Monthly Archive: December 2005

Cross-site scripting (XSS) vulnerability in search.cgi in MR CGI Guy Hot Links SQL 3.1.x and Hot Links Pro 3.1.x allows remote attackers to inject arbitrary web script or HTML via the query string. Date...

SQL injection vulnerability in FileLister 0.51 and earlier allows remote attackers to execute arbitrary SQL commands via the search parameters, possibly the searchwhat parameter to definesearch.jsp. Date published : 2005-12-06 http://www.securityfocus.com/bid/15706 http://pridels0.blogspot.com/2005/12/filelister-sql-inj-vuln.html

Directory traversal vulnerability in arhiva.php in Web4Future Portal Solutions News Portal allows remote attackers to read arbitrary files via the dir parameter. Date published : 2005-12-06 http://www.securityfocus.com/bid/15718 http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html

SQL injection vulnerability in comentarii.php in Web4Future Portal Solutions News Portal allows remote attackers to execute arbitrary SQL commands via the idp parameter. Date published : 2005-12-06 http://www.securityfocus.com/bid/15716 http://pridels0.blogspot.com/2005/12/web4future-portal-solutions-news.html

SQL injection vulnerability in functions.php in Web4Future Affiliate Manager PRO 4.1 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. Date published : 2005-12-06 http://www.securityfocus.com/bid/15717 http://pridels0.blogspot.com/2005/12/web4future-affiliate-manager-pro-sql.html

Cross-site scripting (XSS) vulnerability in index.cgi in Web4Future KeyWord Frequency Counter 1.0 allows remote attackers to inject arbitrary web script or HTML via the "remote URL." Date published : 2005-12-06 http://www.securityfocus.com/bid/15702 http://pridels0.blogspot.com/2005/12/keyword-frequency-counter-v10-xss-vuln.html

Multiple SQL injection vulnerabilities in Web4Future eCommerce Enterprise Edition 2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prod, and (2) brid parameters to (a) view.php; the (3) the...

Multiple SQL injection vulnerabilities in Web4Future eDating Professional 5 allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) pg, and (3) sortb parameters to (a) index.php; (4) cid parameter to...

Nodezilla 0.4.13-corno-fulgure does not properly protect the evl_data directory, which could allow them to be shared when they are not protected by PRIVATEDATADIR in nodezilla.ini, which allows remote attackers to obtain sensitive information. Date...

Cross-site scripting (XSS) vulnerability in search.cgi in Easy Search System 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the q parameter. Date published : 2005-12-06 http://www.securityfocus.com/bid/15705 http://pridels0.blogspot.com/2005/12/easy-search-system-v11-xss-vuln.html

Eval injection vulnerability in MediaWiki 1.5.x before 1.5.3 allows remote attackers to execute arbitrary PHP code via the "user language option," which is used as part of a dynamic class name that is processed...

SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header. Date published : 2005-12-06 http://www.securityfocus.com/bid/15710 http://sourceforge.net/project/shownotes.php?release_id=375970&group_id=154354

Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS,...

Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX,...