Monthly Archive: June 2006

The TOSRFBD.SYS driver for Toshiba Bluetooth Stack 4.00.29 and earlier on Windows allows remote attackers to cause a denial of service (reboot) via a L2CAP echo request that triggers an out-of-bounds memory access, similar...

Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error....

PHP remote file inclusion vulnerability in micro_cms_files/microcms-include.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) and earlier allows remote attackers to execute arbitrary PHP code via a URL in the microcms_path parameter....

Cross-site scripting (XSS) vulnerability in icue_login.asp in Maximus SchoolMAX 4.0.1 and earlier iCue and iParent applications allows remote attackers to inject arbitrary web script or HTML via the error_msg parameter. Date published : 2006-06-22...

SQL injection vulnerability in forum.php in VBZooM 1.11 allows remote attackers to execute arbitrary SQL commands via the MainID parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18472 http://www.securityfocus.com/archive/1/437575/100/0/threaded

Cross-site scripting (XSS) vulnerability in details.cfm in Tradingeye Shop R4 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18526 http://pridels0.blogspot.com/2006/06/tradingeye-shop-r4-xss.html

SQL injection vulnerability in index.php in openCI 1.0 BETA 0.20.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-06-22 http://pridels0.blogspot.com/2006/06/openci-sql-inj.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27147

Multiple SQL injection vulnerabilities in war.php in Virtual War (VWar) 1.5.0 R14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) s, (2) showgame, (3) sortorder, and (4) sortby parameters....

Multiple cross-site scripting (XSS) vulnerabilities in phpMyDirectory 10.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PIC parameter in offers-pix.php, (2) from parameter in cp/index.php, and (3)...

Cross-site scripting (XSS) vulnerability in productDetail.asp in Edge eCommerce Shop allows remote attackers to inject arbitrary web script or HTML via the cart_id parameter. Date published : 2006-06-22 http://www.securityfocus.com/bid/18528 http://pridels0.blogspot.com/2006/06/edge-ecommerce-shop-xss.html

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Nucleus 3.23 allow remote attackers to execute arbitrary PHP code via a URL the DIR_LIBS parameter in (1) path/action.php, and to files in path/nucleus...

Cross-site scripting (XSS) vulnerability in qtofm.php4 in QTOFileManager 1.0 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, as originally reported for index.php. Date published : 2006-06-21 http://www.securityfocus.com/bid/18510 http://www.securityfocus.com/archive/1/437754/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in Clubpage allow remote attackers to inject arbitrary web script or HTML via the (1) news_archive, (2) language, and (3) intranetLogin parameters in (a) index.php; the (4) sites_id parameter...

SQL injection vulnerability in index.php in Clubpage allows remote attackers to execute arbitrary SQL commands via the category parameter. Date published : 2006-06-21 http://www.securityfocus.com/bid/18552 http://pridels0.blogspot.com/2006/06/clubpage-vuln.html