Monthly Archive: September 2006

SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow...

Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php. Date published : 2006-09-06 http://www.securityfocus.com/bid/19834 http://www.securityfocus.com/archive/1/445079/100/0/threaded

Multiple PHP remote file inclusion vulnerabilities in FlashChat before 4.6.2 allow remote attackers to execute arbitrary PHP code via a URL in the dir[inc] parameter in (1) inc/cmses/aedatingCMS.php, (2) inc/cmses/aedatingCMS2.php, or (3) inc/cmses/aedating4CMS.php. Date...

The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times. Date published : 2006-09-06...

SQL injection vulnerability in Sources/ManageBoards.php in Simple Machines Forum 1.1 RC3 allows remote attackers to execute arbitrary SQL commands via the cur_cat parameter. Date published : 2006-09-05 http://archives.neohapsis.com/archives/bugtraq/2006-09/0009.html http://secunia.com/advisories/21740

Cross-site scripting (XSS) vulnerability in the MyHeadlines before 4.3.2 module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the myh_op parameter to modules.php. Date published : 2006-09-05 http://www.securityfocus.com/bid/19825 http://www.jmagar.com/index.php?y=0&myh=user&myh_op=showLink&myh_link=8

** DISPUTED ** The proxy DNS service in Symantec Gateway Security (SGS) allows remote attackers to make arbitrary DNS queries to third-party DNS servers, while hiding the source IP address of the attacker. NOTE:...

Mozilla Firefox 1.5.0.6 allows remote attackers to execute arbitrary JavaScript in the context of the browser’s session with an arbitrary intranet web server, by hosting script on an Internet web server that can be...

Internet Explorer 6 on Windows XP SP2 allows remote attackers to execute arbitrary JavaScript in the context of the browser’s session with an arbitrary intranet web server, by hosting script on an Internet web...

Multiple PHP remote file inclusion vulnerabilities in Yet Another Community System (YACS) CMS 6.6.1 allow remote attackers to execute arbitrary PHP code via a URL in the context[path_to_root] parameter in (1) articles/populate.php, (2) categories/category.php,...

DeluxeBB 1.06 and earlier, when run on the Apache HTTP Server with the mod_mime module, allows remote attackers to execute arbitrary PHP code by uploading files with double extensions via the fileupload parameter in...

** DISPUTED ** PHP remote file inclusion vulnerability in plugins/plugins.php in Bob Jewell Discloser 0.0.4 allows remote attackers to execute arbitrary PHP code via a URL in the type parameter. NOTE: another researcher has...

** DISPUTED ** PHP remote file inclusion vulnerability in index.php in the JIM component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. NOTE:...

Buffer overflow in the Retro64 / Miniclip CR64Loader ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors involving an HTML document that references the CLSID of the control. Date published :...