Monthly Archive: January 2009

Multiple unspecified vulnerabilities in the Arclib library (arclib.dll) before 7.3.0.15 in the CA Anti-Virus engine for CA Anti-Virus for the Enterprise 7.1, r8, and r8.1; Anti-Virus 2007 v8 and 2008; Internet Security Suite 2007...

CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary...

PacPoll 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) poll.mdb or (2) poll97.mdb. Date published :...

Ocean12 Mailing List Manager Gold stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for o12mail.mdb. Date published : 2009-01-26...

Cross-site scripting (XSS) vulnerability in default.asp in Ocean12 Mailing List Manager Gold allows remote attackers to inject arbitrary web script or HTML via the Email parameter. Date published : 2009-01-26 http://www.securityfocus.com/bid/32587 https://www.exploit-db.com/exploits/7319

Multiple SQL injection vulnerabilities in Ocean12 Mailing List Manager Gold allow remote attackers to execute arbitrary SQL commands via the Email parameter to (1) default.asp and (2) s_edit.asp. Date published : 2009-01-26 http://www.securityfocus.com/bid/32587 https://www.exploit-db.com/exploits/7319

SQL injection vulnerability in siteadmin/forgot.php in PHP JOBWEBSITE PRO allows remote attackers to execute arbitrary SQL commands via the adname parameter in a Submit action. Date published : 2009-01-26 http://www.securityfocus.com/bid/32570 http://www.packetstormsecurity.org/0812-exploits/phpjobwebsite-cmsqlxss.txt

Multiple cross-site scripting (XSS) vulnerabilities in siteadmin/forgot.php in PHP JOBWEBSITE PRO allow remote attackers to inject arbitrary web script or HTML via (1) the adname parameter in a Submit action or (2) the UserName...

SQL injection vulnerability in links.asp in Active Price Comparison 4.0 allows remote attackers to execute arbitrary SQL commands via the linkid parameter. NOTE: the provenance of this information is unknown; the details are obtained...

Multiple SQL injection vulnerabilities in login.aspx in Active Price Comparison 4.0 allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) username fields. Date published : 2009-01-26 https://www.exploit-db.com/exploits/7283 http://secunia.com/advisories/32921

SQL injection vulnerability in login.aspx in Active Web Mail 4.0 allows remote attackers to execute arbitrary SQL commands via the password parameter. Date published : 2009-01-26 https://www.exploit-db.com/exploits/7281 http://secunia.com/advisories/32921

SQL injection vulnerability in default.asp in Active Business Directory 2 allows remote attackers to execute arbitrary SQL commands via the catid parameter. Date published : 2009-01-26 http://www.securityfocus.com/bid/32551 https://www.exploit-db.com/exploits/7302

Cross-site scripting (XSS) vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to inject arbitrary web script or HTML via the id parameter. Date published : 2009-01-26 http://www.securityfocus.com/bid/32600 http://packetstorm.linuxsecurity.com/0812-exploits/orkut-sqlxss.txt

SQL injection vulnerability in profile_social.php in i-Net Solution Orkut Clone allows remote authenticated users to execute arbitrary SQL commands via the id parameter. Date published : 2009-01-26 http://www.securityfocus.com/bid/32600 http://packetstorm.linuxsecurity.com/0812-exploits/orkut-sqlxss.txt