Monthly Archive: January 2010

Stack-based buffer overflow in A2 Media Player Pro 2.51 allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .m3l playlist file. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9377

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Helpdesk 3.x allow remote attackers to inject arbitrary web script or HTML via the category_id parameter to (1) products.php, (2) article.php, (3) product_details.php, or (4) reviews.php; the...

Multiple cross-site scripting (XSS) vulnerabilities in ViArt CMS 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter to forums.php, or the forum_id parameter to (2) forum.php or...

globepersonnel_login.asp in Logoshows BBS 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the (1) pb_username (aka pb%5Fusername) and (2) level cookies. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9400 https://exchange.xforce.ibmcloud.com/vulnerabilities/52366

Logoshows BBS 2.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/globepersonnel.mdb. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9400 https://exchange.xforce.ibmcloud.com/vulnerabilities/52365

Cross-site scripting (XSS) vulnerability in kbase/kbase.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Date published : 2010-01-04 http://www.exploit-db.com/exploits/9396 http://secunia.com/advisories/36209

PHP remote file inclusion vulnerability in index.php in Cromosoft Technologies Facil Helpdesk 2.3 Lite allows remote attackers to execute arbitrary PHP code via a URL in the lng parameter. NOTE: this can also be...

Cross-site scripting (XSS) vulnerability in newticket.php in IsolSoft Support Center 2.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Date published : 2010-01-04 http://www.securityfocus.com/bid/35997 http://www.exploit-db.com/exploits/9397

Multiple PHP remote file inclusion vulnerabilities in IsolSoft Support Center 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the lang parameter to (1) newticket.php or (2) rempass.php, or a...

SQL injection vulnerability in page.php in Mini CMS 1.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2010-01-04 http://www.securityfocus.com/bid/36011 http://www.exploit-db.com/exploits/9406

Cross-site scripting (XSS) vulnerability in main.php in SQLiteManager 1.2.0 allows remote attackers to inject arbitrary web script or HTML via the redirect parameter. Date published : 2010-01-04 http://www.securityfocus.com/bid/36002 http://www.securityfocus.com/archive/1/505636/100/0/threaded