CVE-2012-0981

Directory traversal vulnerability in phpShowtime 2.0 allows remote attackers to list arbitrary directories and image files via a .. dot dot in the r parameter to index.php. NOTE: Some of these details are obtained from third party information...

CVE-2011-3809

TheHostingTool THT 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by includes/pear/Mail/smtp.php and certain other files...

CmsFromScratch 1.9.2 Shell Upload

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

CVE-2011-0031

The 1 JScript 5.8 and 2 VBScript 5.8 scripting engines in Microsoft Windows Server 2008 R2 and Windows 7 do not properly load decoded scripts obtained from web pages, which allows remote attackers to trigger memory corruption and consequently obtain sensitive information via a crafted web site, a...

Siestta <= 2.0 Multiple Vulnerabilities

Siestta and is prone multiple vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:ramoncastro:siestta"; ifdescriptio...

F3Site < 2010 'GLOBALS[nlang]' Parameter Multiple LFI Vulnerabilities

F3Site is prone to multiple local file include LFI vulnerabilities. SPDX-FileCopyrightText: 2010 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2009-2514

win32k.sys in the kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not correctly parse font code during construction of a directory-entry table, which allows remote attackers to execute arbitrary code via a crafted Embedded OpenType EOT font, aka "Win32k EOT Parsing...

Design/Logic Flaw

Unspecified vulnerability in the OC4J component in Oracle Application Server 10.1.2.3 allows remote attackers to affect confidentiality via unknown vectors...

CVE-2008-3115

Secure Static Versioning in Sun Java JDK and JRE 6 Update 6 and earlier, and 5.0 Update 6 through 15, does not properly prevent execution of applets on older JRE releases, which might allow remote attackers to exploit vulnerabilities in these older releases...

Format string

Format string vulnerability in the log function in Georgia SoftWorks SSH2 Server GSWSSHD 7.01.0003 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username field, as demonstrated by a certain LoginPassword message...

openSUSE 10 Security Update : MozillaThunderbird (MozillaThunderbird-1672)

This update of Mozilla Thunderbird fixes the security problems fixed in version 1.5.0.4: MFSA 2006-31/CVE-2006-2787: EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via JavaScript that calls the valueOf method on objects that were created...

Information disclosure

Nokia Intellisync Mobile Suite 6.4.31.2, 6.6.0.107, and 6.6.2.2, possibly involving Novell Groupwise Mobile Server and Nokia Intellisync Wireless Email Express, allows remote attackers to obtain user names and other sensitive information via a direct request to 1 usrmgr/userList.asp or 2...

Format string

Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via crafted arguments. NOTE: some of these details are obtained from third party information...

CVE-2006-6799

SQL injection vulnerability in Cacti 0.8.6i and earlier, when registerargcargv is enabled, allows remote attackers to execute arbitrary SQL commands via the 1 second or 2 third arguments to cmd.php. NOTE: this issue can be leveraged to execute arbitrary commands since the SQL query results are...

CVE-2006-4996

Unspecified vulnerability in JoomlaLib comjoomlalib before 1.2.2 for Joomla! allows remote attackers to have an unknown impact, related to "Joomla globals hacked by script kiddies."...

Yukihiro Matsumoto Ruby 1.x - XMLRPC Server Denial of Service

source: https://www.securityfocus.com/bid/17645/info Ruby is affected by a denial-of-service vulnerability in the WEBrick HTTP server. This issue is due to the use of blocking network operations. Ruby's implementation of XML/RPC is also affected, since it uses the vulnerable WEBrick server. This...

CVE-2006-1530

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the...

CVE-2005-4227

Multiple "potential" SQL injection vulnerabilities in DCP-Portal 6.1.1 might allow remote attackers to execute arbitrary SQL commands via 1 the password and username parameters in advertiser.php, 2 the aid parameter in announcement.php, 3 the dcp5memberid, year, agid, day, days, hour, minute,...