Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Sat, 22 Nov 08
sebraccms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5195
Multiple SQL injection vulnerabilities in SebracCMS (sbcms) 0.4 allow remote attackers to execute arbitrary SQL commands via (1) the recid parameter to cms/form/read.php, (2) the uname parameter to cms/index.php, and other unspecified vectors.
Sat, 22 Nov 08
online_booking_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5194
SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 22 Nov 08
philboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5193
Cross-site scripting (XSS) vulnerability in search.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to inject arbitrary web script or HTML via the searchterms parameter. NOTE: this might overlap CVE-2007-4024.
Sat, 22 Nov 08
philboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5192
SQL injection vulnerability in forum.asp in W1L3D4 Philboard 1.14 and 1.2 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. NOTE: this might overlap CVE-2008-2334, CVE-2008-1939, CVE-2007-2641, or CVE-2007-0920.
Sat, 22 Nov 08
seportal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5191
Multiple SQL injection vulnerabilities in SePortal 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) poll_id parameter to poll.php and the (2) sp_id parameter to staticpages.php.
Sat, 22 Nov 08
eshop100
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5190
SQL injection vulnerability in index.php in eSHOP100 allows remote attackers to execute arbitrary SQL commands via the SUB parameter.
Sat, 22 Nov 08
ruby_on_rails
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5189
CRLF injection vulnerability in Ruby on Rails before 2.0.5 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL to the redirect_to function.
Sat, 22 Nov 08
ecryptfs_utils
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5188
The (1) ecryptfs-setup-private, (2) ecryptfs-setup-confidential, and (3) ecryptfs-setup-pam-wrapped.sh scripts in ecryptfs-utils 45 through 61 in eCryptfs place cleartext passwords on command lines, which allows local users to obtain sensitive information by listing the process.
Sat, 22 Nov 08
imlib2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5187
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 22 Nov 08
geshi
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5186
** DISPUTED ** The set_language_path function in geshi.php in Generic Syntax Highlighter (GeSHi) before 1.0.8.1 might allow remote attackers to conduct file inclusion attacks via crafted inputs that influence the default language path ($path variable). NOTE: this issue has been disputed by a vendor, stating that only a static value is used, so this is not a vulnerability in GeSHi. Separate CVE identifiers would be created for web applications that integrate GeSHi in a way that allows contro...