Bluedot CMS suffers from an unauthenticated remote file upload vulnerability.
e52fe98f33d42a0e32c447b813d37a97aff489f49053507cbb934871f70d3533
Kasseler CMS version 1.3.0 suffers from local file inclusion and cross site scripting vulnerabilities.
960e320a162aa963101f64d3bb25212aa97aefd716af1b465c966bfa0e7a52f4
Thelia version 1.3.5 remote code execution, remote file upload, and validation vulnerabilities exploit.
b395f719dff7637357db79b49ffc855c914e54212781f978584a7be59c707179
Safari using Quicktime versions 7.3 and below RTSP Content-Type remote buffer overflow exploit. Binds a shell to port 4444.
3ae2df615d9e4a9958237076c63fea6b950f858678fd4999524ca7ecf87996c4
CMailServer version 5.4.6 remote SEH overwrite exploit that makes use of CMailCOM.dll.
ea0b0242a0fc727b78e7e6fb28226cc14dcc1fd48573abb0cd3ab7f3773e2bf7
Mandriva Linux Security Advisory - A vulnerability was found in gnome-screensaver 2.20.0 that could possibly allow a local user to read the clipboard contents and X selection data for a locked session by using CTRL-V. The updated packages have been patched to correct this issue.
856f8db83fd3e04b5b28f303f9008ca2e2b8e46a184fa73cfe420863014ed630
Mandriva Linux Security Advisory - An incorrect fix for CVE-2007-6239 resulted in Squid not performing proper bounds checking when processing cache update replies. Because of this, a remote authenticated user might have been able to trigger an assertion error and cause a denial of service. The updated packages have been patched to correct this issue.
d0d3c8b5ed8a1da403fb42d6a0ee7b6726a9aaa5ff7a50b893de74b1a75cc8ee
Mandriva Linux Security Advisory - A denial of service condition was discovered in Sympa versions prior to 5.4 that allowed remote attackers to crash the Sympa daemon via a malformed email message. The updated packages have been patched to correct this issue.
ec39b639b918df016c71edcd834969c4fb8b52e6740bbc04df433e55dfa91233
Mandriva Linux Security Advisory - A vulnerability was found in gnome-screensaver prior to 2.22.1 when a remote authentication server was enabled. During a network outage, gnome-screensaver would crash upon an unlock attempt, allowing physically local users to gain access to locked sessions. The updated packages have been patched to correct this issue.
db1fd54bfb61c2ea50edcb42a6982539a04cc059a046ec15aa3893a6d4f9df0a
Mandriva Linux Security Advisory - A few vulnerabilities and security-related issues have been fixed in phpMyAdmin since the 2.11.2.2 release. This update provides version 2.11.7 which is the latest stable release of phpMyAdmin and fixes CVE-2008-1149, CVE-2008-1567, CVE-2008-1924, and CVE-2008-2960. No configuration changes should be required since the previous update (version 2.11.2.2). If upgrading from older versions, it may be necessary to reconfigure phpMyAdmin. The configuration file is located in /etc/phpMyAdmin/. In most cases, it should be sufficient so simply replace config.default.php with config.default.php.rpmnew and make whatever modifications are necessary.
111ac8a31b58f8fecdc3b03bf5f9410ebb9e17423d9935e13fa0a53a6e8c3e8d
Mandriva Linux Security Advisory - An integer overflow in the zip_read_entry() function in PHP prior to 4.4.5 allowed remote attackers to execute arbitrary code via a ZIP archive containing a certain type of entry that triggered a heap overflow. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The updated packages have been patched to correct these issues.
0edaea08014bc6c30ae3a3b2bcb1063f187d429361d166a693111557ccf96ac7
Mandriva Linux Security Advisory - Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The updated packages have been patched to correct these issues.
36c685354707ed85c37d537fa3d18fa1b4cdf1dc975794ed6df7b5c8b8e59c42
Mandriva Linux Security Advisory - php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request. In addition, the updated packages provide a number of bug fixes. The updated packages have been patched to correct these issues.
a957e83af46278fc9927d4b20a07a5126ff6e3efeacf1d3c314a8c6362e8f534
Mandriva Linux Security Advisory - The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. php-cgi in PHP prior to 5.2.6 does not properly calculate the length of PATH_TRANSLATED, which has unknown impact and attack vectors. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request. In addition, this update also corrects an issue with some float to string conversions.
983189b46f7172be5f967d2c4586512e100842f9151f6b89c51f240979f59cba
Mandriva Linux Security Advisory - PHP 5.2.1 would allow context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with 'S:', which did not properly track the number of input bytes being processed. A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems. CVE-2008-2108). The IMAP module in PHP uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) via a long IMAP request.
ce9b044b78980ef6d383b1f63b8399d81b2ddddbe899ab732db688d002d50709
Mandriva Linux Security Advisory - A vulnerability in the chunk_split() function in PHP prior to 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation. The htmlentities() and htmlspecialchars() functions in PHP prior to 5.2.5 accepted partial multibyte sequences, which has unknown impact and attack vectors. The output_add_rewrite_var() function in PHP prior to 5.2.5 rewrites local forms in which the ACTION attribute references a non-local URL, which could allow a remote attacker to obtain potentially sensitive information by reading the requests for this URL. The escapeshellcmd() API function in PHP prior to 5.2.6 has unknown impact and context-dependent attack vectors related to incomplete multibyte characters. Weaknesses in the GENERATE_SEED macro in PHP prior to 4.4.8 and 5.2.5 were discovered that could produce a zero seed in rare circumstances on 32bit systems and generations a portion of zero bits during conversion due to insufficient precision on 64bit systems.
462dab3e1f36a6a4ce46057d21433dea88b99d76289a74f98523fde4a31b12ba
Site@School versions 2.4.10 and below session hijacking and file upload exploit.
6d51de712c6cd5d2def192149da1adf51eacce0cd0ecbac1cc50f0808efd93e1
The Joomla DBQuery component versions 1.4.1.1 and below suffers from a remote file inclusion vulnerability.
2b23ed557f790207a63755c717fd6827b024ed61634b6c2f28f4b2a7b487ba19
Joomla is component version 1.0.1 multiple remote SQL injection vulnerabilities exploit.
20998a2bf2ac4d1edd7f6947dedc2dad496801fc6304ef54cb100d7707e2b6a1
Joomla altas component version 1.0 multiple remote SQL injection vulnerabilities exploit.
3f5da0defafb7a9afe521eb5fad2602434f5e1e4a4a1090734b9149003bacd36
phpWebNews version 0.2 MySQL Edition suffers from a SQL injection vulnerability.
a4a5231424e378960ec0b55cd1427ac869eec5f0573097b5500e9a2d58fe11cc
phpWebNews version 0.2 MySQL Edition suffers from a SQL injection vulnerability.
01f0791f72ea18e3a37ea5cebf341ec4442b39edb2b3a970a4b3026eeef15dac
Debian Security Advisory 1601-1 - Several remote vulnerabilities have been discovered in Wordpress, the weblog manager. WordPress allows remote attackers to redirect authenticated users to other websites and potentially obtain sensitive information. The XML-RPC implementation, when registration is enabled, allows remote attackers to edit posts of other blog users.
8822869f8cd95f90c21a34e417807e9f29bb5fe083285efafc6419d01e43f4f0
CMS WebBlizzard blind SQL injection exploit that takes advantage of index.php.
fe40f3991bebe0ac24f272a6bf0d3ca48f3ad1c5b41e0e275984def748c0b425
phPortal version 1.2 multiple remote file inclusion vulnerabilities exploit.
023914ad82267ee83dda061bf5bd114995345fa96d7a842e7d111ec018758819