Monthly Archive: January 2009

SQL injection vulnerability in show_cat2.php in SHOP-INET 4 allows remote attackers to execute arbitrary SQL commands via the grid parameter. Date published : 2009-01-27 https://www.exploit-db.com/exploits/7874 http://osvdb.org/51615

Directory traversal vulnerability in fc.php in OpenX 2.6.3 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the MAX_type parameter. Date published : 2009-01-27 http://www.securityfocus.com/bid/33458 http://www.securityfocus.com/archive/1/500411/100/0/threaded

Directory traversal vulnerability in common.php in SIR GNUBoard 4.31.03 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the g4_path parameter. NOTE: in some environments, this can...

k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to cause a denial of service (service crash) via a long filename in a crafted request. Date published : 2009-01-27 http://www.securityfocus.com/bid/33289 http://www.securityfocus.com/archive/1/500107/100/0/threaded

Directory traversal vulnerability in k23productions TFTPUtil GUI 1.2.0 and 1.3.0 allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request. Date published : 2009-01-27...

SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password. Date published : 2009-01-27 http://www.securityfocus.com/bid/33425 http://keeptoolkit.svn.sourceforge.net/viewvc/keeptoolkit?view=rev&revision=56

Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter. Date published...

Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2009-01-27 http://www.securityfocus.com/bid/33411 http://www.securityfocus.com/archive/1/500336/100/0/threaded

SQL injection vulnerability in category.php in Flax Article Manager 1.1 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter. Date published : 2009-01-27 http://www.securityfocus.com/bid/33422 http://www.flaxweb.com/products/articles

Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2009-01-27 http://www.securityfocus.com/bid/33416 http://www.securityfocus.com/archive/1/500349/100/0/threaded

Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and...

SQL injection vulnerability in login.aspx in WarHound Walking Club allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters. Date published : 2009-01-27 http://www.securityfocus.com/bid/33317 https://www.exploit-db.com/exploits/7802

Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1. Date published : 2009-01-27 http://www.securityfocus.com/bid/33401 http://www.securityfocus.com/archive/1/500292/100/0/threaded

SQL injection vulnerability in comentar.php in Pardal CMS 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2009-01-27 http://www.securityfocus.com/bid/33404 https://www.exploit-db.com/exploits/7851