver...

Mambo Module Calendar 1.5.7 - Com_Calendar.php Remote File Inclusion

Mambo Module Calendar 1.5.7 - ComCalendar.php Remote File Inclusion source: https://www.securityfocus.com/bid/19027/info The Calendar module for Mambo is prone to a remote file-include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An...

SSA-2006-0628032502

New kdebase packages are available for Slackware 10.0, 10.1, 10.2, and -current to fix a security issue with KDM the KDE login manager which could be exploited by a local attacker to read any file on the system. The official KDE security advisory may be found here:...

MF Piadas 1.0 - 'admin.php' Remote File Inclusion

source: https://www.securityfocus.com/bid/18679/info MF Piadas is prone to a remote file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this issue to include an arbitrary remote file containing malicious PHP code and execute it in the...

CVE-2006-2906

The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw GD library aka libgd 2.0.33 allows remote attackers to cause a denial of service CPU consumption via malformed GIF data that causes an infinite loop...

Design/Logic Flaw

Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to trick users into downloading and saving an executable file via an image that is overlaid by a transparent image link that points to the executable, which causes...

UnrealIRCd 3.x - Remote Denial of Service

source: https://www.securityfocus.com/bid/17057/info UnrealIRCd is prone to a remote denial-of-service vulnerability. A remote attacker may exploit this issue to deny service for legitimate users. !/usr/bin/perl Denial of Service exploit for UnrealIRCd 3.2.3 Successfully tested on both Win32 and...

TML 0.5 - 'index.php?id' SQL Injection

source: https://www.securityfocus.com/bid/15876/info TML CMS is prone to multiple input validation vulnerabilities. Successful exploitation of these vulnerabilities could result in a compromise of the application, disclosure or modification of data, the theft of cookie-based authentication...

Relative Real Estate Systems 1.2 - SQL Injection

Relative Real Estate Systems 1.2 - SQL Injection source: https://www.securityfocus.com/bid/15714/info Relative Real Estate Systems is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'index.php' script befor...

Stylemotion WEB//NEWS 1.4 - 'print.php?id' SQL Injection

source: https://www.securityfocus.com/bid/14776/info WEB//NEWS is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. Successful exploitation could result in a compromise of...

FlatNuke 2.5.5 - structure.php Multiple Cross-Site Scripting Vulnerabilities

FlatNuke 2.5.5 - structure.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/14483/info FlatNuke is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. An...

Video Cam Server 1.0 - Full Path Disclosure

Video Cam Server 1.0 - Full Path Disclosure source: https://www.securityfocus.com/bid/13457/info Video Cam Server is prone to a path disclosure issue when invalid data is submitted. This issue can allow an attacker to access sensitive data that may be used to launch further attacks against a...

Just Williams Amazon Webstore - HTTP Response Splitting

Just Williams Amazon Webstore - HTTP Response Splitting source: https://www.securityfocus.com/bid/13428/info Amazon Webstore is prone to a HTTP response splitting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. A remote attacker may explo...

ProfitCode Software PayProCart 3.0 - AdminShop ProMod Cross-Site Scripting

ProfitCode Software PayProCart 3.0 - AdminShop ProMod Cross-Site Scripting source: https://www.securityfocus.com/bid/13308/info PayProCart is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may...

Ocean12 Calendar Manager 1.0 - Admin Form SQL Injection

source: https://www.securityfocus.com/bid/13279/info Ocean12 Calendar Manager is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could result in a compromis...