Monthly Archive: February 2007

SQL injection vulnerability in view.php in XLAtunes 0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the album parameter in view mode. NOTE: some of these details are obtained from third...

PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter. Date published : 2007-02-21...

PHP remote file inclusion vulnerability in include.php in Meganoide’s news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter. Date published : 2007-02-21 http://www.securityfocus.com/bid/22589 http://www.securityfocus.com/archive/1/460323/100/0/threaded

SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-02-21 http://www.securityfocus.com/bid/22593 https://www.exploit-db.com/exploits/3321

SQL injection vulnerability in h_goster.asp in Turuncu Portal 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...

SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. Date published : 2007-02-21 http://www.securityfocus.com/bid/22582 https://www.exploit-db.com/exploits/3317

Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter. Date published : 2007-02-21 http://www.securityfocus.com/bid/22588 http://www.securityfocus.com/bid/22653

SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388. Date published :...

PHP remote file inclusion vulnerability in tpl/header.php in VirtualSystem VS-News-System 1.2.1 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. NOTE: the...

PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter. Date published : 2007-02-21 http://www.securityfocus.com/bid/22592 https://www.exploit-db.com/exploits/3322

SQL injection vulnerability in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via certain vectors related to the HaberDetay.asp and rss.asp components, and the id and kid parameters. NOTE: the provenance...

SQL injection vulnerability in HaberDetay.asp in Aktueldownload Haber script allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-02-21 https://www.exploit-db.com/exploits/3318 http://www.vupen.com/english/advisories/2007/0620

Stack-based buffer overflow in VicFTPS before 5.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long CWD command. Date published : 2007-02-21 http://www.securityfocus.com/bid/22608 http://vicftps.50webs.com/

PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter. Date published : 2007-02-21 http://www.securityfocus.com/bid/22598 https://www.exploit-db.com/exploits/3324