Monthly Archive: September 2009

Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a denial of service (application crash) via a MIDI file (.mid) with a malformed header, which triggers a buffer overflow, a...

Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf. Date...

Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech Affiliate Master Datafeed Parser Script 2.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Date published : 2009-09-15 http://packetstormsecurity.org/0908-exploits/ams-xss.txt http://secunia.com/advisories/36491

Cross-site scripting (XSS) vulnerability in search.php in JCE-Tech PHP Calendars Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. Date published : 2009-09-15 http://packetstormsecurity.org/0908-exploits/phpcalsearch-xss.txt http://secunia.com/advisories/36484

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech PHP Video Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. Date published : 2009-09-15 http://packetstormsecurity.org/0908-exploits/phpvideoyoutube-xss.txt http://secunia.com/advisories/36483

Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php. Date published...

Cross-site scripting (XSS) vulnerability in index.php in JCE-Tech SearchFeed Script allows remote attackers to inject arbitrary web script or HTML via the search parameter. Date published : 2009-09-15 http://packetstormsecurity.org/0908-exploits/searchfeed-xss.txt http://secunia.com/advisories/36482

SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. Date published : 2009-09-15 http://www.exploit-db.com/exploits/9534

Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2)...

Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php. Date published : 2009-09-15...

Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. Date published : 2009-09-15...

Cross-site scripting (XSS) vulnerability in search.php in DigiOz Guestbook 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the search_term parameter. Date published : 2009-09-15 http://packetstormsecurity.org/0908-exploits/digiozgb-xss.txt http://secunia.com/advisories/36489

PHP remote file inclusion vulnerability in save.php in phpSANE 0.5.0 allows remote attackers to execute arbitrary PHP code via a URL in the file_save parameter. Date published : 2009-09-15 http://www.exploit-db.com/exploits/9533 http://secunia.com/advisories/36476

Cross-site scripting (XSS) vulnerability in gamelist.php in Stand Alone Arcade 1.1 allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Date published : 2009-09-15 http://packetstormsecurity.org/0908-exploits/saa-xss.txt http://secunia.com/advisories/36481