Monthly Archive: June 2008

SQL injection vulnerability in index.php in WebChamado 1.1 allows remote attackers to execute arbitrary SQL commands via the eml parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

AlstraSoft AskMe Pro 2.1 and earlier stores passwords in cleartext in a MySQL database, which allows context-dependent attackers to obtain sensitive information. Date published : 2008-06-25 https://www.exploit-db.com/exploits/5821

SQL injection vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-06-25 http://www.securityfocus.com/bid/29818 https://www.exploit-db.com/exploits/5860

Cross-site scripting (XSS) vulnerability in clanek.php in OwnRS Beta 3 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2008-06-25 http://www.securityfocus.com/bid/29818 https://www.exploit-db.com/exploits/5860

Multiple PHP remote file inclusion vulnerabilities in Orlando CMS 0.6 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[preloc] parameter to (1) modules/core/logger/init.php and (2) AJAX/newscat.php. Date published :...

SQL injection vulnerability in index.php in Easy Webstore 1.2 allows remote attackers to execute arbitrary SQL commands via the cat_path parameter. Date published : 2008-06-25 http://www.securityfocus.com/bid/29806 https://www.exploit-db.com/exploits/5855

Cross-site scripting (XSS) vulnerability in CGIWrap before 4.1, when an Internet Explorer based browser is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to failure to set...

Multiple buffer overflows in OFF System before 0.19.14 allow remote attackers to have an unknown impact via unspecified vectors related to "parsing of http headers." Date published : 2008-06-25 http://www.securityfocus.com/bid/29809 http://sourceforge.net/project/shownotes.php?release_id=607827

SQL injection vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified cookies, related to improper use of the Drupal database API. Date published...

Cross-site scripting (XSS) vulnerability in the TrailScout module 5.x before 5.x-1.4 for Drupal allows remote authenticated users, with create post permissions, to inject arbitrary web script or HTML via unspecified vectors. Date published :...

Cross-site scripting (XSS) vulnerability in the search functionality in MindTouch DekiWiki before 8.05.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-06-25 http://www.securityfocus.com/bid/29830 http://bugs.developer.mindtouch.com/view.php?id=4200

SQL injection vulnerability in the Trade module in Maxtrade AIO 1.3.23 allows remote attackers to execute arbitrary SQL commands via the categori parameter in a pocategorisell action to modules.php. Date published : 2008-06-25 http://www.securityfocus.com/bid/29799...

SQL injection vulnerability in index.php in BoatScripts Classifieds allows remote attackers to execute arbitrary SQL commands via the type parameter. Date published : 2008-06-25 http://www.securityfocus.com/bid/29801 https://www.exploit-db.com/exploits/5858

SQL injection vulnerability in index.php in MyBizz-Classifieds allows remote attackers to execute arbitrary SQL commands via the cat parameter. Date published : 2008-06-25 http://www.securityfocus.com/bid/29798 https://www.exploit-db.com/exploits/5854