Monthly Archive: December 2006

Multiple PHP remote file inclusion vulnerabilities in Vortex Blog (vBlog, aka C12) a0.1_nonfunc allow remote attackers to execute arbitrary PHP code via a URL in the cfgProgDir parameter in (1) secure.php or (2) checklogin.php...

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and...

Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. Date published : 2006-12-15 http://italk.sourceforge.net/italk-sa-1.txt http://secunia.com/advisories/23374

ScriptMate User Manager 2.1 and earlier allow remote attackers to obtain sensitive information via unspecified vectors related to (1) the Logins box and (2) the Search box. Date published : 2006-12-15 http://www.hackerscenter.com/archive/view.asp?id=26656 http://securitytracker.com/id?1017384

Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a...

PHP remote file inclusion vulnerability in tests/debug_test.php in Vernet Loic PHP_Debug 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the debugClassLocation parameter. Date published : 2006-12-15 http://www.securityfocus.com/bid/21047 http://marc.info/?l=bugtraq&m=116345671023015&w=2

admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. NOTE:...

Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%pchealthERRORREPQHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write...

Microsoft Internet Information Services (IIS) 5.1 permits the IUSR_Machine account to execute non-EXE files such as .COM files, which allows attackers to execute arbitrary commands via arguments to any .COM file that executes those...

SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2006-12-15 http://www.securityfocus.com/bid/21366 http://www.securityfocus.com/archive/1/453134/100/200/threaded

Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later...

PHP remote file inclusion vulnerability in ldap.php in Brian Drawert Yet Another PHP LDAP Admin Project (yaplap) 0.6 and 0.6.1 allows remote attackers to execute arbitrary PHP code via a URL in the LOGIN_style...

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of...

Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access...