Monthly Archive: January 2006

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1)...

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null...

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using...

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to...

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd...

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges. Date published : 2006-01-06 http://www.securityfocus.com/bid/16150 http://www.securityfocus.com/archive/1/420974/100/0/threaded

mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash)...

Enhanced Simple PHP Gallery 1.7 allows remote attackers to obtain the full path of the application via a direct request to sp_helper_functions.php, which leaks the pathname in an error message. Date published : 2006-01-06...

Cross-site scripting (XSS) vulnerability in index.php in Enhanced Simple PHP Gallery 1.7 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. Date published : 2006-01-06 http://osvdb.org/ref/22/22201-espg.txt http://www.osvdb.org/22201

Cross-site scripting vulnerability in index.php in Boxcar Media Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) parent or (2) pg parameter. Date published : 2006-01-06 http://osvdb.org/ref/22/22360-boxcar.txt http://www.osvdb.org/22360

Cross-site scripting (XSS) vulnerability in escribir.php in Foro Domus 2.10 allows remote attackers to inject arbitrary web script via the email parameter. Date published : 2006-01-06 http://www.securityfocus.com/bid/16154 http://www.securityfocus.com/archive/1/421056/100/0/threaded

Cross-site scripting vulnerability in category.php in Modular Merchant Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Date published : 2006-01-06 http://www.securityfocus.com/bid/16160 http://osvdb.org/ref/22/22243-modular.txt

SQL injection vulnerability in mcl_login.asp in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the email parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from...

SQL injection vulnerability in Timecan CMS allows remote attackers to execute arbitrary SQL commands via the viewID parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...