Monthly Archive: May 2006

PHP remote file inclusion vulnerability in Basic Analysis and Security Engine (BASE) 1.2.4 and earlier, with register_globals enabled, allows remote attackers to execute arbitrary PHP code via a URL in the BASE_path parameter to...

Cross-site scripting (XSS) vulnerability in the search module in CMS Mundo 1.0 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter. Date published : 2006-05-31 http://www.securityfocus.com/bid/18316 http://www.securityfocus.com/archive/1/435017/100/0/threaded

PHP remote file inclusion vulnerability in 404.php in open-medium.CMS 0.25 allows remote attackers to execute arbitrary PHP code via a URL in the REDSYS[MYPATH][TEMPLATES] parameter. Date published : 2006-05-31 https://www.exploit-db.com/exploits/1824 http://secunia.com/advisories/20301

PHP remote file inclusion vulnerability in BE_config.php in Back-End CMS 0.7.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _PSL[classdir] parameter. Date published : 2006-05-31 https://www.exploit-db.com/exploits/1825 http://secunia.com/advisories/20292

PHP remote file inclusion vulnerability in SocketMail Lite and Pro 2.2.6 and earlier, when register_globals and magic_quotes are enabled, allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter...

Cross-site scripting (XSS) vulnerability in index.php in AZ Photo Album Script Pro allows remote attackers to inject arbitrary web script or HTML via the gazpart parameter. Date published : 2006-05-31 http://www.securityfocus.com/bid/18306 http://www.securityfocus.com/archive/1/435003/100/0/threaded

Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users...

Multiple cross-site scripting (XSS) vulnerabilities in Pre News Manager 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, and the (2) nid parameter to...

SiteScape Forum 7.2 and possibly earlier stores the avf.rc configuraiton file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive path information. Date published : 2006-05-31 http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en...

Dispatch.cgi/_user/uservCard/ in SiteScape Forum 7.2 and possibly earlier generates different responses in a way that allows remote attackers to enumerate valid usernames. Date published : 2006-05-31 http://www.uniras.gov.uk/niscc/docs/br-20060525-00374.html?lang=en http://secunia.com/advisories/20266

Buffer overflow in the addnewword function in typespeed 0.4.4 and earlier might allow remote attackers to execute arbitrary code via unknown vectors. Date published : 2006-05-31 http://www.securityfocus.com/bid/18194 http://www.debian.org/security/2006/dsa-1084

The WeOnlyDo! SFTP (wodSFTP) ActiveX control is marked as safe for scripting, which allows remote attackers to read and write files in arbitrary locations by accessing the control from a web page. Date published...

PHP remote file inclusion vulnerability in ubbt.inc.php in UBBThreads 5.x and 6.x allows remote attackers to execute arbitrary PHP code via a URL in the (1) thispath or (2) configdir parameters. Date published :...

Multiple SQL injection vulnerabilities in Tamber Forum 1.9.13 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) frm_id parameter to (a) show_forum.asp, (2) a search field to (b) forum_search.asp, (3)...