Monthly Archive: July 2005

The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C3200 digital printer, when not using IP address range filtering, allows remote attackers to print arbitrary text without authentication via a text/plain email to...

Lords of the Realm III 1.01 and earlier, when in the lobby stage, allows remote attackers to cause a denial of service (crash from unallocated memory write) via a long user nickname. Date published...

shoprestoreorder.asp in VP-ASP 5.0 does not close the database connection when a user restores a previous order, which allows remote attackers to cause a denial of service (connection consumption). Date published : 2005-07-10 http://www.securityfocus.com/bid/11228...

login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not verify the shared secret in a response packet from a RADIUS server, which allows remote attackers to bypass authentication by spoofing server replies....

Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the search field of the Address Module or (2) the t parameter to app_new.php....

SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows remote attackers to execute arbitrary SQL commands via the link_id parameter. Date published : 2005-07-10 http://www.securityfocus.com/bid/11221 http://www.securityfocus.com/archive/1/375757

Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code. Date published : 2005-07-10 http://cvs.sourceforge.net/viewcvs.py/xmlstar/xmlstarlet/src/xml_elem.c?r1=1.17&r2=1.18 http://sourceforge.net/project/shownotes.php?release_id=268962

Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 have unknown impact and attack vectors via (1) xml_elem.c and (2) xml_select.c. Date published : 2005-07-10 http://www.securityfocus.com/bid/11270 http://sourceforge.net/project/shownotes.php?release_id=268962

SQL injection vulnerability in Serendipity 0.7-beta1 allows remote attackers to execute arbitrary SQL commands via the entry_id parameter to (1) exit.php or (2) comment.php. Date published : 2005-07-10 http://www.securityfocus.com/bid/11269 http://lists.grok.org.uk/pipermail/full-disclosure/2004-September/026955.html

Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity 0.7 beta1, and possibly other versions before 0.7-beta3, allows remote attackers to inject arbitrary HTML and PHP code via the (1) email or (2) username field....

Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have unknown impact and attack vectors. Date published : 2005-07-10 http://www.securityfocus.com/bid/11306 http://archives.neohapsis.com/archives/apps/freshmeat/2004-09/0030.html

Online-bookmarks before 0.4.6 allows remote attackers to bypass its authentication mechanism via a direct request to (1) config/*, (2) bookmarks.php, (3) footer.php, (4) main.php, (5) tree.php, or (6) functions.php. Date published : 2005-07-10 http://www.securityfocus.com/bid/11305...

SQL injection vulnerability in the user profile edit module in profile.php for PunBB 1.2.5 and earlier allows remote attackers to execute arbitrary SQL statements via the temp array, which is not initialized before it...

SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with insufficient access control, which allows remote attackers to obtain passwords via a brute force attack. Date published : 2005-07-10 http://marc.info/?l=bugtraq&m=112075901100640&w=2 http://secunia.com/advisories/15954