No sign up video chat - E107 check remote servers when validating email addresses
vuln Id=CVE-2008-0971Multiple cross-site scripting (XSS) vulnerabilities in in Barracuda Spam Firewall (BSF) before 3.5.12.007, Message Archiver before 1.2.1.002, Web Filter before 3.3.0.052, IM Firewall before 3.1.01.017, and Load Balancer before 2.3.024 allow remote attackers to inject arbitrary web script or HTML via (1) the Policy Name field in Search Based Retention Policy in Message Archiver; unspecified parameters in the (2) IP Configuration, (3) Administration, (4) Journal Accounts, (5) Retentio... vuln Id=CVE-2008-5683Unspecified vulnerability in Opera before 9.63 allows remote attackers to "reveal random data" via unknown vectors. vuln Id=CVE-2008-5682Cross-site scripting (XSS) vulnerability in Opera before 9.63 allows remote attackers to inject arbitrary web script or HTML via built-in XSLT templates. vuln Id=CVE-2008-5681Opera before 9.63 does not block unspecified "scripted URLs" during the feed preview, which allows remote attackers to read existing subscriptions and force subscriptions to arbitrary feed URLs. vuln Id=CVE-2008-5680Multiple buffer overflows in Opera before 9.63 might allow (1) remote attackers to execute arbitrary code via a crafted text area, or allow (2) user-assisted remote attackers to execute arbitrary code via a long host name in a file: URL. vuln Id=CVE-2008-5679The HTML parsing engine in Opera before 9.63 allows remote attackers to execute arbitrary code via crafted web pages that trigger an invalid pointer calculation and heap corruption. vuln Id=CVE-2008-5678Fretwell-Downing Informatics (FDI) OLIB7 Web View 188.8.131.52 allows remote authenticated users to obtain sensitive information from files via the infile parameter to the default URI under cgi/, as demonstrated by the (1) get_settings.ini, (2) setup.ini, and (3) files. vuln Id=CVE-2008-5677Unrestricted file upload vulnerability in Kwalbum 2.0.4, 2.0.2, and earlier, when PICS_PATH is located in the web root, allows remote authenticated users with upload capability to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file under items/, related to the Replace Bad Filename Chars function in include/Item
NOTE: some of these details are obtained from third party information. vuln Id=CVE-2008-5676Multiple unspecified vulnerabilities in the Mod Security (aka mod_security) module 2.5.0 through 2.5.5 for the Apache HTTP Server, when Sec Cache Transformations is enabled, allow remote attackers to cause a denial of service (daemon crash) or bypass the product's functionality via unknown vectors related to "transformation caching."Sat, 20 Dec 08websphere_portal
vuln Id=CVE-2008-5675Unspecified vulnerability in IBM Web Sphere Portal 6.0 before 184.108.40.206 has unknown impact and attack vectors related to "Access problems with Basic Auth TAI."Sat, 20 Dec 08webcam_xp
vuln Id=CVE-2008-5674Multiple array index errors in the HTTP server in Darkwet Network webcam XP 3.72.440.0 and earlier and beta 4.05.280 and earlier allow remote attackers to cause a denial of service (device crash) and read portions of memory via (1) an invalid camnum parameter to the pocketpc component and (2) an invalid id parameter to the show_gallery_pic component. vuln Id=CVE-2008-5673PHParanoid before 0.4 does not properly restrict access to the members area by unauthenticated users, which has unknown impact and remote attack vectors. vuln Id=CVE-2008-5672Multiple cross-site request forgery (CSRF) vulnerabilities in PHParanoid before 0.4 allow remote attackers to perform unspecified actions as authenticated users via (1) unknown vectors involving and (2) unknown vectors related to private messages. vuln Id=CVE-2008-5671PHP remote file inclusion vulnerability in in Joomla!
1.0.11 through 1.0.14, when RG_EMULATION is enabled in configuration.php, allows remote attackers to execute arbitrary PHP code via a URL in the mos Config_absolute_path parameter. vuln Id=CVE-2008-5670Textpattern (aka Txp CMS) 4.0.5 does not ask for the old password during a password reset, which makes it easier for remote attackers to change a password after hijacking a session. vuln Id=CVE-2008-5669in the comments preview section in Textpattern (aka Txp CMS) 4.0.5 allows remote attackers to cause a denial of service via a long message parameter. vuln Id=CVE-2008-5668Multiple cross-site scripting (XSS) vulnerabilities in Textpattern (aka Txp CMS) 4.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO to setup/or (2) the name parameter to in the comments preview section. vuln Id=CVE-2008-5667The scanning engine in Virus Blok Ada VBA32 Personal Antivirus 3.12.8.x allows remote attackers to cause a denial of service (memory corruption and application crash) via a malformed RAR archive. vuln Id=CVE-2008-5666Win FTP FTP Server 2.3.0, when passive (aka PASV) mode is used, allows remote authenticated users to cause a denial of service via a sequence of FTP sessions that include an invalid "NLST -1" command. vuln Id=CVE-2008-5665SQL injection vulnerability in in the xhresim module in XOOPS allows remote attackers to execute arbitrary SQL commands via the no parameter. vuln Id=CVE-2008-5664Stack-based buffer overflow in Realtek Media Player (aka Realtek Sound Manager, Rtl Rack, or rtlrack.exe) 220.127.116.11 allows remote attackers to execute arbitrary code via a crafted playlist (PLA) file. vuln Id=CVE-2008-5663Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using (1) load_or (2) a shipainter action to paint_save.php, then accessing the uploaded file via a direct request to this file in their user directory.