Monthly Archive: July 2005

Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before 5.2.1.2, and 5.1.3, when net-snmp is using stream sockets such as TCP, allows remote attackers to cause a denial of service (daemon hang and CPU consumption) via a...

Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. Date published :...

The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and...

Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the...

The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to...

The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user’s umask, which could allow local users to read PDF...

Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via "…/…//" sequences in the file parameter, which are reduced to "../" when...

delete.php in Plague News System 0.6 and earlier allows remote unauthenticated attackers to delete news, comments, and shoutbox posts by modifying the id parameter. Date published : 2005-07-06 http://dark-assassins.com/forum/viewtopic.php?t=90 http://secunia.com/advisories/15902

Cross-site scripting (XSS) vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to inject arbitrary web script or HTML via the cid parameter. Date published : 2005-07-06 http://dark-assassins.com/forum/viewtopic.php?t=90 http://secunia.com/advisories/15902

SQL injection vulnerability in index.php in Plague News System 0.6 and earlier allows remote attackers to execute arbitrary SQL commands via the cid parameter. Date published : 2005-07-06 http://dark-assassins.com/forum/viewtopic.php?t=90 http://secunia.com/advisories/15902

read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters. Date published : 2005-07-06 http://zone-h.org/advisories/read/id=7765 http://securitytracker.com/id?1014375

SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. Date published : 2005-07-06 http://marc.info/?l=bugtraq&m=112060007704577&w=2 http://sourceforge.net/project/shownotes.php?release_id=339047

Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Date published : 2005-07-06 http://marc.info/?l=bugtraq&m=112059745606348&w=2 http://www.badroot.org/advisories/SA0x07

PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter. Date published : 2005-07-06 http://marc.info/?l=bugtraq&m=112059876828730&w=2 http://www.soulblack.com.ar/repo/papers/advisory/myguestbook_advisory.txt