Monthly Archive: January 2007

Cross-site scripting (XSS) vulnerability in the mailform feature in CMSimple 2.7 fix1 allows remote attackers to inject arbitrary web script or HTML via the sender parameter. NOTE: The provenance of this information is unknown;...

Cross-site scripting (XSS) vulnerability in Movable Type (MT) before 3.34 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the MTCommentPreviewIsStatic tag, which can open the "comment entry...

PGP Desktop before 9.5.1 does not validate data objects received over the (1) pipepgpserv named pipe for PGPServ.exe or the (2) pipepgpsdkserv named pipe for PGPsdkServ.exe, which allows remote authenticated users to gain privileges...

Buffer overflow in libvsapi.so in the VSAPI library in Trend Micro VirusWall 3.81 for Linux, as used by IScan.BASE/vscan, allows local users to gain privileges via a long command line argument, a different vulnerability...

common/safety.php in Aztek Forum 4.00 allows remote attackers to enter certain data containing %22 sequences (URL encoded double quotes) and other potentially dangerous manipulations by sending a cookie, which bypasses the blacklist matching against...

SQL injection vulnerability in news_page.asp in Martyn Kilbryde Newsposter Script (aka makit news/blog poster) 3 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter. Date published : 2007-01-30 http://www.securityfocus.com/bid/22230...

Variable overwrite vulnerability in common/config.php in Aztek Forum 4.00 allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as copying arbitrary files using index/common_actions.php, via vectors associated with extract...

SQL injection vulnerability in forum/load.php in Aztek Forum 4.00 allows remote attackers to execute arbitrary SQL commands via the fid cookie to forum.php. Date published : 2007-01-30 http://www.securityfocus.com/archive/1/458076/100/0/threaded http://www.securityfocus.com/archive/1/458123/100/0/threaded

Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message. Date published : 2007-01-30 http://www.securityfocus.com/archive/1/458076/100/0/threaded...

PHP remote file inclusion vulnerability in index/main.php in Aztek Forum 4.00 allows remote authenticated administrators to execute arbitrary PHP code via a URL in the PF[top_url] parameter. Date published : 2007-01-30 http://www.securityfocus.com/archive/1/458076/100/0/threaded http://www.securityfocus.com/archive/1/458123/100/0/threaded

Cross-site scripting (XSS) vulnerability in search in High 5 Review Site allows remote attackers to inject arbitrary web script or HTML via the q parameter (aka the search box). Date published : 2007-01-30 http://www.securityfocus.com/archive/1/458122/100/0/threaded...

Siteman 2.0.x2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for db/siteman/users.MYD. Date published : 2007-01-30...

Siteman 1.1.11 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing password hashes via a direct request for data/members.txt. Date published : 2007-01-30...

Cross-site scripting (XSS) vulnerability in EzDatabase 2.1.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to admin/login.php and the Admin Panel Database. Date published : 2007-01-30 http://www.securityfocus.com/bid/22235 http://www.securityfocus.com/archive/1/458062/100/0/threaded