Monthly Archive: August 2008

Integer overflow in the Open function in modules/demux/tta.c in VLC Media Player 0.8.6i allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted TTA file,...

Unspecified vulnerability in Serv-U File Server 7.0.0.1, and other versions before 7.2.0.1, allows remote authenticated users to cause a denial of service (daemon crash) via an SSH session with SFTP commands for directory creation...

Cross-site scripting (XSS) vulnerability in Nordicwind Document Management System (NOAH) before 3.2.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2008-08-20 http://www.securityfocus.com/bid/30747 http://www.nordicwind.ca/noah/bugs/inputval.html

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to bypass authentication and obtain administrative access via a direct request with (1) an IsAdmin=true cookie value or (2) no cookie....

Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to determine the installation path, IP addresses, and error...

Directory traversal vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to read arbitrary files via a .. (dot dot) in the URI. Date published : 2008-08-20 http://www.securityfocus.com/bid/30700...

Cross-site scripting (XSS) vulnerability in Web Based Administration in MicroWorld Technologies MailScan 5.6.a espatch 1 allows remote attackers to inject arbitrary web script or HTML via the URI. Date published : 2008-08-20 http://www.securityfocus.com/bid/30700 http://marc.info/?l=bugtraq&m=121881329424635&w=2

SQL injection vulnerability in trr.php in YourFreeWorld Ad Board Script allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-08-20 http://www.securityfocus.com/bid/30742 https://www.exploit-db.com/exploits/6271

SQL injection vulnerability in index.php in Papoo before 3.7.2 allows remote attackers to execute arbitrary SQL commands via the suchanzahl parameter. Date published : 2008-08-20 http://www.securityfocus.com/bid/30752 http://www.papoo.de/cms-news-und-infos/security/patch1-10808.html

Directory traversal vulnerability in index.php in PHPizabi 0.848b C1 HFP3 allows remote authenticated administrators to read arbitrary files via (1) a .. (dot dot), (2) a URL, or possibly (3) a full pathname in...

SQL injection vulnerability in forum/neu.asp in fipsCMS 2.1 allows remote attackers to execute arbitrary SQL commands via the kat parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

PHP remote file inclusion vulnerability in user_language.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. Date published : 2008-08-20 https://www.exploit-db.com/exploits/6250 http://securityreason.com/securityalert/4169

SQL injection vulnerability in index.php in DeeEmm CMS (DMCMS) 0.7.4 allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the id vector is already covered by CVE-2007-5679. Date published :...

SQL injection vulnerability in directory.php in SFS Affiliate Directory allows remote attackers to execute arbitrary SQL commands via the id parameter in a deadlink action. Date published : 2008-08-20 http://www.securityfocus.com/bid/30741 https://www.exploit-db.com/exploits/6270