Monthly Archive: April 2006

The configuration of VMware ESX Server 2.x, 2.0.x, 2.1.x, and 2.5.x allows local users to cause a denial of service (shutdown) via the (1) halt, (2) poweroff, and (3) reboot scripts executed at the...

Directory traversal vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to read arbitrary files via the $className variable. Date published : 2006-04-13 http://www.securityfocus.com/bid/17519 http://www.securityfocus.com/archive/1/431029/100/0/threaded

Adobe Document Server for Reader Extensions 6.0, during log on, provides different error messages depending on whether the user ID is valid or invalid, which allows remote attackers to more easily identify valid user...

Adobe Document Server for Reader Extensions 6.0 includes a user’s session (jsession) ID in the HTTP Referer header, which allows remote attackers to gain access to PDF files that are being processed within that...

Cross-site scripting (XSS) vulnerability in Adobe Document Server for Reader Extensions 6.0 allows remote attackers to inject arbitrary web script or HTML via (1) the actionID parameter in ads-readerext and (2) the op parameter...

Adobe Document Server for Reader Extensions 6.0 allows remote authenticated users to inject arbitrary web script via a leading (1) ftp or (2) http URI in the ReaderURL variable in the "Update Download Site"...

PHP remote file inclusion vulnerability in admin/configset.php in Sphider 1.3 and earlier, when register_globals is disabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings_dir parameter. Date published :...

Cross-site scripting (XSS) vulnerability in PatroNet CMS allows remote attackers to inject arbitrary web script or HTML via the URI. Date published : 2006-04-13 http://www.securityfocus.com/bid/17495 http://www.securityfocus.com/archive/1/430868/100/0/threaded

Unspecified vulnerability in Solaris 8 and 9 allows local users to obtain the LDAP Directory Server root Distinguished Name (rootDN) password when a privileged user (1) runs idsconfig; or "insecurely" runs LDAP2 commands with...

PHP remote file inclusion vulnerability in functions.php in Circle R Monster Top List (MTL) 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter. NOTE: It was later...

The Bourne shell (sh) in Solaris 8, 9, and 10 allows local users to cause a denial of service (sh crash) via an unspecified attack vector that causes sh processes to crash during creation...

Cross-site scripting (XSS) vulnerability in login.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the btag parameter. Date published : 2006-04-13 http://www.securityfocus.com/bid/17493 http://www.securityfocus.com/archive/1/430743/100/0/threaded

Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) blogid parameter in (a) index.php and (b) archive.php, the (2) m and...

Directory traversal vulnerability in doc/index.php in Jeremy Ashcraft Simplog 0.9.2 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the s parameter, as demonstrated by injecting...