Monthly Archive: May 2009

Xerox WorkCentre and WorkCentre Pro 232, 238, 245, 255, 265, 275; and WorkCentre 5632, 5638, 5645, 5655, 5665, 5675, 5687, 7655, 7656, and 7675 allows remote attackers to execute arbitrary commands via unknown attack...

Multiple SQL injection vulnerabilities in myaccount.php in Easy Scripts Answer and Question Script allow remote authenticated users to execute arbitrary SQL commands via the (1) user name (userid parameter) and (2) password. Date published...

Cross-site scripting (XSS) vulnerability in questiondetail.php in Easy Scripts Answer and Question Script allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. Date published : 2009-05-16 http://www.securityfocus.com/bid/34975 https://www.exploit-db.com/exploits/8690

Directory traversal vulnerability in examples/tbs_us_examples_0view.php in TinyButStrong 3.4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the script parameter. Date published : 2009-05-16 https://www.exploit-db.com/exploits/8667 http://www.vupen.com/english/advisories/2009/1304

admin/adminaddeditdetails.php in Business Community Script does not properly restrict access, which allows remote attackers to gain privileges and add administrators via a direct request. Date published : 2009-05-16 http://www.securityfocus.com/bid/34976 https://www.exploit-db.com/exploits/8689

SQL injection vulnerability in admin/member_details.php in 2daybiz Business Community Script allows remote attackers to execute arbitrary SQL commands via the mid parameter. Date published : 2009-05-16 http://www.securityfocus.com/bid/34976 https://www.exploit-db.com/exploits/8689

Multiple SQL injection vulnerabilities in photos.php in Shutter 0.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) albumID, (2) tagID, and (3) photoID parameters to index.html. Date published : 2009-05-16 http://www.securityfocus.com/bid/34967...

Directory traversal vulnerability in arch.php in beLive 0.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the arch parameter. Date published : 2009-05-16 http://www.securityfocus.com/bid/34968 https://www.exploit-db.com/exploits/8680

Heap-based buffer overflow in popcorn.exe in Ultrafunk Popcorn 1.87 allows remote POP3 servers to cause a denial of service (application crash) via a long string in a +OK response. NOTE: some of these details...

Stack-based buffer overflow in Mini-stream RM Downloader 3.0.0.9 allows remote attackers to execute arbitrary code via a long rtsp URL in a .ram file. Date published : 2009-05-15 http://www.securityfocus.com/bid/34860 https://www.exploit-db.com/exploits/8628

Multiple stack-based buffer overflows in Mini-stream Easy RM-MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the...

Stack-based buffer overflow in Sorinara Streaming Audio Player 0.9 allows remote attackers to execute arbitrary code via a crafted .pla file. Date published : 2009-05-15 http://www.securityfocus.com/bid/34861 https://www.exploit-db.com/exploits/8625

Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file. Date published : 2009-05-15 http://www.securityfocus.com/bid/34863 https://www.exploit-db.com/exploits/8624

Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in...