http://www.security-database.com/ Security-Database.com is a free web service solution that offer real-time vulnerabilities alerts and notifications. en-us Fri, 10 Jul 09 10:21:56 +0200 http://feeds.security-database.com/~r/Last100Alerts/~3/5cNZYajZiIw/detail.php Problem Description: Updated httpd packages that fix two security issues are now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/5cNZYajZiIw" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=RHSA-2009:1148-01 http://feeds.security-database.com/~r/Last100Alerts/~3/JMDLGzeetiU/detail.php Problem Description: Multiple vulnerabilities has been found and corrected in apache: The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/JMDLGzeetiU" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=MDVSA-2009:149 http://feeds.security-database.com/~r/Last100Alerts/~3/6vIVn5Oof1s/detail.php The CFCharacterSetInitInlineBuffer method in CoreFoundation.dll in Apple Safari 3.2.3 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) or...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/6vIVn5Oof1s" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2421 http://feeds.security-database.com/~r/Last100Alerts/~3/E8juu5oqt4c/detail.php Apple Safari 3.2.3 does not properly implement the file: protocol handler, which allows remote attackers to read arbitrary files or cause a denial of service (launch of multiple Windows Explorer...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/E8juu5oqt4c" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2420 http://feeds.security-database.com/~r/Last100Alerts/~3/ha8o5ZmHoj4/detail.php Use-after-free vulnerability in the servePendingRequests function in WebCore in WebKit in Apple Safari 4.0 and 4.0.1 allows remote attackers to cause a denial of service (application crash) or...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/ha8o5ZmHoj4" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2419 http://feeds.security-database.com/~r/Last100Alerts/~3/Q02qmfsfuBc/detail.php Heap-based buffer overflow in SCMPX 1.5.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a .m3u playlist file.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/Q02qmfsfuBc" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2403 http://feeds.security-database.com/~r/Last100Alerts/~3/4widTQHRVvU/detail.php SQL injection vulnerability in index.php in the forum module in PHPEcho CMS 2.0-rc3 allows remote attackers to execute arbitrary SQL commands via the id parameter in a thread action, a different...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/4widTQHRVvU" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2402 http://feeds.security-database.com/~r/Last100Alerts/~3/DQqx6suINZU/detail.php Cross-site scripting (XSS) vulnerability in PHPEcho CMS 2.0-rc3 allows remote attackers to inject arbitrary web script or HTML via a forum post.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/DQqx6suINZU" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2401 http://feeds.security-database.com/~r/Last100Alerts/~3/7jdKnBF7Svo/detail.php SQL injection vulnerability in the PHP (com_php) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/7jdKnBF7Svo" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2400 http://feeds.security-database.com/~r/Last100Alerts/~3/TUzVPLogw2Q/detail.php PHP remote file inclusion vulnerability in dm-albums/template/album.php in DM FileManager 3.9.4, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/TUzVPLogw2Q" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2399 http://feeds.security-database.com/~r/Last100Alerts/~3/q8ouJtv4kvs/detail.php Directory traversal vulnerability in test/index.php in PHP-Sugar 0.80 allows remote attackers to read arbitrary files via a ..// (dot dot slash slash) in the t parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/q8ouJtv4kvs" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2398 http://feeds.security-database.com/~r/Last100Alerts/~3/NHdeh1ohOuc/detail.php Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/NHdeh1ohOuc" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2397 http://feeds.security-database.com/~r/Last100Alerts/~3/IqZpGExSDFo/detail.php PHP remote file inclusion vulnerability in template/album.php in DM Albums 1.9.2, as used standalone or as a WordPress plugin, allows remote attackers to execute arbitrary PHP code via a URL in the...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/IqZpGExSDFo" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2396 http://feeds.security-database.com/~r/Last100Alerts/~3/jpHuQtQ4N38/detail.php SQL injection vulnerability in the K2 (com_k2) component 1.0.1 Beta and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the category parameter in an itemlist...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/jpHuQtQ4N38" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2395 http://feeds.security-database.com/~r/Last100Alerts/~3/xPPdGb5o1Sc/detail.php SQL injection vulnerability in cat.php in SMSPages 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) 2.0 allows remote attackers to execute arbitrary SQL commands via the CatID parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/xPPdGb5o1Sc" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2394 http://feeds.security-database.com/~r/Last100Alerts/~3/vDNWFkuf8dk/detail.php admin/index.php in Virtuenetz Virtue Online Test Generator does not require administrative privileges, which allows remote authenticated users to have an unknown impact via unspecified vectors.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/vDNWFkuf8dk" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2393 http://feeds.security-database.com/~r/Last100Alerts/~3/z1VsVxLTpUw/detail.php SQL injection vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to execute arbitrary SQL commands via the tid parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/z1VsVxLTpUw" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2392 http://feeds.security-database.com/~r/Last100Alerts/~3/OoElT_zL_R0/detail.php Cross-site scripting (XSS) vulnerability in text.php in Virtuenetz Virtue Online Test Generator allows remote attackers to inject arbitrary web script or HTML via the tid parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/OoElT_zL_R0" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2391 http://feeds.security-database.com/~r/Last100Alerts/~3/oOW4fgt7ppM/detail.php SQL injection vulnerability in the BookFlip (com_bookflip) component 2.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter to index.php.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/oOW4fgt7ppM" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2390 http://feeds.security-database.com/~r/Last100Alerts/~3/InyI1NF3x0o/detail.php Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/InyI1NF3x0o" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2389 http://feeds.security-database.com/~r/Last100Alerts/~3/m5sTFEoJOI8/detail.php SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/m5sTFEoJOI8" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2388 http://feeds.security-database.com/~r/Last100Alerts/~3/USvoJoULJCc/detail.php Unspecified vulnerability in the proc filesystem in Sun OpenSolaris snv_49 through snv_109 allows local users to cause a denial of service (deadlock and panic) via unknown vectors, related to the...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/USvoJoULJCc" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2387 http://feeds.security-database.com/~r/Last100Alerts/~3/Dh8WAVGEG4Q/detail.php WebKit in Apple Safari before 4.0.2 does not properly handle numeric character references, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/Dh8WAVGEG4Q" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-1725 http://feeds.security-database.com/~r/Last100Alerts/~3/OgewxDzh2b4/detail.php Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2 allows remote attackers to inject arbitrary web script or HTML via vectors related to parent and top objects.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/OgewxDzh2b4" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-1724 http://feeds.security-database.com/~r/Last100Alerts/~3/gTTx5YAu-14/detail.php Untrusted search path vulnerability in Agent/Backend.pm in Ocsinventory-Agent before 0.0.9.3, and 1.x before 1.0.1, in OCS Inventory allows local users to gain privileges via a Trojan horse Perl...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/gTTx5YAu-14" height="1" width="1"/> Thu, 09 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-0667 http://feeds.security-database.com/~r/Last100Alerts/~3/DbesooCNXDg/detail.php Problem Description: Multiple vulnerabilities has been found and corrected in apache: Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/DbesooCNXDg" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=MDVSA-2009:124-1 http://feeds.security-database.com/~r/Last100Alerts/~3/4imYoDla8TU/detail.php SQL injection vulnerability in the awardsMembers function in Sources/Profile.php in the Member Awards component 1.0.2 for Simple Machines Forum (SMF) allows remote attackers to execute arbitrary...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/4imYoDla8TU" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2385 http://feeds.security-database.com/~r/Last100Alerts/~3/zOTctioam0I/detail.php Buffer overflow in amp.exe in Brothersoft PEamp 1.02b allows user-assisted remote attackers to execute arbitrary code via a long string in a .m3u playlist file. NOTE: some of these details are...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/zOTctioam0I" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2384 http://feeds.security-database.com/~r/Last100Alerts/~3/daEIzxpu-GE/detail.php SQL injection vulnerability in BTE_RW_webajax.php in the Related Sites plugin 2.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the guid parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/daEIzxpu-GE" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2383 http://feeds.security-database.com/~r/Last100Alerts/~3/8ePOlWsvYhY/detail.php admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/8ePOlWsvYhY" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2382 http://feeds.security-database.com/~r/Last100Alerts/~3/F1bpmhYmnxo/detail.php Gizmo 3.1.0.79 on Linux does not verify a server&#039;s SSL certificate, which allows remote servers to obtain the credentials of arbitrary users via a spoofed certificate.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/F1bpmhYmnxo" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2381 http://feeds.security-database.com/~r/Last100Alerts/~3/y12Yv0eSxrY/detail.php Cross-site scripting (XSS) vulnerability in includes/functions.php in 4images 1.7 through 1.7.7 allows remote attackers to inject arbitrary web script or HTML via vectors related to the url variable.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/y12Yv0eSxrY" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2380 http://feeds.security-database.com/~r/Last100Alerts/~3/Bqa_tWtq4zU/detail.php Directory traversal vulnerability in public/index.php in BIGACE Web CMS 2.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the cmd parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/Bqa_tWtq4zU" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2379 http://feeds.security-database.com/~r/Last100Alerts/~3/s4GZDHDeSsI/detail.php PHP remote file inclusion vulnerability in formmailer.admin.inc.php in Jax FormMailer 3.0.0 allows remote attackers to execute arbitrary PHP code via a URL in the BASE_DIR[jax_formmailer] parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/s4GZDHDeSsI" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2378 http://feeds.security-database.com/~r/Last100Alerts/~3/USsgbs4by9g/detail.php Buffer overflow in the Avax Vector ActiveX control in avPreview.ocx in AVAX-software Avax Vector ActiveX 1.3 allows remote attackers to cause a denial of service (application crash) via a long...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/USsgbs4by9g" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2377 http://feeds.security-database.com/~r/Last100Alerts/~3/nuZnJujnwPc/detail.php Cross-site scripting (XSS) vulnerability in the Html::textarea function in application/libraries/Html.php in TangoCMS 2.x before 2.3.0 allows remote attackers to inject arbitrary web script or HTML...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/nuZnJujnwPc" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2376 http://feeds.security-database.com/~r/Last100Alerts/~3/ynF01LGRdiU/detail.php Stack-based buffer overflow in Photo DVD Maker 8.02, and possibly earlier versions, allows remote attackers to execute arbitrary code via a long File_Name parameter in a .pdm file. NOTE: some of...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/ynF01LGRdiU" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2375 http://feeds.security-database.com/~r/Last100Alerts/~3/hgMNwoOSNow/detail.php Drupal 5.x before 5.19 and 6.x before 6.13 does not properly sanitize failed login attempts for pages that contain a sortable table, which includes the username and password in links that can be...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/hgMNwoOSNow" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2374 http://feeds.security-database.com/~r/Last100Alerts/~3/eSPckGbDrpY/detail.php Cross-site scripting (XSS) vulnerability in the Forum module in Drupal 6.x before 6.13 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/eSPckGbDrpY" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2373 http://feeds.security-database.com/~r/Last100Alerts/~3/j0KzEGOYsJ8/detail.php Drupal 6.x before 6.13 does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled input format, which allows remote...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/j0KzEGOYsJ8" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2372 http://feeds.security-database.com/~r/Last100Alerts/~3/tZ_sttbDK_c/detail.php Advanced Forum 6.x before 6.x-1.1, a module for Drupal, does not prevent users from modifying user signatures after the associated comment format has been changed to an administrator-controlled...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/tZ_sttbDK_c" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2371 http://feeds.security-database.com/~r/Last100Alerts/~3/JvNcI6SVEmg/detail.php Cross-site scripting (XSS) vulnerability in Advanced Forum 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/JvNcI6SVEmg" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2370 http://feeds.security-database.com/~r/Last100Alerts/~3/M904E3-oZaQ/detail.php Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/M904E3-oZaQ" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2369 http://feeds.security-database.com/~r/Last100Alerts/~3/s1sV2EOrVNA/detail.php Unspecified vulnerability in Socks Server 5 before 3.7.8-8 has unknown impact and attack vectors.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/s1sV2EOrVNA" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2368 http://feeds.security-database.com/~r/Last100Alerts/~3/KVAPvJUjrCM/detail.php cgi-bin/makecgi-pro in Iomega StorCenter Pro generates predictable session IDs, which allows remote attackers to hijack active sessions and gain privileges via brute force guessing attacks on the...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/KVAPvJUjrCM" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2367 http://feeds.security-database.com/~r/Last100Alerts/~3/ba17fkJcp08/detail.php SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/ba17fkJcp08" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2366 http://feeds.security-database.com/~r/Last100Alerts/~3/mscoIKPOCz0/detail.php SQL injection vulnerability in login.asp in DataCheck Solutions GalleryPal FE 1.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: the provenance of this...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/mscoIKPOCz0" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2365 http://feeds.security-database.com/~r/Last100Alerts/~3/ghin4PaHq_U/detail.php Stack-based buffer overflow in Mp3-Nator 2.0 allows remote attackers to execute arbitrary code via a long string in a .plf file, possibly related to a track entry.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/ghin4PaHq_U" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2364 http://feeds.security-database.com/~r/Last100Alerts/~3/t4Duh9nLAUk/detail.php Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.00.215 allows remote attackers to execute arbitrary code via a .pls playlist file with a playlist entry containing a long File1 argument.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/t4Duh9nLAUk" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2363 http://feeds.security-database.com/~r/Last100Alerts/~3/8Ve-HEpc9TI/detail.php Stack-based buffer overflow in KUDRSOFT AudioPLUS 2.0.0.215 allows remote attackers to execute arbitrary code via a long string in a (1) .lst or (2) .m3u playlist file.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/8Ve-HEpc9TI" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2362 http://feeds.security-database.com/~r/Last100Alerts/~3/zjF5Q_KNplg/detail.php SQL injection vulnerability in include/class.staff.php in osTicket before 1.6 RC5 allows remote attackers to execute arbitrary SQL commands via the staff username parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/zjF5Q_KNplg" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2361 http://feeds.security-database.com/~r/Last100Alerts/~3/XZQppJlWM_E/detail.php Cross-site scripting (XSS) vulnerability in passwd/main.php in the Passwd module before 3.1.1 for Horde allows remote attackers to inject arbitrary web script or HTML via the backend parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/XZQppJlWM_E" height="1" width="1"/> Wed, 08 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2360 http://feeds.security-database.com/~r/Last100Alerts/~3/ESZSn_Q6oME/detail.php Problem Description: Some vulnerabilities were discovered and corrected in the Linux 2.6 kernel: Buffer overflow in the RTL8169 NIC driver (drivers/net/r8169.c) in the Linux kernel...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/ESZSn_Q6oME" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=MDVSA-2009:148 http://feeds.security-database.com/~r/Last100Alerts/~3/lxwkMFB7p7s/detail.php It was discovered that the ocsinventory-agent which is part of theocsinventory suite, a hardware and software configuration indexing service,is prone to an insecure perl module search path. As the...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/lxwkMFB7p7s" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=DSA-1828 http://feeds.security-database.com/~r/Last100Alerts/~3/EBZoKhMvKYA/detail.php Multiple SQL injection vulnerabilities in TekRADIUS 3.0 allow context-dependent attackers to execute arbitrary SQL commands via (1) the GUI client, as demonstrated by input to the Browse Users text...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/EBZoKhMvKYA" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2359 http://feeds.security-database.com/~r/Last100Alerts/~3/omuB81uBNio/detail.php TekRADIUS 3.0 uses BUILTINUsers:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/omuB81uBNio" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2358 http://feeds.security-database.com/~r/Last100Alerts/~3/0wiaHH6U4x0/detail.php The default configuration of TekRADIUS 3.0 uses the sa account to communicate with Microsoft SQL Server, which makes it easier for remote attackers to obtain privileged access to the database and...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/0wiaHH6U4x0" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2357 http://feeds.security-database.com/~r/Last100Alerts/~3/yneQcHKi0_s/detail.php Multiple stack-based buffer overflows in the pgsqlQuery function in NullLogic Groupware 1.2.7, when PostgreSQL is used, might allow remote attackers to execute arbitrary code via input to the (1)...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/yneQcHKi0_s" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2356 http://feeds.security-database.com/~r/Last100Alerts/~3/GqA8ZdCM3pQ/detail.php The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/GqA8ZdCM3pQ" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2355 http://feeds.security-database.com/~r/Last100Alerts/~3/DIrOmEQI9fY/detail.php SQL injection vulnerability in the auth_checkpass function in the login page in NullLogic Groupware 1.2.7 allows remote attackers to execute arbitrary SQL commands via the username parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/DIrOmEQI9fY" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2354 http://feeds.security-database.com/~r/Last100Alerts/~3/rewKngwbUr8/detail.php encoder.php in eAccelerator allows remote attackers to execute arbitrary code by copying a local executable file to a location under the web root via the -o option, and then making a direct request...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/rewKngwbUr8" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2353 http://feeds.security-database.com/~r/Last100Alerts/~3/qOEcnKrlV3k/detail.php Google Chrome 1.0.154.48 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/qOEcnKrlV3k" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2352 http://feeds.security-database.com/~r/Last100Alerts/~3/KvDTUHeRbGc/detail.php Opera 9.52 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1)...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/KvDTUHeRbGc" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2351 http://feeds.security-database.com/~r/Last100Alerts/~3/z4I6gukoS6k/detail.php Microsoft Internet Explorer 6.0.2900.2180 and earlier does not block javascript: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS)...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/z4I6gukoS6k" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2350 http://feeds.security-database.com/~r/Last100Alerts/~3/-cMiBjuS2lw/detail.php Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/-cMiBjuS2lw" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2345 http://feeds.security-database.com/~r/Last100Alerts/~3/A7jOx6R6FOk/detail.php The web-based management interfaces in Sourcefire Defense Center (DC) and 3D Sensor before 4.8.2 allow remote authenticated users to gain privileges via a $admin value for the admin parameter in an...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/A7jOx6R6FOk" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2344 http://feeds.security-database.com/~r/Last100Alerts/~3/YrFVCnc66jw/detail.php Cross-site scripting (XSS) vulnerability in people.php in Zoph before 0.7.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: some of these details...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/YrFVCnc66jw" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2343 http://feeds.security-database.com/~r/Last100Alerts/~3/AOxr3I6bo4k/detail.php Cross-site scripting (XSS) vulnerability in admin.php (aka the login page) in Content Management Made Easy (CMME) before 1.22 allows remote attackers to inject arbitrary web script or HTML via the...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/AOxr3I6bo4k" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2342 http://feeds.security-database.com/~r/Last100Alerts/~3/S5RACiRYNU0/detail.php SQL injection vulnerability in albumdetail.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the albumid parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/S5RACiRYNU0" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2341 http://feeds.security-database.com/~r/Last100Alerts/~3/NRZ6vcv2E2I/detail.php SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtUserName (aka User Name) parameter. NOTE: some of these details are...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/NRZ6vcv2E2I" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2340 http://feeds.security-database.com/~r/Last100Alerts/~3/H1qO0oC-GI0/detail.php SQL injection vulnerability in index.php in Rentventory allows remote attackers to execute arbitrary SQL commands via the product parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/H1qO0oC-GI0" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2339 http://feeds.security-database.com/~r/Last100Alerts/~3/hx0-D8ppun0/detail.php Directory traversal vulnerability in includes/startmodules.inc.php in FreeWebshop.org 2.2.9 R2, when register_globals is enabled, allows remote attackers to include and execute arbitrary local...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/hx0-D8ppun0" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2338 http://feeds.security-database.com/~r/Last100Alerts/~3/6S6Kn8yMK9s/detail.php SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/6S6Kn8yMK9s" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2337 http://feeds.security-database.com/~r/Last100Alerts/~3/BuZwg7ODC1I/detail.php SQL injection vulnerability in modules/poll/index.php in AIST NetCat 3.0 and 3.12 allows remote attackers to execute arbitrary SQL commands via the PollID parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/BuZwg7ODC1I" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-6853 http://feeds.security-database.com/~r/Last100Alerts/~3/Ate1KWnlUAg/detail.php SQL injection vulnerability in the Ice Gallery (com_ice) component 0.5 beta 2 for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/Ate1KWnlUAg" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-6852 http://feeds.security-database.com/~r/Last100Alerts/~3/oCDi8VjvAgM/detail.php SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/oCDi8VjvAgM" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-6851 http://feeds.security-database.com/~r/Last100Alerts/~3/58xlWA-Kq_o/detail.php Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/58xlWA-Kq_o" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-6850 http://feeds.security-database.com/~r/Last100Alerts/~3/yo9jNHXLZCY/detail.php Unrestricted file upload vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/yo9jNHXLZCY" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-6849 http://feeds.security-database.com/~r/Last100Alerts/~3/md-VN--OpXs/detail.php Cross-site scripting (XSS) vulnerability in index.php in phpGreetCards 3.7 allows remote attackers to inject arbitrary web script or HTML via the category parameter in a select action.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/md-VN--OpXs" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-6848 http://feeds.security-database.com/~r/Last100Alerts/~3/JE0dIn2RW50/detail.php Unspecified vulnerability in the Microsoft Video ActiveX control in msvidctl.dll allows remote attackers to execute arbitrary code via unknown vectors that trigger memory corruption, a different...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/JE0dIn2RW50" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-0020 http://feeds.security-database.com/~r/Last100Alerts/~3/TNnKooSaZ0E/detail.php Stack-based buffer overflow in MPEG2TuneRequest in the Microsoft Video ActiveX control in msvidctl.dll in Microsoft DirectShow in Windows 2000, XP, and Server 2003 allows remote attackers to...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/TNnKooSaZ0E" height="1" width="1"/> Tue, 07 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2008-0015 http://feeds.security-database.com/~r/Last100Alerts/~3/W7GOExOeYRQ/detail.php &lt;div id=&quot;vu&quot; class=&quot;vu&quot; style=&quot;clear:both;&quot;&gt;&lt;H1&gt;Vulnerability Note VU#180513&lt;/H1&gt;&lt;H2&gt;Microsoft Video ActiveX control stack buffer...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/W7GOExOeYRQ" height="1" width="1"/> Mon, 06 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=VU#180513 http://feeds.security-database.com/~r/Last100Alerts/~3/OcNeHaTqzAI/detail.php A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu,...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/OcNeHaTqzAI" height="1" width="1"/> Mon, 06 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=USN-797-1 http://feeds.security-database.com/~r/Last100Alerts/~3/64OHEfUkCeo/detail.php A security issue affects the following Ubuntu releases: Ubuntu 8.04 LTS Ubuntu 8.10 Ubuntu 9.04 This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu....<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/64OHEfUkCeo" height="1" width="1"/> Mon, 06 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=USN-796-1 http://feeds.security-database.com/~r/Last100Alerts/~3/4DkFRZKAz0c/detail.php &lt;div class=&quot;product&quot;&gt;&lt;b&gt;Product:&lt;/b&gt; OpenSolaris&lt;/div&gt;&lt;p&gt;A security vulnerability in the OpenSolaris process file system (proc(4)) may allow a...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/4DkFRZKAz0c" height="1" width="1"/> Mon, 06 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=SUN-258888 http://feeds.security-database.com/~r/Last100Alerts/~3/vZZer6Sh0Ds/detail.php It was discovered that ipplan, a web-based IP address manager andtracker, does not sufficiently escape certain input parameters, whichallows remote attackers to conduct cross-site scripting...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/vZZer6Sh0Ds" height="1" width="1"/> Mon, 06 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=DSA-1827 http://feeds.security-database.com/~r/Last100Alerts/~3/TN0wuxW5_dk/detail.php Multiple directory traversal vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in (1) the menu parameter to...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/TN0wuxW5_dk" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2333 http://feeds.security-database.com/~r/Last100Alerts/~3/ihsQlx5_TFw/detail.php CMS Chainuk 1.2 and earlier allows remote attackers to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/ihsQlx5_TFw" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2332 http://feeds.security-database.com/~r/Last100Alerts/~3/tcO2gLTCnRQ/detail.php Multiple static code injection vulnerabilities in CMS Chainuk 1.2 and earlier allow remote attackers to inject arbitrary PHP code (1) into settings.php via the menu parameter to admin_settings.php...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/tcO2gLTCnRQ" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2331 http://feeds.security-database.com/~r/Last100Alerts/~3/BT3fEcOdYo8/detail.php Cross-site scripting (XSS) vulnerability in admin/admin_menu.php in CMS Chainuk 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the menu parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/BT3fEcOdYo8" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2330 http://feeds.security-database.com/~r/Last100Alerts/~3/1JGCfprXLVU/detail.php KerviNet Forum 1.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) admin/head.php, or (2) voting_diagram.php, (3) voting.php, (4) topics_search.php,...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/1JGCfprXLVU" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2329 http://feeds.security-database.com/~r/Last100Alerts/~3/IbACjXHOyNo/detail.php admin/edit_user.php in KerviNet Forum 1.1 and earlier does not require administrative authentication, which allows remote attackers to delete arbitrary accounts and conduct SQL injection attacks...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/IbACjXHOyNo" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2328 http://feeds.security-database.com/~r/Last100Alerts/~3/16F2vU4p2vQ/detail.php Cross-site scripting (XSS) vulnerability in add_voting.php in KerviNet Forum 1.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the v_variant1 parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/16F2vU4p2vQ" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2327 http://feeds.security-database.com/~r/Last100Alerts/~3/zEz1uEoUwvU/detail.php Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2)...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/zEz1uEoUwvU" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2326 http://feeds.security-database.com/~r/Last100Alerts/~3/m1rdSFBiaGs/detail.php Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/m1rdSFBiaGs" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2325 http://feeds.security-database.com/~r/Last100Alerts/~3/-Ube2ERmI2o/detail.php Multiple cross-site scripting (XSS) vulnerabilities in FCKeditor before 2.6.4.1 allow remote attackers to inject arbitrary web script or HTML via components in the samples (aka _samples) directory.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/-Ube2ERmI2o" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2324 http://feeds.security-database.com/~r/Last100Alerts/~3/LpicdLch7gg/detail.php The web interface on the Axesstel MV 410R redirects users back to the referring page after execution of some CGI scripts, which makes it easier for remote attackers to avoid detection of cross-site...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/LpicdLch7gg" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2323 http://feeds.security-database.com/~r/Last100Alerts/~3/eFrHQwgvv30/detail.php Cross-site scripting (XSS) vulnerability in cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/eFrHQwgvv30" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2322 http://feeds.security-database.com/~r/Last100Alerts/~3/-pg4QJCLl6U/detail.php cgi-bin/sysconf.cgi on the Axesstel MV 410R allows remote attackers to cause a denial of service (configuration reset) via a RESTORE=RESTORE query string.<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/-pg4QJCLl6U" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2321 http://feeds.security-database.com/~r/Last100Alerts/~3/sKLcRAw_WLE/detail.php The web interface on the Axesstel MV 410R relies on client-side JavaScript code to validate input, which allows remote attackers to send crafted data, and possibly have unspecified other impact,...<img src="http://feeds.feedburner.com/~r/Last100Alerts/~4/sKLcRAw_WLE" height="1" width="1"/> Sun, 05 Jul 2009 00:00:00 +0200 http://www.security-database.com/detail.php?alert=CVE-2009-2320