Monthly Archive: March 2006

Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and...

PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. NOTE: this...

Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function...

SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. Date published : 2006-03-29 http://www.securityfocus.com/bid/17298 http://osvdb.org/ref/24/24228-oneorzero.txt

SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-03-29 http://www.securityfocus.com/bid/17299 http://osvdb.org/ref/24/24233-tilde.txt

SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable). Date published : 2006-03-29 http://www.securityfocus.com/bid/17302 http://www.securityfocus.com/archive/1/430353/100/0/threaded

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. Date published : 2006-03-29 http://www.securityfocus.com/bid/17269 http://www.mediawiki.org/wiki/MediaWiki

Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter. Date published : 2006-03-29 http://www.securityfocus.com/bid/17226 http://www.securityfocus.com/bid/17227

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an...

SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option....

Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. NOTE: it is possible that this issue is resultant from CVE-2006-1492....

Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter. Date published : 2006-03-29 http://www.securityfocus.com/bid/17303 http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1806.html

Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. Date published : 2006-03-29 http://www.securityfocus.com/bid/17292 http://cvs.horde.org/diff.php?f=horde%2Fservices%2Fhelp%2Findex.php&r1=2.85&r2=2.86

PHP before 5.1.3-RC1 might allow remote attackers to obtain portions of memory via crafted binary data sent to a script that processes user input in the html_entity_decode function and sends the encoded results back...