Monthly Archive: May 2008

The POP3 server (EPSTPOP3S.EXE) 4.22 in E-Post Mail Server 4.10 allows remote attackers to obtain sensitive information via multiple crafted APOP commands for a known POP3 account, which displays the password in a POP3...

Cross-site scripting (XSS) vulnerability in hpz/admin/Default.asp in Angelo-Emlak 1.0 allows remote attackers to inject arbitrary web script or HTML via the sayfa parameter. Date published : 2008-05-01 http://www.securityfocus.com/bid/28949 https://www.exploit-db.com/exploits/5503

Multiple SQL injection vulnerabilities in Angelo-Emlak 1.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) hpz/profil.asp and (2) hpz/prodetail.asp. Date published : 2008-05-01 http://www.securityfocus.com/bid/28949 https://www.exploit-db.com/exploits/5503

Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter. Date published : 2008-05-01 http://www.securityfocus.com/bid/28984 http://marc.info/?l=bugtraq&m=120950161507846&w=2

Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into...

includes/library.php in netOffice Dwins 1.3 p2 compares the demoSession variable to the ‘true’ string literal instead of the true boolean literal, which allows remote attackers to bypass authentication and execute arbitrary code by setting...

Multiple cross-site request forgery (CSRF) vulnerabilities in cPanel, possibly 11.18.3 and 11.19.3, allow remote attackers to (1) execute arbitrary code via the command1 parameter to frontend/x2/cron/editcronsimple.html, and perform various administrative actions via (2) frontend/x2/sql/adddb.html,...

ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL. Date published : 2008-05-01 http://www.securityfocus.com/bid/28968 http://www.zoneminder.com/wiki/index.php/Change_History#Release_1.23.3