Monthly Archive: May 2007

Multiple PHP remote file inclusion vulnerabilities in FlaP 1.0b (1.0 Beta) allow remote attackers to execute arbitrary PHP code via a URL in the pachtofile parameter to (1) skin/html/table.php or (2) login.php. Date published...

Multiple PHP remote file inclusion vulnerabilities in Mazen’s PHP Chat 3.0.0 allow remote attackers to execute arbitrary PHP code via a URL in the basepath parameter to (1) ITX.php, (2) IT_Error.php, or (3) IT.php...

Buffer overflow in the BaseRunner ActiveX control in the Ademco ATNBaseLoader100 Module (ATNBaseLoader100.dll) 5.4.0.6, when Internet Explorer 6 is used, allows remote attackers to execute arbitrary code via a long argument to the (1)...

PHP remote file inclusion vulnerability in admin/admin.php in TROforum 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_url parameter. Date published : 2007-05-30 http://www.securityfocus.com/bid/24170 https://www.exploit-db.com/exploits/3995

Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php. Date...

core/spellcheck/spellcheck.php in Fundanemt before 2.2.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the dict parameter. Date published : 2007-05-30 http://www.securityfocus.com/bid/24185 http://www.fundanemt.org/newsarchive/?number=23

Directory traversal vulnerability in skins/common.css.php in Vistered Little 1.6a allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. Date published : 2007-05-30 http://www.securityfocus.com/bid/24178 https://www.exploit-db.com/exploits/3999

SQL injection vulnerability in index.php in the Phil-a-Form (com_philaform) 1.2.0.0 and earlier component for Joomla! allows remote attackers to execute arbitrary SQL commands via the form_id parameter. Date published : 2007-05-30 https://www.exploit-db.com/exploits/4003 http://osvdb.org/38150

Cross-site scripting (XSS) vulnerability in index.php in BoastMachine allows remote attackers to inject arbitrary web script or HTML via the blog parameter in a content search action. Date published : 2007-05-30 http://www.securityfocus.com/bid/24156 http://www.securityfocus.com/archive/1/469590/100/0/threaded

Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter. Date published : 2007-05-30 http://www.securityfocus.com/bid/24108 http://www.securityfocus.com/archive/1/469269/100/0/threaded

Cross-site scripting (XSS) vulnerability in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the title field in an email. Date published : 2007-05-30 http://www.securityfocus.com/archive/1/469216/100/0/threaded http://osvdb.org/36255

Multiple cross-site scripting (XSS) vulnerabilities in PsychoStats 3.0.6b allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) awards.php, (2) login.php, (3) register.php, (4) weapons.php, and possibly other unspecified...

Cross-site scripting (XSS) vulnerability in index.php in ClonusWiki .5 allows remote attackers to inject arbitrary web script or HTML via the query parameter. Date published : 2007-05-30 http://www.securityfocus.com/archive/1/469230/100/0/threaded http://osvdb.org/38148

Unspecified vulnerability in Jelsoft vBulletin before 3.6.6, when unauthenticated User Infraction Permissions is disabled, allows remote attackers to see the infraction "red flag" for a deleted user. Date published : 2007-05-30 http://www.vbulletin.com/forum/project.php?issueid=21481 http://osvdb.org/38616