Monthly Archive: February 2005

Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and earlier allows remote attackers to inject arbitrary web script via a URL, which is echoed in a popup window that displays a parsing error message,...

Multiple cross-site scripting vulnerabilities in Image Gallery Web Application 0.9.10 allow remote attackers to inject arbitrary web script or HTML. Date published : 2005-02-12 http://www.securityfocus.com/bid/11990 http://marc.info/?l=bugtraq&m=110323479715051&w=2

The addImage method for admin.class.php in Image Gallery Web Application 0.9.10 does not properly check filenames, which allows remote attackers to upload and execute arbitrary files. Date published : 2005-02-12 http://www.securityfocus.com/bid/11990 http://marc.info/?l=bugtraq&m=110323479715051&w=2

Multiple directory traversal vulnerabilities in singapore Image Gallery Web Application 0.9.10 allow remote attackers to (1) read arbitrary files via the showThumb method for thumb.php, or (2) delete arbitrary files via admin.class.php. Date published...

SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 through 3.1.3 allows remote attackers to inject arbitrary SQL commands via the (1) st or (2) keywords parameter. Date published : 2005-02-12 http://www.securityfocus.com/bid/11982 http://marc.info/?l=bugtraq&m=110321654705580&w=2

MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not properly handle files with two file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. Date published :...

Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime, does not properly handle files with multiple file extensions, such as .php.rar, which allows remote attackers to upload and execute arbitrary code. Date...

PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server...

SQL injection vulnerability in iWebNegar allows remote attackers to execute arbitrary SQL commands via (1) the string parameter for index.php, (2) comments.php, or (3) the administrator login page. Date published : 2005-02-12 http://www.securityfocus.com/bid/11946 http://marc.info/?l=bugtraq&m=110314454810163&w=2

SQL injection vulnerability in verify.asp in Asp-rider allows remote attackers to execute arbitrary SQL statements and bypass authentication via the username parameter. Date published : 2005-02-12 http://www.securityfocus.com/bid/11933 http://marc.info/?l=bugtraq&m=110305802005220&w=2

The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp. Date published : 2005-02-12 http://www.securityfocus.com/bid/11931 http://marc.info/?l=bugtraq&m=110304839629822&w=2

Directory traversal vulnerability in the Attachment module 2.3.10 and earlier for phpBB allows remote attackers to read arbitrary files via a .. (dot dot) in the filename. Date published : 2005-02-12 http://www.securityfocus.com/bid/11893 http://marc.info/?l=bugtraq&m=110304269031484&w=2

Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers...

Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via an argument to wiki.pl. Date published : 2005-02-12 http://www.securityfocus.com/bid/11924 http://marc.info/?l=bugtraq&m=110305173302388&w=2