Monthly Archive: April 2006

Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id,...

Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing...

Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. Date published : 2006-04-20 http://www.securityfocus.com/bid/17569 http://www.securityfocus.com/archive/1/431157/100/0/threaded

The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. Date published : 2006-04-20 http://www.securityfocus.com/bid/17645 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=189540

** DISPUTED ** Multiple SQL injection vulnerabilities in userscript.php in Green Minute 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) huserid, (2) pituus, or (3) date parameters. NOTE:...

PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. Date published : 2006-04-20 http://www.securityfocus.com/bid/17623 http://pridels0.blogspot.com/2006/04/i-rater-platinum-remote-file-inclusion.html

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet...

Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via...

SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter. Date published : 2006-04-20 http://www.securityfocus.com/bid/17606 http://www.securityfocus.com/archive/1/431354/100/0/threaded

Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. NOTE:...

SQL injection vulnerability in functions/db_api.php in LinPHA 1.1.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors. Date published : 2006-04-20 http://www.securityfocus.com/bid/17619 http://www.osvdb.org/24817

Multiple cross-site scripting (XSS) vulnerabilities in LinPHA before 1.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) RSS/RSS.php and (2) possibly other vectors. Date published : 2006-04-20 http://www.securityfocus.com/bid/17619 http://www.osvdb.org/24816

PHP remote file inclusion vulnerability in (1) about.php or (2) auth.php in TotalCalendar allows remote attackers to execute arbitrary PHP code via a URL in the inc_dir parameter. Date published : 2006-04-20 http://www.securityfocus.com/bid/17618 http://pridels0.blogspot.com/2006/04/totalcalendar-remote-code-execution.html

nettools.php in PHP Net Tools 2.7.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter. Date published : 2006-04-20 http://www.securityfocus.com/bid/17601 https://www.exploit-db.com/exploits/1695