Monthly Archive: March 2006

GGZ Gaming Zone 0.0.12 allows remote attackers to cause a denial of service (client disconnect) via inputs that produce malformed XML, including (1) trailing ‘ (apostrophe) character on the ID attribute in a PLAYER...

Classic Planer in AntiVir PersonalEdition Classic 7 does not drop privileges before executing external programs, which allows local users to gain privileges via notepad.exe, which is used to display scan reports. Date published :...

** DISPUTED ** Mozilla Firefox 1.0.7 and 1.5.0.1 allows remote attackers to cause a denial of service (crash) via an HTML tag with a large number of script action handlers such as onload and...

Multiple cross-site scripting (XSS) vulnerabilities in member.php in MyBulletin Board (MyBB) 1.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) aim, (2) yahoo, (3) msn, or (4) website field....

SQL injection vulnerability in index.php in OxyNews allows remote attackers to execute arbitrary SQL commands via the oxynews_comment_id parameter. Date published : 2006-03-18 http://www.securityfocus.com/bid/17132 http://www.securityfocus.com/archive/1/428057/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in zones.php in Inprotect 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) Name or (2) Description field. NOTE: the provenance of this information...

Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE:...

The Internet Key Exchange implementation in Funkwerk X2300 7.2.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test...

Invision Power Board 2.1.4 allows remote attackers to hijack sessions and possibly gain administrative privileges by obtaining the session ID from the s parameter, then replaying it in another request. Date published : 2006-03-18...

Cross-site scripting (XSS) vulnerability in Service_Requests.asp in VPMi Enterprise 3.3 allows remote attackers to inject arbitrary web script or HTML via the Request_Name_Display parameter. Date published : 2006-03-18 http://www.securityfocus.com/bid/17172 http://www.osvdb.org/23916

SQL injection vulnerability in discussion.class.php in xhawk.net discussion 2.0 beta2 allows remote attackers to execute arbitrary SQL commands via the view parameter. Date published : 2006-03-18 http://www.securityfocus.com/bid/17121 http://www.securityfocus.com/archive/1/427729/100/0/threaded

Cross-site scripting (XSS) vulnerability in xhawk.net discussion 2.0 beta2 allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in a BBCode img tag. Date published : 2006-03-18 http://www.securityfocus.com/bid/17119 http://www.securityfocus.com/archive/1/427729/100/0/threaded

Multiple "unannounced" cross-site scripting (XSS) vulnerabilities in WordPress before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. Date published : 2006-03-18 http://www.securityfocus.com/bid/17069 http://wordpress.org/development/2006/03/security-202/

Multiple SQL injection vulnerabilities in ASPPortal 3.00 have unknown impact and attack vectors. Date published : 2006-03-18 http://www.securityfocus.com/bid/17114 http://marc.info/?l=bugtraq&m=114243660409338&w=2