Monthly Archive: February 2006

SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: version 2.3 was later reported to be vulnerable as...

Directory traversal vulnerability in the "remember me" feature in liveuser.php in PHP Extension and Application Repository (PEAR) LiveUser 0.16.8 and earlier allows remote attackers to determine file existence, and possibly delete arbitrary files with...

Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers." Date published :...

Buffer overflow in certain versions of South River (aka SRT) WebDrive, possibly version 6.08 build 1131 and version 8, allows remote attackers to cause a denial of service (application crash and persistent erratic behavior)...

PunBB 1.2.10 and earlier allows remote attackers to conduct brute force guessing attacks for an account’s password, which may be as short as 4 characters. Date published : 2006-02-23 http://www.securityfocus.com/archive/1/425630/100/0/threaded http://www.neosecurityteam.net/advisories/Advisory-15.txt

PunBB 1.2.10 and earlier allows remote attackers to cause a denial of service (resource consumption) by registering many user accounts quickly. Date published : 2006-02-23 http://www.securityfocus.com/archive/1/425630/100/0/threaded http://www.neosecurityteam.net/advisories/Advisory-15.txt

filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value. Date published : 2006-02-23 http://www.securityfocus.com/bid/16768 http://www.securityfocus.com/archive/1/425788/100/0/threaded

InfoVista PortalSE 2.0 Build 20087 on Solaris 8 allows remote attackers to obtain sensitive information by specifying a nonexistent server in the server field, which reveals the path in an error message. Date published...

Unspecified vulnerability in InfoVista PortalSE 2.0 Build 20087 on Solaris 8 without the IV00038969 hotfix allows remote attackers to read arbitrary files via a crafted URL. Date published : 2006-02-23 http://www.securityfocus.com/bid/16776 http://www.securityfocus.com/archive/1/425779/100/0/threaded

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to obtain the source IP addresses of guestbook entries via a direct request to /gb/gblog. Date published : 2006-02-23 http://www.securityfocus.com/archive/1/425495/100/0/threaded http://www.securityfocus.com/archive/1/426663/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in Michael Salzer Guestbox 0.6, and other versions before 0.8, allow remote attackers to inject arbitrary web script or HTML via (1) HTML tags that follow a "http://" string,...

Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter. Date published...

Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe’n’Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe’n’Sec products, might...

Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. Date published : 2006-02-23...