Monthly Archive: June 2006

Cross-site scripting (XSS) vulnerability in L0j1k tinyMuw 0.1.0 allow remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element in the input box...

Cross-site scripting (XSS) vulnerability in search.php in PHP Labware LabWiki 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input box (query parameter). Date published : 2006-06-12 http://www.securityfocus.com/bid/18288 http://www.securityfocus.com/archive/1/435981/100/0/threaded

Syworks SafeNET allows local users to bypass restrictions on network resource consumption by editing the policy.dat file. Date published : 2006-06-12 http://www.securityfocus.com/archive/1/436000/100/0/threaded http://securitytracker.com/id?1016231

Cross-site scripting (XSS) vulnerability in Particle Soft Particle Wiki 1.0.2 allows remote attackers to inject arbitrary web script or HTML via a BR element with an extraneous IMG tag and a STYLE attribute that...

Multiple cross-site scripting (XSS) vulnerabilities in Particle Soft Particle Whois 1.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) the target parameter in index.php and (2) the "input box." Date...

Multiple PHP remote file inclusion vulnerabilities in Xtreme Scripts Download Manager (aka Xtreme Downloads) 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the root parameter in (1) download.php, (2)...

Cross-site scripting (XSS) vulnerability in Suchergebnisse.asp in Cabacos Web CMS 3.8.498 and earlier allows remote attackers to inject arbitrary web script or HTML via the suchtext parameter. Date published : 2006-06-12 http://www.securityfocus.com/archive/1/436704/100/200/threaded http://www.majorsecurity.de/advisory/major_rls13.txt

PHP remote file inclusion vulnerability in sql_fcnsOLD.php in Emergenices Personnel Information System (Empris) 20020923 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phormationdir parameter. Date published :...

Stack-based buffer overflow in CesarFTP 0.99g and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MKD command. NOTE: the provenance of this...

PHP remote file inclusion vulnerability in includes/joomla.php in Joomla! 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. Date published : 2006-06-12 http://www.securityfocus.com/bid/18363 http://www.securityfocus.com/archive/1/436707/100/0/threaded

SQL injection vulnerability in inc_header.asp in Snitz Forum 3.4.05 and earlier allows remote attackers to execute arbitrary SQL commands via the %strCookieURL%.GROUP parameter in a cookie. Date published : 2006-06-12 http://www.securityfocus.com/bid/18362 http://www.securityfocus.com/archive/1/436702/100/0/threaded

Directory traversal vulnerability in FilZip 3.05 allows remote attackers to write arbitrary files via a .. (dot dot) in a (1) .rar, (2) .tar, (3) .jar, or (4) .gz file. NOTE: the provenance of...

Cross-site scripting (XSS) vulnerability in i.List 1.5 beta and earlier allows remote attackers to inject arbitrary web script or HTML via the banurl parameter to add.php. NOTE: the provenance of this information is unknown;...

Multiple cross-site scripting (XSS) vulnerabilities in i.List 1.5 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) searchword parameter to search.php or (2) siteurl parameter to add.php....