Monthly Archive: December 2005

Opera 8.50 allows remote attackers to cause a denial of service (crash) via a Java applet with a large string argument to the removeMember JNI method for the com.opera.JSObject class. Date published : 2005-12-01...

The SynAttackProtect protection in Microsoft Windows 2003 before SP1 and Windows 2000 before SP4 with Update Roll-up uses a hash of predictable data, which allows remote attackers to cause a denial of service (CPU...

SQL injection vulnerability in survey.php in ilyav Survey System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the SURVEY_ID parameter. Date published : 2005-12-01 http://www.securityfocus.com/bid/15641 http://pridels0.blogspot.com/2005/11/survey-system-11-sql-inj-vuln.html

Multiple SQL injection vulnerabilities in ilyav FAQ System 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) FAQ_ID and (2) action parameters in (a) viewFAQ.php; and (3) CATEGORY_ID parameter...

SQL injection vulnerability in knowledgebase-control.php in Orca Knowledgebase 2.1b and earlier allows remote attackers to execute arbitrary SQL commands via the qid parameter. Date published : 2005-12-01 http://www.securityfocus.com/bid/15637 http://www.greywyvern.com/orca#know

SQL injection vulnerability in blog.php in Orca Blog 1.3b and earlier allows remote attackers to execute arbitrary SQL commands via the msg parameter. Date published : 2005-12-01 http://www.securityfocus.com/bid/15638 http://www.greywyvern.com/orca#blog

SQL injection vulnerability in ringmaker.php in Orca Ringmaker 2.3c and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter. Date published : 2005-12-01 http://www.securityfocus.com/bid/15639 http://www.greywyvern.com/orca#ring

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) perpage, (3) ascdesc, and (4) orderlinks in a displaycat action...

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php, (2) faq_qanda.php, (3) refer_friend.php, (4) print_article.php, or (5) add_comment.php....

SQL injection vulnerability in Softbiz B2B Trading Marketplace Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the cid parameter in (1) selloffers.php, (2) buyoffers.php, (3) products.php, or (4) profiles.php....

PHP file include vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to include arbitrary local files via the __f parameter. Date published : 2005-12-01 http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html http://www.osvdb.org/21251

SQL injection vulnerability in SocketKB 1.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) node and (2) art_id parameters. Date published : 2005-12-01 http://www.securityfocus.com/bid/15650 http://pridels0.blogspot.com/2005/11/socketkb-11x-vuln.html

Buffer overflow in Symantec pcAnywhere 11.0.1, 11.5.1, and all other 32-bit versions allows remote attackers to cause a denial of service (application crash) via unknown attack vectors. Date published : 2005-12-01 http://www.securityfocus.com/bid/15646 http://www.symantec.com/avcenter/security/Content/2005.11.29.html

SQL injection vulnerability in index.php in 88Script’s Event Calendar 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the m parameter. Date published : 2005-12-01 http://www.securityfocus.com/bid/15658 http://pridels0.blogspot.com/2005/11/88scripts-event-calendar-v20-sql-inj.html