Monthly Archive: April 2008

Multiple PHP remote file inclusion vulnerabilities in just another flat file (JAF) CMS 4.0 RC2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) website parameter to (a) forum.php,...

SQL injection vulnerability in postview.php in Clever Copy 3.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter, a different vector than CVE-2008-0363 and CVE-2006-0583. Date published : 2008-04-01 http://www.securityfocus.com/bid/28437 https://www.exploit-db.com/exploits/5502

SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter. Date published : 2008-04-01 http://www.securityfocus.com/bid/28435 https://exchange.xforce.ibmcloud.com/vulnerabilities/41422

Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files...

The (1) ltmmCaptureCtrl Class, (2) ltmmConvertCtrl Class, and (3) ltmmPlayCtrl Class ActiveX controls (ltmm15.dll 15.1.0.17 and earlier) in LEADTOOLS Multimedia Toolkit 15 allow attackers to overwrite arbitrary files via the SaveSettingsToFile method. Date published...

Cross-site scripting (XSS) vulnerability in PerlMailer before 3.02 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-04-01 http://www.securityfocus.com/bid/28472 http://cgi.din.or.jp/~hideyuki/cgi-bin/diary-s/perldiary-s.cgi

Cross-site scripting (XSS) vulnerability in GNB DesignForm before 3.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the email form. Date published : 2008-04-01 http://www.securityfocus.com/bid/28471 http://www.gnbnet.com/cgi/readme/designform.html

The SOAP interface in OTRS 2.1.x before 2.1.8 and 2.2.x before 2.2.6 allows remote attackers to "read and modify objects" via SOAP requests, related to "Missing security checks." Date published : 2008-04-01 http://www.securityfocus.com/bid/28647 http://otrs.org/advisory/OSA-2008-01-en/