Monthly Archive: January 2006

Cross-site scripting (XSS) vulnerability in search.php in MyBulletinBoard (MyBB) 1.02 allows remote attackers to inject arbitrary web script or HTML via the (1) sortby and (2) sortordr parameters, which are not properly handled in...

Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. Date...

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated...

Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages. Date published : 2006-01-30 http://www.securityfocus.com/bid/16429 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350237

Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly...

Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. Date published...

Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling." Date published : 2006-01-27 http://linux.bkbits.net:8080/linux-2.4/cset@3d6aadcbBIDX67Zl6zZnVKRcsilCVQ http://www.redhat.com/support/errata/RHSA-2002-205.html

Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors. Date published : 2006-01-27 http://linux.bkbits.net:8080/linux-2.4/cset@3d6badc0mxsPaOTT_GuPVxCp1_ormw http://www.redhat.com/support/errata/RHSA-2002-205.html

Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter. Date published : 2006-01-27 http://www.securityfocus.com/bid/15112 http://securitytracker.com/id?1015054

Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter. Date published : 2006-01-27 http://www.securityfocus.com/bid/15111 http://www.osvdb.org/20084

ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames. Date published : 2006-01-27 http://www.securityfocus.com/bid/15253 http://www.critical.lt/?vulnerabilities/119

Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4...

Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2006-01-27 http://www.securityfocus.com/bid/13261 http://securitytracker.com/id?1013749

Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter. Date published : 2006-01-27 http://www.securityfocus.com/bid/13255 http://www.osvdb.org/15676