Monthly Archive: September 2006

Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. Date...

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in (1) Tamper Protection...

Multiple directory traversal vulnerabilities in (1) login.pl and (2) admin.pl in (a) SQL-Ledger before 2.6.19 and (b) LedgerSMB before 1.0.0p1 allow remote attackers to execute arbitrary Perl code via an unspecified terminal parameter value...

PHP remote file inclusion vulnerability in raidenhttpd-admin/slice/check.php in RaidenHTTPD 1.1.49, when register_globals and WebAdmin is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the SoftParserFileXml parameter. Date published :...

PHP remote file inclusion vulnerability in Open Bulletin Board (OpenBB) 1.0.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the root_path parameter to (1) index.php and possibly (2)...

Directory traversal vulnerability in admin.php in CCleague Pro Sports CMS 1.0.1 RC1 allows remote attackers to read and execute arbitrary local files via a .. (dot dot) sequence and trailing null (%00) byte in...

PHP remote file inclusion vulnerability in random2.php in mcGalleryPRO 2006 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter. Date published : 2006-09-12 http://www.securityfocus.com/bid/19936 http://www.securityfocus.com/archive/1/445783/100/0/threaded

Multiple PHP remote file inclusion vulnerabilities in MyABraCaDaWeb 1.0.3, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the base parameter to (1) index.php or (2) pop.php....

Multiple cross-site scripting (XSS) vulnerabilities in livre_or.php in KorviBlog 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) prenom, (2) emailFrom, or (3) body parameters. Date published : 2006-09-12...

The login redirection mechanism in the Drupal 4.7 Pubcookie module before 1.2.2.4 2006/09/06 and the Drupal 4.6 Pubcookie module before 1.6.2.1 2006/09/07 allows remote attackers to bypass authentication requirements and spoof identities of arbitrary...

PHP remote file inclusion vulnerability in demarrage.php in Fire Soft Board (FSB) RC3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the racine parameter. Date published : 2006-09-12...

SQL injection vulnerability in pdf_version.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-09-12 http://www.securityfocus.com/bid/19934 https://www.exploit-db.com/exploits/2337

PHP remote file inclusion vulnerability in index.php in SpoonLabs Vivvo Article Management CMS (aka phpWordPress) 3.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in...

PHP remote file inclusion vulnerability in config.php in PSYWERKS PUMA 1.0 RC2 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. Date published : 2006-09-12 http://www.securityfocus.com/bid/19940 http://www.securityfocus.com/archive/1/445723/100/0/threaded