Monthly Archive: February 2007

Race condition in recursive directory deletion with the (1) -r or (2) -R option in rm in Solaris 8 through 10 before 20070208 allows local users to delete files and directories as the user...

MediaWiki before 1.9.2 allows remote attackers to obtain sensitive information via a direct request to (1) Simple.deps.php, (2) MonoBook.deps.php, (3) MySkin.deps.php, or (4) Chick.deps.php in wiki/skins, which shows the installation path in the resulting...

Directory traversal vulnerability in phpMyVisites before 2.2 allows remote attackers to include arbitrary files via leading ".." sequences on the pmv_ck_view COOKIE parameter, which bypasses the protection scheme. Date published : 2007-02-12 http://www.securityfocus.com/bid/22516 http://www.securityfocus.com/archive/1/459792/100/0/threaded

CRLF injection vulnerability in phpMyVisites before 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the url parameter, when the pagename parameter begins with...

Cross-site scripting (XSS) vulnerability in the GetCurrentCompletePath function in phpmyvisites.php in phpMyVisites before 2.2 allows remote attackers to inject arbitrary web script or HTML via the query string. Date published : 2007-02-12 http://www.securityfocus.com/bid/22516 http://www.securityfocus.com/archive/1/459792/100/0/threaded

Cross-site scripting (XSS) vulnerability in scripts/passwdmysql in cPanel WebHost Manager (WHM) 11.0.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the password parameter. Date published : 2007-02-12 http://www.securityfocus.com/bid/22474 http://www.securityfocus.com/archive/1/459585/100/0/threaded

Kiwi CatTools before 3.2.0 beta uses weak encryption ("reversible encoding") for passwords, account names, and IP addresses in kiwidb-cattools.kdb, which might allow local users to gain sensitive information by decrypting the file. NOTE: this...

Directory traversal vulnerability in the TFTP server in Kiwi CatTools before 3.2.0 beta allows remote attackers to read arbitrary files, and upload files to arbitrary locations, via ..// (dot dot) sequences in the pathname...

axigen 1.2.6 through 2.0.0b1 does not properly parse login credentials, which allows remote attackers to cause a denial of service (NULL dereference and application crash) via a base64-encoded "*x00" sequence on the imap port...

Heap-based buffer underflow in axigen 1.2.6 through 2.0.0b1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via certain base64-encoded data on the pop3 port (110/tcp), which...

Cross-site scripting (XSS) vulnerability in jira/secure/BrowseProject.jspa in Rainbow with the Zen (Rainbow.Zen) extension allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2007-02-12 http://www.securityfocus.com/bid/22503 http://www.securityfocus.com/archive/1/459590/100/0/threaded

Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. Date published : 2007-02-12 http://www.securityfocus.com/bid/22514 http://www.mimedefang.org/node.php?id=62

Directory traversal vulnerability in portalgroups/portalgroups/getfile.cgi in IP3 NetAccess before firmware 4.1.9.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter. Date published : 2007-02-12 http://www.securityfocus.com/bid/22513 http://www.securityfocus.com/archive/1/459806/100/0/threaded

Argument injection vulnerability in the telnet daemon (in.telnetd) in Solaris 10 and 11 (SunOS 5.10 and 5.11) misinterprets certain client "-f" sequences as valid requests for the login program to skip authentication, which allows...