Monthly Archive: March 2005

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the...

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the...

Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 prevents viruses from being properly detected in certain files such as (1) .CAB or (2) .ZIP files. Date published : 2005-03-07 http://www.bemberg.de/server-side/index.htm http://securitytracker.com/id?1013370

Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when...

Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and...

Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename. Date published : 2005-03-07 http://www.gentoo.org/security/en/glsa/glsa-200503-09.xml http://bugs.gentoo.org/show_bug.cgi?id=83686

SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter. Date published : 2005-03-07 http://www.osvdb.org/14308 http://secunia.com/advisories/14414

Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field. Date published : 2005-03-07 http://www.osvdb.org/14308 http://secunia.com/advisories/14414

SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie. Date published...

Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3. Date published : 2005-03-07 http://securitytracker.com/id?1013349...

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message. Date published : 2005-03-07 http://marc.info/?l=bugtraq&m=110996579900134&w=2 http://neosecurityteam.net/Advisories/Advisory-09.txt

SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter. Date published : 2005-03-07 http://marc.info/?l=bugtraq&m=110987892618892&w=2 http://marc.info/?l=bugtraq&m=110995289619649&w=2

Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a .. (dot dot) in an HTTP...

Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter...