Monthly Archive: May 2010

Cross-site scripting (XSS) vulnerability in cPlayer.php in FlashCard 2.6.5 and 3.0.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: some of these details are obtained from third...

Stack-based buffer overflow in the parser function in GhostScript 8.70 and 8.64 allows context-dependent attackers to execute arbitrary code via a crafted PostScript file. Date published : 2010-05-11 http://www.securityfocus.com/bid/40103 http://www.securityfocus.com/archive/1/511243/100/0/threaded

Integer overflow in the load_iface function in Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 might allow context-dependent attackers to execute arbitrary code via a (1) file or (2) socket that provides configuration data...

Cross-site scripting (XSS) vulnerability in the table feature in PmWiki 2.2.15 allows remote authenticated users to inject arbitrary web script or HTML via the width attribute. Date published : 2010-05-11 http://www.securityfocus.com/bid/39994 http://www.securityfocus.com/archive/1/511177/100/0/threaded

Tools/gdomap.c in gdomap in GNUstep Base before 1.20.0 allows local users to read arbitrary files via a (1) -c or (2) -a option, which prints file contents in an error message. Date published :...

The DOCSIS dissector in Wireshark 0.9.6 through 1.0.12 and 1.2.0 through 1.2.7 allows user-assisted remote attackers to cause a denial of service (application crash) via a malformed packet trace file. Date published : 2010-05-11...

Integer overflow in inetcomm.dll in Microsoft Outlook Express 5.5 SP2, 6, and 6 SP1; Windows Live Mail on Windows XP SP2 and SP3, Windows Vista SP1 and SP2, Windows Server 2008 Gold, SP2, and...

VBE6.DLL in Microsoft Office XP SP3, Office 2003 SP3, 2007 Microsoft Office System SP1 and SP2, Visual Basic for Applications (VBA), and VBA SDK 6.3 through 6.5 does not properly search for ActiveX controls...

The MMIO instruction decoder in the Xen hypervisor in the Linux kernel 2.6.18 in Red Hat Enterprise Linux (RHEL) 5 allows guest OS users to cause a denial of service (32-bit guest OS crash)...

Multiple SQL injection vulnerabilities in globepersonnel_login.asp in Logoshows BBS 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields. Date published : 2010-05-10 http://www.exploit-db.com/exploits/9399

SQL injection vulnerability in globepersonnel_forum.asp in Logoshows BBS 2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter. Date published : 2010-05-10 http://www.exploit-db.com/exploits/9389 https://exchange.xforce.ibmcloud.com/vulnerabilities/52330

Multiple SQL injection vulnerabilities in login.php in PHPCityPortal allow remote attackers to execute arbitrary SQL commands via the (1) req_username (aka Username) and (2) req_password (aka Password) parameters. NOTE: some of these details are...

Cross-site scripting (XSS) vulnerability in index.php in Nasim Guest Book 1.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2010-05-10 http://packetstormsecurity.org/0908-exploits/nasimgb-xss.txt http://secunia.com/advisories/36246

Cross-site scripting (XSS) vulnerability in Hitron Soft Answer Me 1.0 allows remote attackers to inject arbitrary web script or HTML via the q_id parameter to the answers script (aka answers.php). NOTE: some of these...