Monthly Archive: May 2010

Buffer overflow in Tuniac 090517c allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long URL in a .m3u playlist file. Date published : 2010-05-10...

Cross-site scripting (XSS) vulnerability in search.cgi in Matt’s Script Archive (MSA) Simple Search 1.0 allows remote attackers to inject arbitrary web script or HTML via the terms parameter. NOTE: some of these details are...

Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE:...

Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some...

Stack-based buffer overflow in UltraPlayer Media Player 2.112 allows remote attackers to execute arbitrary code via a long string in a .usk file. Date published : 2010-05-10 http://www.securityfocus.com/bid/35956 http://www.exploit-db.com/exploits/9368

Multiple SQL injection vulnerabilities in Alwasel 1.5 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) show.php and (2) xml.php. Date published : 2010-05-10 http://www.exploit-db.com/exploits/9384 https://exchange.xforce.ibmcloud.com/vulnerabilities/52326

Cross-site scripting (XSS) vulnerability in shownews.php in SupportPRO SupportDesk 3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. Date published : 2010-05-10 http://packetstormsecurity.org/0908-exploits/supportpro-xss.txt http://secunia.com/advisories/36242

SQL injection vulnerability in demo.php in Typing Pal 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the idTableProduit parameter. Date published : 2010-05-10 http://www.exploit-db.com/exploits/9390

Multiple cross-site scripting (XSS) vulnerabilities in Online Work Order Suite (OWOS) Lite Edition 3.10 allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) default.asp and (2) report.asp,...

Cross-site scripting (XSS) vulnerability in questiondetail.php in Yahoo Answers Clone allows remote attackers to inject arbitrary web script or HTML via the questionid parameter. Date published : 2010-05-10 http://packetstormsecurity.org/0908-exploits/yac-xss.txt http://secunia.com/advisories/36239

Cross-site scripting (XSS) vulnerability in login.php in PHP Photo Vote 1.3F allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2010-05-10 http://packetstormsecurity.org/0908-exploits/ppv-xss.txt http://osvdb.org/56828

Cross-site scripting (XSS) vulnerability in subitems.php in PHP Easy Shopping Cart 3.1R allows remote attackers to inject arbitrary web script or HTML via the name parameter. Date published : 2010-05-10 http://packetstormsecurity.org/0908-exploits/pesc-xss.txt http://osvdb.org/56835

** DISPUTED ** SQL injection vulnerability in index.php in TYPO3 4.0 allows remote attackers to execute arbitrary SQL commands via the showUid parameter. NOTE: the TYPO3 Security Team disputes this report, stating that "there...

addons/import.php in TalkBack 2.3.14 allows remote attackers to execute arbitrary commands via the result parameter. Date published : 2010-05-07 http://www.securityfocus.com/bid/35619 http://www.exploit-db.com/exploits/9095