Monthly Archive: December 2006

Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers...

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome...

Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLMSoftwareOzekiSMSServerCurrentVersionPluginshttpsmsgate registry key, which allows local users to obtain sensitive information. Date published : 2006-12-20 http://www.securityfocus.com/bid/21679 http://bb.domaindlx.com/bingung/shellcore/advisories.asp?bug_report=display&infamous_group=106

WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands. Date published : 2006-12-20 https://www.exploit-db.com/exploits/2952 http://secunia.com/advisories/23412

Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The...

SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-12-20 http://www.securityfocus.com/bid/21676 http://www.securityfocus.com/archive/1/454857/100/0/threaded

Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. Date published : 2006-12-20 http://www.securityfocus.com/bid/21660 http://www130.nortelnetworks.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=363252

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. Date published : 2006-12-20 http://www.securityfocus.com/archive/1/454810/100/0/threaded http://www.debian.org/security/2007/dsa-1279

Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained...

Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance...

PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. Date published : 2006-12-20 http://www.securityfocus.com/bid/21640 https://www.exploit-db.com/exploits/2944

Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file. Date published : 2006-12-20 http://www.securityfocus.com/bid/21657...

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV...

The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." Date published : 2006-12-20...