Monthly Archive: June 2010

The S2 Security NetBox 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, uses a weak hash algorithm for storing the Administrator password, which makes it easier...

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not require setting a password for the FTP server that stores database...

The S2 Security NetBox, possibly 2.x and 3.x, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, does not properly prevent downloading of database backups, which allows remote attackers to...

The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows...

Multiple cross-site scripting (XSS) vulnerabilities in the RSComments (com_rscomments) component 1.0.0 Rev 2 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) website and (2) name parameters to...

Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action. Date published : 2010-06-25 http://www.securityfocus.com/bid/41071 http://www.jamroom.net/index.php?m=td_tracker&o=view&id=1756

SQL injection vulnerability in withdraw_money.php in Toma Cero OroHYIP allows remote attackers to execute arbitrary SQL commands via the id parameter in a cancel action. Date published : 2010-06-25 http://www.securityfocus.com/bid/40992 http://www.exploit-db.com/exploits/13948

SQL injection vulnerability in storecat.php in JCE-Tech Overstock 1 allows remote attackers to execute arbitrary SQL commands via the store parameter. Date published : 2010-06-25 http://www.securityfocus.com/bid/40990 http://www.exploit-db.com/exploits/13946

SQL injection vulnerability in merchant_product_list.php in JCE-Tech Shareasale Script (SASS) 1 allows remote attackers to execute arbitrary SQL commands via the mechant_id parameter. Date published : 2010-06-25 http://www.securityfocus.com/bid/40993 http://www.exploit-db.com/exploits/13949

SQL injection vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to execute arbitrary SQL commands via the videoid parameter. Date published : 2010-06-25 http://www.securityfocus.com/bid/41022 http://www.exploit-db.com/exploits/13970

Cross-site scripting (XSS) vulnerability in video.php in 2daybiz Video Community Portal Script 1.0 allows remote attackers to inject arbitrary web script or HTML via the videoid parameter. Date published : 2010-06-25 http://www.securityfocus.com/bid/41022 http://www.exploit-db.com/exploits/13970

Cross-site scripting (XSS) vulnerability in index.php in K-Search allows remote attackers to inject arbitrary web script or HTML via the term parameter. Date published : 2010-06-25 http://www.securityfocus.com/bid/41057 http://www.exploit-db.com/exploits/13993

Multiple directory traversal vulnerabilities in index.php in Linker IMG 1.0 and earlier allow remote attackers to read and execute arbitrary local files via a URL in the (1) cook_lan cookie parameter ($lan_dir variable) or...

Opera does not properly manage the address bar between the request to open a URL and the retrieval of the new document’s content, which might allow remote attackers to conduct spoofing attacks via a...