Monthly Archive: February 2006

Unspecified vulnerability in EmuLinker Kaillera Server before 0.99.17 allows remote attackers to cause a denial of service (probably resource consumption) via a crafted packet that causes a "ghost game" to be left on the...

SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. Date published : 2006-02-21 https://www.exploit-db.com/exploits/1513 http://secunia.com/advisories/18929

MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a...

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID. Date published : 2006-02-20 http://www.geeklog.net/article.php/geeklog-1.3.11sr3 http://www.geeklog.net/forum/viewtopic.php?showtopic=61457

Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. Date published : 2006-02-20 http://www.securityfocus.com/bid/16936 http://www.securityfocus.com/archive/1/426658/30/0/threaded

Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code...

Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4)...

MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client’s mWebCache cache with malicious "zombie" nodes. Date published :...

Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents. Date published : 2006-02-20 http://www.securityfocus.com/bid/16737...

Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and...

The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing...

Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. Date published : 2006-02-20 http://www.securityfocus.com/bid/16728 http://security.gentoo.org/glsa/glsa-200611-18.xml

Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing...

SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. Date published : 2006-02-20...