Monthly Archive: January 2006

Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet...

The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read. Date published :...

PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_stat parameter, a different vulnerability than CVE-2006-0076. NOTE: the provenance of...

Cross-site scripting (XSS) vulnerability in index.php in @Card ME PHP allows remote attackers to inject arbitrary web script or HTML via the cat parameter. Date published : 2006-01-05 http://osvdb.org/ref/22/22203-ecardmax.txt http://www.osvdb.org/22203

Cross-site scripting (XSS) vulnerability in webmail in Open-Xchange 0.8.1-6 and earlier, with "Inline HTML" enabled, allows remote attackers to inject arbitrary web script or HTML via e-mail attachments, which are rendered inline. Date published...

Directory traversal vulnerability in index.php in IDV Directory Viewer before 2005.1 allows remote attackers to view arbitrary directory contents via a .. (dot dot) in the dir parameter. Date published : 2006-01-05 http://www.securityfocus.com/bid/16137 http://sourceforge.net/project/shownotes.php?release_id=382593&group_id=152499

Buffer overflow in ESRI ArcPad 7.0.0.156 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a .amp file with a COORDSYS tag with a long string...

SQL injection vulnerability in intouch.lib.php in inTouch 0.5.1 Alpha allows remote attackers to execute arbitrary SQL commands via the user parameter. Date published : 2006-01-05 http://www.securityfocus.com/bid/16110 http://www.securityfocus.com/archive/1/420672/100/0/threaded

SQL injection vulnerability in (1) pages.php and (2) detail.php in Lizard Cart CMS 1.04 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-01-05 http://www.securityfocus.com/bid/16140 http://www.securityfocus.com/archive/1/420772/100/0/threaded

Cross-site scripting vulnerability in index.php in Next Generation Image Gallery 0.0.1 Lite Edition allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2006-01-05 http://osvdb.org/ref/22/22202-nextgen.txt http://www.osvdb.org/22202

SQL injection vulnerability in Nkads 1.0 alfa 3 allows remote attackers to execute arbitrary SQL commands via the (1) usuario_nkads_admin or (2) password_nkads_admin parameters. Date published : 2006-01-05 http://www.soulblack.com.ar/repo/papers/advisory/nkads_advisory.txt http://www.osvdb.org/22206

Cross-site scripting vulnerability in index.php in raSMP 2.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the $_SERVER[HTTP_USER_AGENT] variable (User-Agent header). Date published : 2006-01-05 http://www.securityfocus.com/bid/16138 http://evuln.com/vulns/13/summary.html

Cross-site scripting (XSS) vulnerability in phpBB 2.0.19, when "Allowed HTML tags" is enabled, allows remote attackers to inject arbitrary web script or HTML via a permitted HTML tag with ‘ (single quote) characters and...

SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter. Date published : 2006-01-04 http://pridels0.blogspot.com/2005/11/csupport-pg-sql-inj.html http://www.osvdb.org/21316