Microsoft Excel BIFF File Format Cell Record Parsing Memory Corruption Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Office. Exploitation requires that the attacker coerce the target into opening a malicious .XLS file. The specific flaw exists within the parsing of malformed cell comments. When Excel...

Opera browser multiple security vulnerabilities

Information leakage on form file upload, images comments scrip execution , DOM sanitization filters bypass...

Opera: Multiple vulnerabilities

Background Opera is a fast web browser that is available free of charge. Description Mozilla discovered that Opera does not handle input to file form fields properly, allowing scripts to manipulate the file path CVE-2008-1080. Max Leonov found out that image comments might be treated as scripts,...

Sql injection

SQL injection vulnerability in Phil Taylor Comments comcomments, aka Review Script 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-0773

SQL injection vulnerability in Phil Taylor Comments comcomments, aka Review Script 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-0773

SQL injection vulnerability in Phil Taylor Comments comcomments, aka Review Script 0.5.8.5g and earlier component for Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2008-0773

The CVE-2008-0773 entry describes a SQL injection in Phil Taylor Comments (com_comments, aka Review Script) for Mambo, affecting version 0.5.8.5g and earlier. The vulnerability allows remote attackers to execute arbitrary SQL commands via the id parameter, due to improper input handling in the af...

Mambo Component Comments 0.5.8.5g - SQL Injection

Mambo SQL Injection comcomments Version Affected: = 0.5.8.5g Author: CheebaHawk215 Home page: http://www.always420forum.com Dork: "Review Script", "Phil Taylor" Vulnerable Code: $ptquery = "SELECT FROM moscontentcomments where articleid=$id AND published=1 order by id DESC"; Exploit:...

Mambo Component Comments <= 0.5.8.5g SQL Injection Vulnerability

No description provided by source. Mambo SQL Injection comcomments Version Affected: = 0.5.8.5g Author: CheebaHawk215 Home page: http://www.always420forum.com Dork: "Review Script", "Phil Taylor" Vulnerable Code: $ptquery = "SELECT FROM moscontentcomments where articleid=$id AND published=1 order...

Mambo Component Comments 0.5.8.5g - SQL Injection

Mambo Component Comments 0.5.8.5g - SQL Injection Mambo SQL Injection comcomments Version Affected: = 0.5.8.5g Author: CheebaHawk215 Home page: http://www.always420forum.com Dork: "Review Script", "Phil Taylor" Vulnerable Code: $ptquery = "SELECT FROM moscontentcomments where articleid=$id AND...

phpShop 0.8.1 - SQL Injection / Filter Bypass

Vendor : PHPShop Webiste : http://www.phpshop.org Version : v0.8.1 Author: the redc0ders / theredc0dersatgmaildotcom Condition: magicquotegpc = off , in php.ini setting Details : ========== Vulnerable Code in index.php near lines 98 - 128 code // basic SQL inject detection $myinsecurearray =...

aflog 1.01 - Cross-Site Scripting / SQL Injection

Name: aflog 1.01 and possibly earlier Webiste: http://aflog.org/ Vulnerability type: SQL Injection comments.php and XSS Author: shinmai, 2008-01-22 Description: SQL INJECTION: SQL injection is possible in comments.php for the GET variable 'id', like this:...

CVE-2007-6691

Multiple unspecified vulnerabilities in Menalto Gallery before 2.2.4 have unknown impact, related to 1 "hotlink protection" in the URL rewrite module, 2 a WebDAV view in the WebDAV module, 3 a comment view in the Comment module, 4 unspecified "item information disclosure attacks" in the Core modu...

LulieBlog 1.0.1 (delete id) Remote Admin Bypass Vulnerability

No description provided by source. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: ka0x01atgmail.com D.O.M TEAM 2008 we are: ka0x,...

LulieBlog 1.0.1 - Remote Authentication Bypass

LulieBlog 1.0.1 - Remote Authentication Bypass -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- LulieBlog 1.0.1 delete id Remote Admin Bypass Vulnerability -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- bug found by ka0x contact: D.O.M TEAM 2008 we are: ka0x, an0de,...

CVE-2007-6675

The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...

CVE-2007-6675

The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...

CVE-2007-6675

The bsystemcommentsshow function in htdocs/modules/system/blocks/systemblocks.php in XOOPS before 2.0.18 does not check permissions, which allows remote attackers to read the comments in restricted modules...

MeGaCheatZ 1.1 - Multiple SQL Injections

MeGaCheatZ 1.1 - Multiple SQL Injections --------------------------------------------------------------- / | |\ \ / | / |/ | | |/ \ | | | |||| /| / / --------------------------------------------------------------- Http://www.inj3ct-it.org Staffatinj3ct-itdotorg...

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability

PR06-08: BEA Plumtree portal internal hostname disclosure vulnerability Description: BEA Plumtree portal is vulnerable to a internal hostname disclosure vulnerability. The internal hostname of the server hosting BEA Plumtree portal is always included at the bottom of every requested HTML page...