Monthly Archive: June 2006

Cross-site scripting (XSS) vulnerability in index.php in Car Classifieds allows remote attackers to inject arbitrary web script or HTML via the make_id parameter. NOTE: the provenance of this information is unknown; the details are...

Multiple cross-site scripting (XSS) vulnerabilities in EZGallery 1.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) pUserID, (2) aid, (3) aname, (4) uid, and (5) m parameter...

Stack-based buffer overflow in the HrShellOpenWithMonikerDisplayName function in Microsoft Hyperlink Object Library (hlink.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hyperlink, as demonstrated...

parse-packet.c in GnuPG (gpg) 1.4.3 and 1.9.20, and earlier versions, allows remote attackers to cause a denial of service (gpg crash) and possibly overwrite memory via a message packet with a large length (long...

mysqld in MySQL 4.1.x before 4.1.18, 5.0.x before 5.0.19, and 5.1.x before 5.1.6 allows remote authorized users to cause a denial of service (crash) via a NULL second argument to the str_to_date function. Date...

Cross-site scripting (XSS) vulnerability in viewposts.cfm in aXentForum II and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. Date published : 2006-06-19 http://www.securityfocus.com/bid/18473 http://www.securityfocus.com/archive/1/437403/100/0/threaded

Cross-site scripting (XSS) vulnerability in index.cfm in SSPwiz Plus 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2006-06-19 http://www.securityfocus.com/bid/18482 http://pridels0.blogspot.com/2006/06/sspwiz-xss-vuln.html

Multiple SQL injection vulnerabilities in APBoard 2.2-r3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) PHPSESSID parameter in board.php and (2) viewcatmod parameter in main.php. Date published : 2006-06-19...

Cross-site scripting (XSS) vulnerability in guestbook.cfm in aXentGuestbook 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the startrow parameter. Date published : 2006-06-19 http://pridels0.blogspot.com/2006/06/axentguestbook-ii-xss-vuln.html https://exchange.xforce.ibmcloud.com/vulnerabilities/27160

PHP remote file inclusion vulnerability in software_upload/public_includes/pub_templates/vphptree/template.php in PhpBlueDragon CMS 2.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the vsDragonRootPath parameter. Date published : 2006-06-19 http://www.securityfocus.com/bid/18440 http://www.securityfocus.com/archive/1/437130/100/0/threaded

Multiple PHP remote file inclusion vulnerabilities in PictureDis Professional 1.33 Build 234 and earlier and PictureDis Photoalbum 4.82 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the lang...

klif.sys in Kaspersky Internet Security 6.0 and 7.0, Kaspersky Anti-Virus (KAV) 6.0 and 7.0, KAV 6.0 for Windows Workstations, and KAV 6.0 for Windows Servers does not validate certain parameters to the (1) NtCreateKey,...

Multiple cross-site scripting (XSS) vulnerabilities in the WebVPN feature in the Cisco VPN 3000 Series Concentrators and Cisco ASA 5500 Series Adaptive Security Appliances (ASA), when in WebVPN clientless mode, allow remote attackers to...

M4 Macro Library in Symantec Security Information Manager before 4.0.2.29 HOTFIX 1 allows local users to execute arbitrary commands via crafted "rule definitions", which produces dangerous Java code during M4 transformation. Date published :...