Monthly Archive: September 2006

Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before...

SQL injection vulnerability in ReplyNew.asp in ZIXForum 1.12 allows remote attackers to execute arbitrary SQL commands via the RepId parameter. Date published : 2006-09-06 http://www.securityfocus.com/bid/19855 http://www.securityfocus.com/archive/1/445204/100/0/threaded

Buffer overflow in the _tor_resolve function in dsocks.c in dsocks before 1.4 allows remote attackers to execute arbitrary code via unspecified vectors, possibly involving a long node name. Date published : 2006-09-06 http://www.securityfocus.com/bid/19852 http://www.securityfocus.com/archive/1/445200/100/0/threaded

PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter. Date published : 2006-09-06 http://www.securityfocus.com/bid/19857 http://www.securityfocus.com/archive/1/445176/100/0/threaded

** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the Content Management module ("Content manager") for PHProjekt 0.6.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via the path_pre...

Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php....

admin/index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to bypass authentication controls by setting the ID_ADMIN and SUPER_ADMIN parameters to 1. Date published : 2006-09-06 http://www.securityfocus.com/bid/19818 http://www.securityfocus.com/archive/1/445007/100/0/threaded

Multiple SQL injection vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) id_temas parameter in busqueda_tema.php, the (2) cadena parameter in busqueda.php, the (3) id_autor parameter...

PHP remote file inclusion vulnerability in index.php in Longino Jacome php-Revista 1.1.2 allows remote attackers to execute arbitrary PHP code via the adodb parameter. Date published : 2006-09-06 http://www.securityfocus.com/bid/19818 http://www.securityfocus.com/archive/1/445007/100/0/threaded

PHP remote file inclusion vulnerability in LFXlib/access_manager.php in Lanifex Database of Managed Objects (DMO) 2.3 Beta and earlier allows remote attackers to execute arbitrary PHP code via the _incMgr parameter. Date published : 2006-09-06...

NCH Swift Sound Web Dictate 1.02 allows remote attackers to bypass authentication via a null password. Date published : 2006-09-06 http://www.securityfocus.com/bid/19836 http://www.securityfocus.com/archive/1/445085/100/0/threaded

Unrestricted file upload vulnerability in jhot.php in TikiWiki 1.9.4 Sirius and earlier allows remote attackers to execute arbitrary PHP code via a filepath parameter that contains a filename with a .php extension, which is...

SQL injection vulnerability in index.php in Annuaire 1Two 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-09-06 http://www.securityfocus.com/bid/19817 http://www.securityfocus.com/archive/1/445010/100/0/threaded

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN). Date published : 2006-09-06 http://www.securityfocus.com/bid/19832 http://www.securityfocus.com/archive/1/447395/100/200/threaded