Software Alerts Random Feeds
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Sat, 3 Jul 10
job_site_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-2610
Multiple SQL injection vulnerabilities in 2daybiz Job Site Script allow remote attackers to execute arbitrary SQL commands via the (1) jid parameter to view_current_job.php, (2) job_iid parameter to show_search_more.php, and (3) left_cat parameter to show_search_result.php.
Tue, 30 Dec 08
kafooeyblog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5732
Unrestricted file upload vulnerability in lib/image_upload.php in KafooeyBlog 1.55b allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file.
Tue, 21 Apr 09
cpcommerce
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1345
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
Sat, 19 Apr 08
dbmail
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6714
DBMail before 2.2.9, when using authldap with an LDAP server that supports anonymous login such as Active Directory, allows remote attackers to bypass authentication via an empty password, which causes the LDAP bind to indicate success based on anonymous authentication.
Wed, 18 Mar 09
ptk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0918
Multiple unspecified vulnerabilities in DFLabs PTK 1.0.0 through 1.0.4 allow remote attackers to execute arbitrary commands in processes launched by PTK's Apache HTTP Server via (1) "external tools" or (2) a crafted forensic image.
Fri, 17 Oct 08
dovecot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4578
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
Tue, 17 Mar 09
drake_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6475
SQL injection vulnerability in the guestbook component (components/guestbook/guestbook.php) in Drake CMS 0.4.11 and earlier allows remote attackers to execute arbitrary SQL commands via the Via HTTP header (HTTP_VIA) to index.php.
Thu, 15 Nov 07
Shockwave
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5941
Stack-based buffer overflow in the SWCtl.SWCtl ActiveX control in Adobe Shockwave allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument to the ShockwaveVersion method.
Tue, 25 Aug 09
wac_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7031
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
Thu, 15 Jan 09
developers_image_library
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5262
Multiple stack-based buffer overflows in the iGetHdrHeader function in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE file.
Thu, 14 Aug 08
Internet Explorer
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2259
Microsoft Internet Explorer 6 and 7 does not perform proper "argument validation" during print preview, which allows remote attackers to execute arbitrary code via unknown vectors, aka "HTML Component Handling Vulnerability."
Fri, 16 Jul 10
outlook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0266
Microsoft Office Outlook 2002 SP3, 2003 SP3, and 2007 SP1 and SP2 does not properly verify e-mail attachments with a PR_ATTACH_METHOD property value of ATTACH_BY_REFERENCE, which allows user-assisted remote attackers to execute arbitrary code via a crafted message, aka "Microsoft Outlook SMB Attachment Vulnerability."
Thu, 15 May 08
zomplog
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2176
Cross-site scripting (XSS) vulnerability in admin/category.php in Zomplog 3.8.2 allows remote attackers to inject arbitrary web script or HTML via the catname parameter.
Tue, 5 Feb 08
WinCom LPD Total Multiple Vulnerabilities
http://secunia.com/advisories/28763/
Luigi Auriemma has discovered some vulnerabilities in WinCom LPD Total, which can be exploited by malicious people to bypass certain security restrictions, cause a DoS (Denial of Service), or compromise a vulnerable system.
Thu, 14 Jan 10
acrobat, acrobat_reader
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3959
Integer overflow in the U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, and 8.x before 8.2 on Windows and Mac OS X, might allow attackers to execute arbitrary code via unspecified vectors.