Monthly Archive: March 2009

Directory traversal vulnerability in show.php in ol’bookmarks manager 0.7.5 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the show parameter. Date published : 2009-03-06...

SQL injection vulnerability in index.php in ol’bookmarks manager 0.7.5 allows remote attackers to execute arbitrary SQL commands via the id parameter in a brain action. Date published : 2009-03-06 https://www.exploit-db.com/exploits/6547 https://exchange.xforce.ibmcloud.com/vulnerabilities/45368

PHP remote file inclusion vulnerability in frame.php in ol’bookmarks manager 0.7.5 allows remote attackers to execute arbitrary PHP code via a URL in the framefile parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31348 https://www.exploit-db.com/exploits/6547

Directory traversal vulnerability in frame.php in ol’bookmarks manager 0.7.5 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the framefile parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31348 https://www.exploit-db.com/exploits/6547

Cross-site scripting (XSS) vulnerability in admin.php in DataLife Engine (DLE) 7.2 allows remote attackers to inject arbitrary web script or HTML via the query string. Date published : 2009-03-06 http://www.securityfocus.com/bid/31335 http://www.securityfocus.com/archive/1/496605/100/0/threaded

SQL injection vulnerability in showcategory.php in Hotscripts Clone allows remote attackers to execute arbitrary SQL commands via the cid parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31345 https://www.exploit-db.com/exploits/6545

Cross-site scripting (XSS) vulnerability in add_calendars.php in eXtrovert Software Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the callback parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31287 http://www.digitrustgroup.com/advisories/web-application-security-thyme2.html

PHP remote file inclusion vulnerability in themes/default/include/html/insert.inc.php in OpenRat 0.8-beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the tpl_dir parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31339 https://www.exploit-db.com/exploits/6538

PHP remote file inclusion vulnerability in hu/modules/reg-new/modstart.php in Sofi WebGui 0.6.3 PRE and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mod_dir parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31341...

SQL injection vulnerability in sayfa.php in JETIK-WEB allows remote attackers to execute arbitrary SQL commands via the kat parameter. Date published : 2009-03-06 http://www.securityfocus.com/bid/31343 https://www.exploit-db.com/exploits/6542

The crypto pseudo device driver in Sun Solaris 10, and OpenSolaris snv_88 through snv_102, does not properly free memory, which allows local users to cause a denial of service (panic) via unspecified vectors, related...

The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a...

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit...

Cross-site scripting (XSS) vulnerability in refbase before 0.9.5 allows remote attackers to inject arbitrary web script or HTML via the headerMsg parameter to (1) show.php and (2) search.php. NOTE: some of these details are...