Monthly Archive: July 2010

Cross-site scripting (XSS) vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to inject arbitrary web script or HTML via the artist_id parameter, which is not properly handled in a forced SQL...

SQL injection vulnerability in index.php in RightInPoint Lyrics Script 3.0 allows remote attackers to execute arbitrary SQL commands via the artist_id parameter in an addalbum action. Date published : 2010-07-13 http://www.securityfocus.com/bid/41394 http://www.exploit-db.com/exploits/14244

SQL injection vulnerability in list.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third...

SQL injection vulnerability in show.php in phpaaCms 0.3.1 UTF-8, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2010-07-13 http://www.securityfocus.com/bid/41341 http://www.exploit-db.com/exploits/14199

Multiple cross-site scripting (XSS) vulnerabilities in CruxSoftware CruxPA 2.00, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) txtusername parameter to login.php, (2) todo parameter to newtodo.php,...

Cross-site scripting (XSS) vulnerability in manager/login.php in CruxSoftware CruxCMS 3.0, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the txtusername parameter. Date published : 2010-07-13 http://www.securityfocus.com/archive/1/512245/100/0/threaded http://www.htbridge.ch/advisory/xss_vulnerability_in_cruxcms_1.html

Multiple SQL injection vulnerabilities in PsNews 1.3 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) ndetail.php and (2) print.php. Date published : 2010-07-13 http://www.securityfocus.com/bid/41410 http://www.exploit-db.com/exploits/14251

Cross-site scripting (XSS) vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to inject arbitrary web script or HTML via the album parameter. Date published : 2010-07-13 http://www.securityfocus.com/bid/41382 http://www.exploit-db.com/exploits/14203

SQL injection vulnerability in photos/index.php in TCW PHP Album 1.0 allows remote attackers to execute arbitrary SQL commands via the album parameter. Date published : 2010-07-13 http://www.securityfocus.com/bid/41382 http://www.exploit-db.com/exploits/14203

FreeBSD 7.1 through 8.1-PRERELEASE does not copy the read-only flag when creating a duplicate mbuf buffer reference, which allows local users to cause a denial of service (system file corruption) and gain privileges via...

Multiple buffer overflows in ha.c in the mipv6 daemon in UMIP 0.4 allow remote attackers to have an unspecified impact via a crafted (1) ND_OPT_PREFIX_INFORMATION or (2) ND_OPT_HOME_AGENT_INFO packet. Date published : 2010-07-13 http://www.securityfocus.com/bid/41522...

The mipv6 daemon in UMIP 0.4 does not verify that netlink messages originated in the kernel, which allows local users to spoof netlink socket communication via a crafted unicast message. Date published : 2010-07-13...

Unspecified vulnerability in the PeopleSoft Enterprise Campus Solutions component in Oracle PeopleSoft and JDEdwards Suite Campus Solutions 9.0 Bundle #17 allows remote authenticated users to affect confidentiality via unknown vectors. Date published : 2010-07-13...

Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft and JDEdwards Suite 8.49.27 allows remote authenticated users to affect confidentiality and integrity via unknown vectors. Date published : 2010-07-13 http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html