Monthly Archive: October 2012

SimpleXMLRPCServer.py in SimpleXMLRPCServer in Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an XML-RPC...

Cross-site scripting (XSS) vulnerability in admin/OptionsPostsList.php in the TheCartPress plugin for WordPress before 1.1.6 before 2011-12-31 allows remote attackers to inject arbitrary web script or HTML via the tcp_name_post_XXXXX parameter. Date published : 2012-10-04...

Cross-site scripting (XSS) vulnerability in notes.php in Rapidleech before 2.3 rev42 SVN r399 allows remote attackers to inject arbitrary web script or HTML via the notes parameter. Date published : 2012-10-04 http://code.google.com/p/rapidleech/source/detail?r=399 http://code.google.com/p/rapidleech/source/diff?spec=svn399&r=399&format=side&path=/trunk/notes.php

Cross-site scripting (XSS) vulnerability in audl.php in Rapidleech 2.3 rev42 SVN r358, rev43 SVN r397, and earlier allows remote attackers to inject arbitrary web script or HTML via the links parameter. Date published :...

Akiva WebBoard 8.x stores passwords in plaintext, which allows local users to obtain sensitive information by reading from the database. Date published : 2012-10-04 http://www.exploit-db.com/exploits/18293 http://archives.neohapsis.com/archives/fulldisclosure/2011-12/0475.html

SQL injection vulnerability in WB/Default.asp in Akiva WebBoard before 8 SR 1 allows remote attackers to execute arbitrary SQL commands via the name parameter. NOTE: some of these details are obtained from third party...

The default configuration of Cerberus FTP Server before 5.0.4.0 supports the DES cipher for SSH sessions, which makes it easier for remote attackers to obtain sensitive information by sniffing the network and performing a...

SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2012-10-04 http://www.securityfocus.com/bid/51243 http://www.exploit-db.com/exploits/18306

Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp. Date published : 2012-10-04 http://www.securityfocus.com/bid/51252...

Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request. Date published : 2012-10-04 http://www.securityfocus.com/bid/51252...

SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2012-10-04 http://www.securityfocus.com/bid/51252 http://archives.neohapsis.com/archives/bugtraq/2012-01/0010.html

Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approve.asp, (2) delete.asp, (3) edit.asp,...

Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter. Date published : 2012-10-04 http://www.securityfocus.com/bid/51227 http://st2tea.blogspot.com/2012/01/fusetalk-forums-v32-cross-site.html

SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2012-10-04 http://www.securityfocus.com/bid/51240 http://www.exploit-db.com/exploits/18302