X.Org / X11 -logfile Parameter Arbitrary File Overwrite
Freedesktop.org Xorg server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the xorg server does not properly verify the user id of the user allowing non root users access to the -logfile parameter. This then allows them to overwrite arbitrary files on the system and may lead to a loss of Integrity.. Read more.
Drupal Login Session Fixation Hijacking
Drupal contains a flaw that may allow a malicious user to hijack a user's session. The issue is triggered when the victim clicks on a specially crafted link and then later logs on to Drupal resulting in a loss of integrity.. Read more.
DCP-Portal inbox.php Multiple Variable XSS
DCP-Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'subject' and 'message' variables upon submission to the inbox.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
DCP-Portal forums.php Multiple Variable XSS
DCP-Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'bid', 'replying_msg', 'subject', 'body', and 'mid' variables upon submission to the forums.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
MyBloggie edituser.php errormsg Variable XSS
myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'errormsg' variable upon submission to the edituser.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
DCP-Portal calendar.php Multiple Variable XSS
DCP-Portal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'subject' and 'images' variables upon submission to the calendar.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
betaparticle BP Blog template_permalink.asp id Variable SQL Injection
BP Blog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the template_permalink.asp script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
MyBloggie editcat.php errormsg Variable XSS
myBloggie contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'errormsg' variable upon submission to the editcat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. Read more.
betaparticle BP Blog template_gallery_detail.asp fldGalleryID Variable SQL Injection
BP Blog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the template_gallery_detail.asp script not properly sanitizing user-supplied input to the 'fldGalleryID' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.. Read more.
AnyPortal Unspecified Path Disclosure
AnyPortal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker performs an unspecified action with the siteman.php3 script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.. Read more.
Vuln: ASP Portal Multiple SQL Injection Vulnerabilities
ASP Portal Multiple SQL Injection Vulnerabilities. Read more.
Vuln: Macromedia Flash Multiple Unspecified Security Vulnerabilities
Macromedia Flash Multiple Unspecified Security Vulnerabilities. Read more.
Vuln: Util-VServer Unknown Linux Capabilities Vulnerability
Util-VServer Unknown Linux Capabilities Vulnerability
. Read more.
Vuln: Libcgi-session-perl Multiple Insecure Temporary File Creation Vulnerabilities
Libcgi-session-perl Multiple Insecure Temporary File Creation Vulnerabilities. Read more.
Mini-Nuke<=1.8.2 SQL injection (6)
Mini-Nuke<=1.8.2 SQL injection (6). Read more.
[ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution
[ GLSA 200603-20 ] Macromedia Flash Player: Arbitrary code execution
. Read more.
[ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs
[ GLSA 200603-19 ] cURL/libcurl: Buffer overflow in the handling of TFTP URLs. Read more.
ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities
ASPPortal <= 3.1.1 Multiple Remote SQL Injection Vulnerabilities. Read more.
