CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

CVE-2010-2445

freeciv 2.2 before 2.2.1 and 2.3 before 2.3.0 allows attackers to read arbitrary files or execute arbitrary commands via a scenario that contains Lua functionality, related to the 1 os, 2 io, 3 package, 4 dofile, 5 loadfile, 6 loadlib, 7 module, and 8 require modules or functions...

Input validation

LibTIFF in Red Hat Enterprise Linux RHEL 3 on x8664 platforms, as used in tiff2rgba, attempts to process image data even when the required compression functionality is not configured, which allows remote attackers to cause a denial of service via a crafted TIFF image, related to "downsampled OJPE...

Gekko CMS (SQL Injection) Vulnerability

No description provided by source. 2-SQL injection Vulnerability Description: SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for strin...

CVE-2010-2452

Directory traversal vulnerability in the DCC functionality in KVIrc 3.4 and 4.0 allows remote attackers to overwrite arbitrary files via unknown vectors...

Format string

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors...

CVE-2010-2451

Multiple format string vulnerabilities in the DCC functionality in KVIrc 3.4 and 4.0 have unspecified impact and remote attack vectors...

CVE-2010-2451

KVIrc (DCC) has multiple vulnerabilities tracked as CVE-2010-2451 and CVE-2010-2452 in the DCC functionality of KVIrc 3.x/4.x. The issues are described as remotely exploitable format-string vulnerabilities (and, per GLSA, a directory-traversal issue) that could allow remote attackers to execute a...

Netartmedia Car Portal SQL Injection

================================================== Netartmedia Car Portal SQLi Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /...

[SECURITY] Fedora 13 Update: drupal-views-6.x.2.11-1.fc13

The views module provides a flexible method for Drupal site designers to control how lists of content nodes are presented. Traditionally, Drupal has hard-coded most of this, particularly in how taxonomy and tracker lists are formatted. This tool is essentially a smart query builder that, given...

Malware Rises With Smartphone Adoption

Researchers are closely watching the rise of malware on Internet-enabled mobile devices. New mobile malware boasts a broad range of functionality, including the capability to download other malicious files, detect internet connections or establish new ones, undertake URL redirection and carry out...

Shareasale Script SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= Shareasale Script SQL Injection Vulnerability ============================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

Shareasale Script - SQL Injection

1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Shareasale Script SQL Vulnerable Vendor url:http://www.jce-tech.com Version:1 Price:n/a Published:...

CVE-2010-1636

The btrfsioctlclone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only...

Code injection

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service memory error or possibly have unspecified other impact via vectors related to the "drag + drop" functionality...

CVE-2010-2093

Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service crash via a stream context structure that is freed before destruction occurs...

Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:105)

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow...

CVE-2010-1546

CVE-2010-1546 affects Drupal's Chaos Tool Suite (CTools) module 6.x, prior to 6.x-1.4. An eval injection in the import functionality allows a remote authenticated user with "administer page manager" privileges to execute arbitrary PHP code via input to a text area, via the page_manager_page_impor...