Monthly Archive: March 2006

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a...

Multiple buffer overflows in htpasswd, as used in Acme thttpd 2.25b, and possibly other products such as Apache, might allow local users to gain privileges via (1) a long command line argument and (2)...

Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters. Date published :...

SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter. Date published : 2006-03-08 http://www.securityfocus.com/bid/16971 http://www.securityfocus.com/archive/1/426875/100/0/threaded

Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server...

Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command. Date published : 2006-03-08 http://www.securityfocus.com/bid/16992 http://www.securityfocus.com/archive/1/426864/100/0/threaded

Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627. Date published : 2006-03-08 http://www.securityfocus.com/bid/17039...

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors....

Directory traversal vulnerability in index.php in Daverave Simplog 1.0.2 and earlier allows remote attackers to include or read arbitrary .txt files via the (1) act and (2) blogid parameters. Date published : 2006-03-07 http://www.securityfocus.com/bid/16965...

Cross-site scripting (XSS) vulnerability in Daverave Simplog 1.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog post. Date published : 2006-03-07 http://www.securityfocus.com/bid/16965 http://www.securityfocus.com/archive/1/426769/100/0/threaded

Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. Date published : 2006-03-07 http://www.securityfocus.com/bid/16968 http://www.securityfocus.com/archive/1/427214/100/0/threaded

Cross-site scripting (XSS) vulnerability in dv_gbook.php in DVguestbook 1.0 allows remote attackers to inject arbitrary web script or HTML via the f parameter. Date published : 2006-03-07 http://www.securityfocus.com/bid/16968 http://www.securityfocus.com/archive/1/427214/100/0/threaded

Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors. Date published...

Netgear 614 and 624 routers, possibly running VXWorks, allow remote attackers to cause a denial of service by sending a malformed DCC SEND string to an IRC channel, which causes an IRC connection reset,...