(Description Provided by CVE) : PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.
(Description Provided by CVE) : helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.
(Description Provided by CVE) : Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (184.108.40.2060) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.
Oracle Database contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'DIRECTORY' objects which contains the location of a specific operating system directory, that may allow a remote attacker with read privileges to disclose sensitive information resulting in a loss of confidentiality.
A local overflow exists in Mac OS X. The semop() system call fails to validate a user-supplied nsops integer variable resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
A local overflow exists in Mac OS X. The searchfs() function fails to validate user-supplied values of searchblock.sizeofsearchparams1 and searchblock.sizeofsearchparams2 resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
(Description Provided by CVE) : Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.
CMSimple Content Management System contains flaws that allow a remote cross site scripting attack. These flaws exist because the application does not validate user-supplied variables upon submission to the search and guestbook modules. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
(Description Provided by CVE) : Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
Squid contains a flaw that may allow a malicious user to bypass access controls. The issue is triggered when a user adds spaces as padding around the username, when Squid authenticates against LDAP. It is possible that the flaw may allow circumvention of access controls resulting in a loss of integrity.
ITA Forum contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the fid variable in the showforum.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.