Monthly Archive: March 2006

Cross-site scripting (XSS) vulnerability in Vz Scripts ADP Forum 2.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the Subject field (possibly messaggio parameter) when posting a new message...

SQL injection vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. Date published : 2006-03-12 http://www.securityfocus.com/bid/17045 http://www.manastungare.com/projects/site-membership/

Cross-site scripting (XSS) vulnerability in manas tungare Site Membership Script before 8 March, 2006 allows remote attackers to inject arbitrary web script or HTML via the Error parameter in (1) login.asp and (2) default.asp....

sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors. Date published :...

PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. NOTE: 2.1.4 was also reported to be vulnerable. Date published : 2006-03-10...

SQL injection vulnerability in D2-Shoutbox 4.2 allows remote attackers to execute arbitrary SQL commands via the load parameter, when performing a Shoutbox action through Invision Power Board (IPB). Date published : 2006-03-10 http://www.securityfocus.com/bid/16984 https://www.exploit-db.com/exploits/1556

PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote attackers to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...

Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote attackers to inject arbitrary web script or HTML via the go parameter. Date published : 2006-03-10 http://www.securityfocus.com/bid/25394 http://www.securityfocus.com/archive/1/427165/100/0/threaded

Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple...

PHP remote file inclusion vulnerability in lib/OWL_API.php in OWL Intranet Engine 0.82, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the xrms_file_root parameter, which is not initialized...

Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2)...

The Com_sprintf function in q_shared.c in Alien Arena 2006 Gold Edition 5.00 does not properly NULL terminate certain long strings, which allows remote attackers (possibly authenticated) to cause a denial of service (application crash)...

Stack-based buffer overflow in the Cmd_Say_f function in g_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code by sending a long message to the server. Date...

Format string vulnerability in the safe_cprintf function in acebot_cmds.c in Alien Arena 2006 Gold Edition 5.00 allows remote attackers (possibly authenticated) to execute arbitrary code via unspecified vectors when the server sends crafted messages...