Monthly Archive: April 2006

NetBSD 1.6 up to 3.0, when a user has "set record" in .mailrc with the default umask set, creates the record file with 0644 permissions, which allows local users to read the record file....

Multiple cross-site scripting (XSS) vulnerabilities in Andy’s PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4)...

Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter). Date published : 2006-04-03...

Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). Date published : 2006-04-03 http://www.securityfocus.com/bid/17393 http://osvdb.org/ref/24/24302-annuaire_directory.txt

Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. Date published : 2006-04-03 http://osvdb.org/ref/24/24302-annuaire_directory.txt http://www.osvdb.org/24302

SQL injection vulnerability in admin_login.asp in ISP of Egypt SiteMan allows remote attackers to execute arbitrary SQL commands via the pass parameter. Date published : 2006-04-02 http://www.securityfocus.com/bid/17347 http://www.securityfocus.com/archive/1/429607/100/0/threaded

Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcommentaire parameters in (b)...

Unspecified vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter, possibly related to fopen function calls or file...

Cross-site scripting (XSS) vulnerability in index.php in Warcraft III Replay Parser for PHP 1.8c allows remote attackers to inject arbitrary web script or HTML via the page parameter. NOTE: post-disclosure analysis by CVE suggests...

Cross-site scripting (XSS) vulnerability in index.php in Blank’N’Berg 0.2 allows remote attackers to inject arbitrary web script or HTML via the _path parameter. NOTE: this might be resultant from the directory traversal issue. Date...

Directory traversal vulnerability in index.php in Blank’N’Berg 0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the _path parameter. Date published : 2006-04-02 http://www.securityfocus.com/bid/17345 http://www.silitix.com/bnb.php

Multiple cross-site scripting (XSS) vulnerabilities in Bugzero 4.3.1 and other versions allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in query.jsp and (2) entryId parameter in edit.jsp....

SQL injection vulnerability in topics.php in Dynamic Bulletin Board System (DbbS) 2.0-alpha and earlier allows remote attackers to execute arbitrary SQL commands via the limite parameter. Date published : 2006-04-02 http://www.securityfocus.com/bid/17338 http://www.securityfocus.com/archive/1/429512/100/0/threaded

Multiple SQL injection vulnerabilities in Keystone Digital Library Suite (DLS) 1.5.4 and earlier allow remote attackers to execute arbitrary SQL commands via the subject_type_id parameter in (1) the index page and (2) the search...