Monthly Archive: March 2009

Directory traversal vulnerability in FFFTP 1.96b allows remote FTP servers to create or overwrite arbitrary files via a response to an FTP LIST command with a filename that contains a .. (dot dot). Date...

Directory traversal vulnerability in passwiki.php in PassWiki 0.9.16 RC3 and earlier allows remote attackers to read arbitrary local files via a .. (dot dot) in the site_id parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/29455 https://www.exploit-db.com/exploits/5704

Multiple SQL injection vulnerabilities in PsychoStats 2.3, 2.3.1, and 2.3.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) weapon.php and (2) map.php. Date published : 2009-03-06 http://www.securityfocus.com/bid/29449 https://www.exploit-db.com/exploits/5699

PHP remote file inclusion vulnerability in social_game_play.php in Social Site Generator (SSG) 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/29462 https://www.exploit-db.com/exploits/5707

Social Site Generator (SSG) 2.0 allows remote attackers to read arbitrary files via the file parameter to (1) filedload.php, (2) webadmin/download.php, and (3) webadmin/download_file.php. Date published : 2009-03-06 http://www.securityfocus.com/bid/34149 https://www.exploit-db.com/exploits/5711

Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid...

SQL injection vulnerability in scrape.php in TorrentTrader before 2008-05-13 allows remote attackers to execute arbitrary SQL commands via the info_hash parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/29451 http://www.securityfocus.com/archive/1/492878/100/0/threaded

Unspecified vulnerability in GreenSQL-Console before 0.3.5 allows attackers to obtain the "installation directory" via unknown vectors. Date published : 2009-03-06 http://www.greensql.net/node/70 http://osvdb.org/45871

Multiple cross-site scripting (XSS) vulnerabilities in GreenSQL-Console before 0.3.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "internal pages." Date published : 2009-03-06 http://www.greensql.net/node/70 http://osvdb.org/45870

Buffer overflow in YoungZSoft CCProxy 6.5 might allow remote attackers to execute arbitrary code via a CONNECTION request with a long hostname. Date published : 2009-03-06 http://www.securityfocus.com/bid/31416 http://jbrownsec.blogspot.com/2008/09/ccproxy-near-stealth-patching.html

SQL injection vulnerability in detail.php in AJ Auction Pro Platinum Skin 2 allows remote attackers to execute arbitrary SQL commands via the item_id parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31362 https://www.exploit-db.com/exploits/6550

Cross-site scripting (XSS) vulnerability in the Answers module 5.x-1.x-dev and possibly other 5.x versions, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via a Simple Answer to a...

Unspecified vulnerability in Vignette Content Management 7.3.0.5, 7.3.1, 7.3.1.1, 7.4, and 7.5 allows "low privileged" users to gain administrator privileges via unknown attack vectors. Date published : 2009-03-06 http://www.securityfocus.com/bid/31328 http://dialog.vignette.com/hm?g=1.2jds7.bky8.rs.0.27gqh.htk8&h=1

Explay CMS 2.1 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the login cookie to 1. Date published : 2009-03-06 http://www.securityfocus.com/bid/31270 https://www.exploit-db.com/exploits/6500