Monthly Archive: September 2009

CVE-2009-3201

Integer overflow in Media Player Classic 6.4.9 allows user-assisted remote attackers to cause a denial of service (application crash) via a MIDI file (.mid) with a malformed header, which triggers a buffer overflow, a...

CVE-2009-3199

Uebimiau Webmail 3.2.0-2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database with usernames and password hashes via a direct request for system_admin/admin.ucf. Date...

CVE-2009-3195

Multiple cross-site scripting (XSS) vulnerabilities in JCE-Tech Auction RSS Content Script 3.0 allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) rss.php and (2) search.php. Date published...

CVE-2009-3193

SQL injection vulnerability in the DigiFolio (com_digifolio) component 1.52 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a project action to index.php. Date published : 2009-09-15 http://www.exploit-db.com/exploits/9534

CVE-2009-3192

Multiple cross-site scripting (XSS) vulnerabilities in index.php in LinkorCMS 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the searchstr parameter in a search action; or the (2)...

CVE-2009-3191

Multiple cross-site scripting (XSS) vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to inject arbitrary web script or HTML via the cat parameter to (1) rss.php and (2) opml.php. Date published : 2009-09-15...

CVE-2009-3190

Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php. Date published : 2009-09-15...