Monthly Archive: December 2005

search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability. Date published...

Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter. NOTE: the provenance of this information is unknown; the details are...

rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory. Date published : 2005-12-28 http://www.securityfocus.com/bid/16050 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=344424

The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2005-12-27 http://www.securityfocus.com/bid/16061 http://www.securityfocus.com/archive/1/420353/100/0/threaded

Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered....

scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking...

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4)...

The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors. Date published : 2005-12-27 http://sourceforge.net/project/shownotes.php?release_id=379608 http://secunia.com/advisories/18184

SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2005-12-27 http://sourceforge.net/project/shownotes.php?release_id=379608 http://www.osvdb.org/22015

Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters. Date published : 2005-12-27 http://www.securityfocus.com/bid/15957/...

Clearswift MIMEsweeper For Web (a.k.a. WEBsweeper) 4.0 through 5.1 allows remote attackers to bypass filtering via a URL that does not include a .exe extension but returns an executable file. Date published : 2005-12-27...

SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI...

Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak. Date published : 2005-12-27 http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 http://www.debian.org/security/2005/dsa-944

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information. Date published : 2005-12-27 http://sourceforge.net/project/shownotes.php?release_id=377934&group_id=14963 http://www.debian.org/security/2005/dsa-944