Monthly Archive: April 2005

SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter. Date published : 2005-04-12 http://secunia.com/advisories/14913

index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter. Date published : 2005-04-12 http://secunia.com/advisories/14913

Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 allows remote attackers to execute arbitrary SQL commands via (1) the id parameter to view.php or (2) the from parameter to members/index.php. Date published : 2005-04-12 http://www.securityfocus.com/bid/13082...

Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2005-04-12 http://www.securityfocus.com/bid/13082 http://www.securityfocus.com/archive/1/395530

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in filenames...

SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. Date published : 2005-04-12 http://marc.info/?l=bugtraq&m=111340031132596&w=2 http://www.securiteam.com/unixfocus/5LP0G0AFFY.html

XAMPP 1.4.x has multiple default or null passwords, which allows attackers to gain privileges. Date published : 2005-04-12 http://www.securityfocus.com/bid/13131 http://marc.info/?l=full-disclosure&m=111330048629182&w=2

Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x allow remote attackers to inject arbitrary web script or HTML via (1) cds.php, (2) Guestbook-EN.pl, or (3) phonebook.php. Date published : 2005-04-12 http://www.securityfocus.com/bid/13126 http://www.securityfocus.com/bid/13127

Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field. Date published : 2005-04-12 http://www.securityfocus.com/bid/13101 http://www.securityfocus.com/archive/1/395544

Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or...

SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter. Date published : 2005-04-12 http://www.securityfocus.com/bid/13080 http://www.securityfocus.com/archive/1/395527

Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter. Date published : 2005-04-12 http://www.securityfocus.com/bid/13080 http://www.securityfocus.com/archive/1/395527

Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows remote attackers to inject arbitrary web script or HTML. Date published : 2005-04-12 http://www.punbb.org/ http://secunia.com/advisories/14882

SQL injection vulnerability in banner.inc.php in JPortal Web Portal 2.3.1 allows remote attackers to execute arbitrary SQL commands via the haslo parameter. Date published : 2005-04-12 http://marc.info/?l=bugtraq&m=111331738223323&w=2 http://www.osvdb.org/15476