Monthly Archive: January 2007

Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the...

Directory traversal vulnerability in sesskglogadmin.php in KGB 1.9 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the skinnn parameter, as demonstrated by invoking kg.php...

Undercover.app/Contents/Resources/uc in Rixstep Undercover allows local users to overwrite arbitrary files, probably related to a race condition. Date published : 2007-01-17 http://www.securityfocus.com/bid/22071 http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051793.html

Multiple directory traversal vulnerabilities in Jax Petition Book 1.0.3.06 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the languagepack parameter to (1) jax_petitionbook.php or (2) smileys.php....

Unspecified vulnerability in the SIP module in InGate Firewall and SIParator before 4.5.1 allows remote attackers to conduct replay attacks on the authentication mechanism via unknown vectors. Date published : 2007-01-17 http://www.securityfocus.com/bid/22080 http://www.ingate.com/relnote-451.php

Agnitum Outpost Firewall PRO 4.0 allows local users to bypass access restrictions and insert Trojan horse drivers into the product’s installation directory by creating links using FileLinkInformation requests with the ZwSetInformationFile function, as demonstrated...

(1) admin/adminlien.php3 and (2) admin/modif.php3 in liens_dynamiques 2.1 do not require authentication, which allows remote attackers to perform unauthorized administrative actions using a direct request. Date published : 2007-01-17 http://www.securityfocus.com/bid/22068 http://www.securityfocus.com/archive/1/456986/100/0/threaded

Cross-site scripting (XSS) vulnerability in liens.php3 in liens_dynamiques 2.1 allows remote attackers to inject arbitrary web script or HTML by using the ajouter=1 query string and the add menu. Date published : 2007-01-17 http://www.securityfocus.com/bid/22070...

Buffer overflow in wsbho2k0.dll, as used by wsftpurl.exe, in Ipswitch WS_FTP 2007 Professional allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long ftp:// URL...

download.php in Joonas Viljanen JV2 Folder Gallery allows remote attackers to read sensitive files via a relative pathname in the file parameter, as demonstrated by config/gallerysetup.php. NOTE: this issue might be resultant from a...

The do_hfs_truncate function in Mac OS X 10.4.8 allows context-dependent attackers to cause a denial of service (kernel panic) via a crafted HFS+ filesystem in a DMG image, which causes an access of an...

Format string vulnerability in the LogMessage function in FileZilla before 3.0.0-beta5 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted arguments. NOTE: some of these...

Multiple SQL injection vulnerabilities in All In One Control Panel (AIOCP) 1.3.010 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) xuser_name parameter to shared/code/cp_authorization.php, and...

Multiple buffer overflows in FileZilla before 2.2.30a allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via unspecified vectors related to (1) Options.cpp when storing settings in the...