Monthly Archive: August 2006

Incomplete blacklist vulnerability in the nk_CSS function in nuked.php in Nuked-Klan 1.7 SP4.3 allows remote attackers to bypass anti-XSS features and inject arbitrary web script or HTML via JavaScript in an attribute value that...

Cross-site scripting (XSS) vulnerability in loginreq2.php in Visual Shapers ezContents 2.0.3 allows remote attackers to inject arbitrary web script or HTML via the subgroupname parameter. Date published : 2006-08-31 http://www.securityfocus.com/bid/19780 http://www.securityfocus.com/archive/1/444779/100/0/threaded

SQL injection vulnerability in headeruserdata.php in Visual Shapers ezContents 2.0.3 allows remote attackers to execute arbitrary SQL commands via the groupname parameter. Date published : 2006-08-31 http://www.securityfocus.com/bid/19777 http://www.securityfocus.com/archive/1/444779/100/0/threaded

Multiple PHP remote file inclusion vulnerabilities in Visual Shapers ezContents 2.0.3 allow remote attackers to execute arbitrary PHP code via an empty GLOBALS[rootdp] parameter and an ftps URL in the (1) GLOBALS[admin_home] parameter in...

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to "Injection Flaws," allow attackers to have an unknown impact via (1) globals.php, which uses include_once() instead of require(); (2) the $options variable; (3) Admin Upload...

Joomla! before 1.0.11 does not limit access to the Admin Popups functionality, which has unknown impact and attack vectors. Date published : 2006-08-31 http://www.joomla.org/content/view/1841/78/ http://www.joomla.org/content/view/1843/74/

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.11 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) Admin Module Manager, (2) Admin Help, and (3) Search. Date...

Unspecified vulnerability in com_content in Joomla! before 1.0.11, when $mosConfig_hideEmail is set, allows attackers to perform the emailform and emailsend tasks. Date published : 2006-08-31 http://www.joomla.org/content/view/1841/78/ http://www.joomla.org/content/view/1843/74/

Multiple unspecified vulnerabilities in Joomla! before 1.0.11 allow attackers to bypass user authentication via unknown vectors involving the (1) do_pdf command and the (2) emailform com_content task. Date published : 2006-08-31 http://www.joomla.org/content/view/1841/78/ http://www.joomla.org/content/view/1843/74/

The Admin Upload Image functionality in Joomla! before 1.0.11 allows remote authenticated users to upload files outside of the /images/stories/ directory via unspecified vectors. Date published : 2006-08-31 http://www.joomla.org/content/view/1841/78/ http://www.joomla.org/content/view/1843/74/

Joomla! before 1.0.11 omits some checks for whether _VALID_MOS is defined, which allows attackers to have an unknown impact, possibly resulting in PHP remote file inclusion. Date published : 2006-08-31 http://www.joomla.org/content/view/1841/78/ http://www.joomla.org/content/view/1843/74/

Unspecified vulnerability in PEAR.php in Joomla! before 1.0.11 allows remote attackers to perform "remote execution," related to "Injection Flaws." Date published : 2006-08-31 http://www.joomla.org/content/view/1841/78/ http://www.joomla.org/content/view/1843/74/

Multiple unspecified vulnerabilities in Joomla! before 1.0.11, related to unvalidated input, allow attackers to have an unknown impact via unspecified vectors involving the (1) mosMail, (2) JosIsValidEmail, and (3) josSpoofValue functions; (4) the lack...

Simple Machines Forum (SMF) 1.1RCx before 1.1RC3, and 1.0.x before 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter’s hash value, which...