The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
Security News

CVE-2007-1983

PHP remote file inclusion vulnerability in include/default_header.php in Cyboards PHP Lite 1.21 allows remote attackers to execute arbitrary PHP code via a URL in the script_path parameter, a different vector than CVE-2006-2871.

04/11/2007

CVE-2007-1982

Multiple PHP remote file inclusion vulnerabilities in Really Simple PHP and Ajax (RSPA) 2007-03-23 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) __IncludeFilePHPClass, (2) __ClassPath, and (3) __class parameters to (a) rspa/framework/Controller_v5.php, and (b) rspa/framework/Controller_v4.php.

04/11/2007

CVE-2007-1981

The safevoid_vsnprintf function in Metamod-P 1.19p29 and earlier on Windows allows remote attackers to cause a denial of service (daemon crash) via a long meta list command.

04/11/2007

CVE-2007-1980

SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.

04/11/2007

CVE-2007-1979

SQL injection vulnerability in index.php in the PopnupBlog 2.52 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the postid parameter, possibly involving the get_blogid_from_postid function in class/PopnupBlogUtils.php.  NOTE: later versions such as 3.03 and 3.05 might also be affected.

04/11/2007

CVE-2007-1978

SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.

04/11/2007

CVE-2007-1977

Cross-site scripting (XSS) vulnerability in index_cms.php in holaCMS 1.4.10 allows remote attackers to inject arbitrary web script or HTML via the acuparam parameter.

04/11/2007

CVE-2007-1976

** DISPUTED **  PHP remote file inclusion vulnerability in index.php in the Virii Info 1.10 and earlier module for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the xoopsConfig[root_path] parameter. NOTE: the issue has been disputed by a reliable third party, stating that the application\'s checkSuperglobals function defends against the attack.

04/11/2007

CVE-2007-1975

Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.

04/11/2007

CVE-2007-1974

SQL injection vulnerability in the getArticle function in class/wfsarticle.php in WF-Section (aka WF-Sections) 1.0.1, as used in Xoops modules such as (1) Zmagazine 1.0, (2) Happy Linux XFsection 1.07 and earlier, and possibly other modules, allows remote attackers to execute arbitrary SQL commands via the articleid parameter to print.php.

04/11/2007

CVE-2007-1973

Race condition in the Virtual DOS Machine (VDM) in the Windows Kernel in Microsoft Windows NT 4.0 allows local users to modify memory and gain privileges via the temporary \\Device\\PhysicalMemory section handle, a related issue to CVE-2007-1206.

04/11/2007

CVE-2007-1971

SQL injection vulnerability in fotokategori.asp in Gazi Okul Sitesi 2007 allows remote attackers to execute arbitrary SQL commands via the query string.

04/11/2007

CVE-2007-1970

Mozilla Firefox does not warn the user about HTTP elements on an HTTPS page when the HTTP elements are dynamically created by a delayed document.write, which allows remote attackers to supply unauthenticated content and conduct phishing attacks.

04/11/2007

CVE-2007-1969

Cross-site scripting (XSS) vulnerability in admin/modify.php in Sam Crew MyBlog remote attackers to inject arbitrary web script or HTML via the id parameter.

04/11/2007

CVE-2007-1968

PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the scoreid parameter.

04/11/2007

CVE-2007-1967

** DISPUTED **  PHP remote file inclusion vulnerability in index.php in stat12 allows remote attackers to execute arbitrary PHP code via a URL in the langpath parameter.  NOTE: this issue was published by an unreliable researcher, and there is little information to determine which product is actually affected.  This is probably an invalid report based on analysis by CVE and a third party.

04/11/2007

CVE-2007-1966

Session fixation vulnerability in eXV2 CMS 2.0.4.3 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID cookie.

04/11/2007

CVE-2007-1965

Multiple cross-site scripting (XSS) vulnerabilities in eXV2 CMS 2.0.4.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the set_lang parameter to (1) archive.php, (2) article.php, (3) index.php, or (4) topics.php.

04/11/2007

CVE-2007-1964

member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account\'s registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

04/11/2007

CVE-2007-1963

SQL injection vulnerability in the create_session function in class_session.php in MyBB (aka MyBulletinBoard) 1.2.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, as utilized by index.php, a related issue to CVE-2006-3775.

04/11/2007

Security News 119841 - 119860 of 144210
First | Prev. | 5991 5992 5993 5994 5995 | Next | Last All
Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit "mbae.sys"

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015