Monthly Archive: May 2009

Stack-based buffer overflow in Streaming Download Project (SDP) Downloader 2.3.0 allows remote attackers to execute arbitrary code via a long .asf URL in the HREF attribute of a REF element in a .asx file....

SQL injection vulnerability in public/specific.php in EZ-Blog before Beta 2 20090427, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the category parameter. Date published : 2009-05-12 http://www.securityfocus.com/bid/34729 http://sourceforge.net/project/shownotes.php?release_id=678562&group_id=243152

Directory traversal vulnerability in index.php in Thickbox Gallery 2 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ln parameter. Date published : 2009-05-12 http://www.securityfocus.com/bid/34741 https://www.exploit-db.com/exploits/8546

Directory traversal vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the show parameter. Date published : 2009-05-12 http://www.securityfocus.com/bid/34732 https://www.exploit-db.com/exploits/8545

Cross-site scripting (XSS) vulnerability in index.php in Dew-NewPHPLinks 2.0 allows remote attackers to inject arbitrary web script or HTML via the PID parameter. Date published : 2009-05-12 http://www.securityfocus.com/bid/34732 https://www.exploit-db.com/exploits/8545

SQL injection vulnerability in user.php in EcShop 2.5.0 allows remote attackers to execute arbitrary SQL commands via the order_sn parameter in an order_query action. Date published : 2009-05-12 http://www.securityfocus.com/bid/34733 https://www.exploit-db.com/exploits/8548

Directory traversal vulnerability in index.php in OpenCart 1.1.8 allows remote attackers to read arbitrary files via a .. (dot dot) in the route parameter. Date published : 2009-05-12 http://www.securityfocus.com/bid/34724 http://www.securityfocus.com/archive/1/532233/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in input.php in MataChat allow remote attackers to inject arbitrary web script or HTML via the (1) nickname and (2) color parameters. Date published : 2009-05-12 http://www.securityfocus.com/bid/34722 http://www.securityfocus.com/archive/1/503014/100/0/threaded

Teraway FileStream 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the twFSadmin cookie to 1. Date published : 2009-05-12 http://www.securityfocus.com/bid/34735 https://www.exploit-db.com/exploits/8551

Teraway LiveHelp 2.0 allows remote attackers to bypass authentication and gain administrative access via a pwd=&lvl=1&usr=&alias=admin&userid=1 value for the TWLHadmin cookie. Date published : 2009-05-12 http://www.securityfocus.com/bid/34735 https://www.exploit-db.com/exploits/8552

Teraway LinkTracker 1.0 allows remote attackers to bypass authentication and gain administrative access via a userid=1&lvl=1 value for the twLTadmin cookie. Date published : 2009-05-12 http://www.securityfocus.com/bid/34735 https://www.exploit-db.com/exploits/8550

Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 4.0 native file format, leading to...

Multiple stack-based buffer overflows in Microsoft Office PowerPoint 2000 SP3 allow remote attackers to execute arbitrary code via a large amount of data associated with unspecified atoms in a PowerPoint file that triggers memory...

Heap-based buffer overflow in Microsoft Office PowerPoint 2002 SP3 and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a crafted structure in a Notes...