Monthly Archive: May 2006

Cross-site scripting (XSS) vulnerability in the input forms in prattmic and Master5006 PHPSimpleChoose 0.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an...

SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter. Date published : 2006-05-30 http://www.securityfocus.com/bid/18164 http://www.securityfocus.com/archive/1/435120/100/0/threaded

Cross-site scripting (XSS) vulnerability in view.php in TuttoPhp (1) Morris Guestbook 1, (2) Pretty Guestbook 1, and (3) Smile Guestbook 1 allows remote attackers to inject arbitrary web script or HTML via a javascript...

newsadmin.asp in Katy Whitton NewsCMSLite allows remote attackers to bypass authentication and gain administrative access by setting the loggedIn cookie to "xY1zZoPQ". Date published : 2006-05-30 http://www.securityfocus.com/archive/1/435019/100/0/threaded http://www.securityfocus.com/archive/1/500407/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in Tikiwiki (aka Tiki CMS/Groupware) 1.9.x allow remote attackers to inject arbitrary web script or HTML via malformed nested HTML tags such as "" in (1) offset and (2)...

Cross-site scripting (XSS) vulnerability in Neocrome Land Down Under (LDU) in Neocrome Seditio 102 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer field. Date published : 2006-05-30 http://www.securityfocus.com/bid/18130...

Absolute path traversal vulnerability in the copy action in index.php in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to create or overwrite files in other users’ directories by specifying the absolute...

Cross-site scripting (XSS) vulnerability in Andrew Godwin ByteHoard 2.1 and earlier allows remote authenticated users to inject arbitrary web script or HTML via file descriptions. Date published : 2006-05-30 http://www.securityfocus.com/bid/18136 http://www.securityfocus.com/archive/1/435135/100/0/threaded

The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters. Date published : 2006-05-29 http://www.securityfocus.com/bid/18116 http://www.mandriva.com/security/advisories?name=MDKSA-2006:122

Multiple unspecified format string vulnerabilities in Dia have unspecified impact and attack vectors, a different set of issues than CVE-2006-2480. Date published : 2006-05-28 http://www.securityfocus.com/bid/18166 http://www.redhat.com/archives/fedora-security-list/2006-May/msg00099.html

useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created...

phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter. Date published : 2006-05-27 http://www.securityfocus.com/archive/1/435001/100/0/threaded http://www.securityfocus.com/archive/1/435887/100/0/threaded

Stack-based buffer overflow in Symantec Antivirus 10.1 and Client Security 3.1 allows remote attackers to execute arbitrary code via unknown attack vectors. Date published : 2006-05-27 http://www.securityfocus.com/bid/18107 http://www.securityfocus.com/archive/1/435200/100/0/threaded

Race condition in Linux kernel 2.6.15 to 2.6.17, when running on SMP platforms, allows local users to cause a denial of service (crash) by creating and exiting a large number of tasks, then accessing...