Monthly Archive: July 2008

Directory traversal vulnerability in include/head_chat.inc.php in php Help Agent 1.0 and 1.1 Full allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the content parameter. NOTE: in...

Multiple directory traversal vulnerabilities in help/help.php in Interact Learning Community Environment Interact 2.4.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) module and (2)...

SQL injection vulnerability in mojoAuto.cgi in MojoAuto allows remote attackers to execute arbitrary SQL commands via the cat_a parameter in a browse action. Date published : 2008-07-30 https://www.exploit-db.com/exploits/6111 http://secunia.com/advisories/31162

SQL injection vulnerability in mojoClassified.cgi in MojoClassifieds 2.0 allows remote attackers to execute arbitrary SQL commands via the cat_a parameter. Date published : 2008-07-30 https://www.exploit-db.com/exploits/6108 http://secunia.com/advisories/31166

Multiple cross-site scripting (XSS) vulnerabilities in macro/AdvancedSearch.py in moin (and MoinMoin) 1.6.3 and 1.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-07-30 http://www.securityfocus.com/bid/30297 http://hg.moinmo.in/moin/1.6/rev/8686a10f1f58

Cross-site scripting (XSS) vulnerability in ajaxp_backend.php in MyioSoft EasyBookMarker 4.0 trial edition (tr) allows remote attackers to inject arbitrary web script or HTML via the rs parameter. Date published : 2008-07-30 http://www.securityfocus.com/bid/30304 http://www.securityfocus.com/archive/1/494550/100/0/threaded

Cross-site scripting (XSS) vulnerability in Snark VisualPic 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the pic parameter to the default URI. NOTE: the provenance of this information is unknown;...

SQL injection vulnerability in comment.php in Fizzmedia 1.51.2 allows remote attackers to execute arbitrary SQL commands via the mid parameter. Date published : 2008-07-30 http://www.securityfocus.com/bid/30374 https://www.exploit-db.com/exploits/6133

SQL injection vulnerability in picture.php in phpTest 0.6.3 allows remote attackers to execute arbitrary SQL commands via the image_id parameter. Date published : 2008-07-30 http://www.securityfocus.com/bid/30377 https://www.exploit-db.com/exploits/6134

Multiple unspecified vulnerabilities in JamRoom before 3.4.0 have unknown impact and attack vectors. Date published : 2008-07-30 http://www.securityfocus.com/bid/30406 http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1177

The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. Date published : 2008-07-30...

SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action. Date published : 2008-07-30 http://www.securityfocus.com/bid/30423 http://www.securityfocus.com/archive/1/494866/100/0/threaded

The files parsing engine in Grisoft AVG Anti-Virus before 8.0.156 allows remote attackers to cause a denial of service (engine crash) via a crafted UPX compressed file, which triggers a divide-by-zero error. Date published...

SQL injection vulnerability in search_form.php in Getacoder Clone allows remote attackers to execute arbitrary SQL commands via the sb_protype parameter. Date published : 2008-07-30 http://www.securityfocus.com/bid/30388 https://www.exploit-db.com/exploits/6143