Monthly Archive: May 2005

Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin Board (OpenBB) 1.0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) redirect parameter to member.php, (2) to parameter to...

Cross-site scripting (XSS) vulnerability in nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to inject arbitrary web script or HTML via the portNum parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10205 http://marc.info/?l=bugtraq&m=108276405108267&w=2

nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obtain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. Date published : 2005-05-10...

SQL injection vulnerability in index.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection filters by using "/**/" sequences in the targeted fields. Date published : 2005-05-10 http://www.securityfocus.com/bid/10206 http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0

blocker.php in Protector System 1.15b1 allows remote attackers to bypass SQL injection protection and execute limited SQL commands via URL-encoded "’" characters ("%27"). Date published : 2005-05-10 http://www.securityfocus.com/bid/10206 http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0

Cross-site scripting (XSS) vulnerability in blocker_query.php in Protector System 1.15b1 allows remote attackers to inject arbitrary web script or HTML via the (1) target or (2) portNum parameters. Date published : 2005-05-10 http://www.securityfocus.com/bid/10206 http://www.securityfocus.com/archive/1/361300/2004-04-21/2004-04-27/0

blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message. Date published : 2005-05-10...

Directory traversal vulnerability in manifest.ini in Unreal engine allows remote attackers to overwrite arbitrary files via .. (dot dot) sequences in a UMOD (Unreal MOD) file. Date published : 2005-05-10 http://www.securityfocus.com/bid/10196 http://marc.info/?l=bugtraq&m=108267310519459&w=2

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 allows remote attackers to inject arbitrary web script or HTML via the (1) lid and query parameters to the Downloads module, (2) query parameter to the...

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User...

SQL injection vulnerability in modules.php in phProfession 2.5 allows remote attackers to execute arbitrary SQL code via the offset parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10190 http://marc.info/?l=bugtraq&m=108258931430060&w=2

Cross-site scripting (XSS) vulnerability in modules.php in phProfession 2.5 allows remote attackers to inject arbitrary web script or HTML via the jcode parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10190 http://marc.info/?l=bugtraq&m=108258931430060&w=2

phProfession 2.5 allows remote attackers to gain sensitive information via a direct HTTP request to upload.php, which reveals the path in a PHP error message. Date published : 2005-05-10 http://www.securityfocus.com/bid/10190 http://marc.info/?l=bugtraq&m=108258931430060&w=2

SQL injection vulnerability in Advanced Guestbook 2.2 allows remote attackers to execute arbitrary SQL commands and gain privileges via the password. Date published : 2005-05-10 http://www.securityfocus.com/bid/10209 http://marc.info/?l=bugtraq&m=108258046402890&w=2