Monthly Archive: April 2010

Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection. Date published...

Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors. Date published : 2010-04-06 http://www.securityfocus.com/bid/38541 http://www.webtoolkit.eu/wt/doc/reference/html/Releasenotes.html

PHP remote file inclusion vulnerability in includes/tgpinc.php in Gnat-TGP 1.2.20 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT_ROOT parameter. Date published : 2010-04-06 http://www.securityfocus.com/bid/38522 http://www.exploit-db.com/exploits/11621

SQL injection vulnerability in showplugs.php in smartplugs 1.3 allows remote attackers to execute arbitrary SQL commands via the domain parameter. Date published : 2010-04-06 http://www.securityfocus.com/bid/38529 http://www.exploit-db.com/exploits/11623

SQL injection vulnerability in auktion.php in Multi Auktions Komplett System 2 allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. Date published : 2010-04-06 http://www.securityfocus.com/bid/38793 http://www.exploit-db.com/exploits/11776

SQL injection vulnerability in auktion.php in phpscripte24 Niedrig Gebote Pro Auktions System II allows remote attackers to execute arbitrary SQL commands via the id_auk parameter. Date published : 2010-04-06 http://www.exploit-db.com/exploits/11805 http://4004securityproject.wordpress.com/2010/03/18/phpscripte24-niedrig-gebote-pro-auktions-system-ii-blind-sql-injection-auktion-php/

Directory traversal vulnerability in index.php in justVisual CMS 2.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files directory traversal sequences in the p parameter. NOTE: some of these...

Multiple directory traversal vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to read arbitrary files via directory traversal sequences in the com parameter to (1) cContactus.php, (2) cGuestbook.php, and (3) cArticle.php....

Multiple PHP remote file inclusion vulnerabilities in WebMaid CMS 0.2-6 Beta and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) template, (2) menu, (3) events, and (4)...

SQL injection vulnerability in Adam Corley dcsFlashGames (com_dcs_flashgames) allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php. Date published : 2010-04-06 http://www.securityfocus.com/bid/38981 http://www.exploit-db.com/exploits/11884

Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message. Date published : 2010-04-06 http://www.securityfocus.com/bid/39129 http://www.securityfocus.com/archive/1/510428

fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW. Date published : 2010-04-06 http://www.securityfocus.com/bid/39044 http://www.securityfocus.com/archive/1/516397/100/0/threaded

The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not...

The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload...