Monthly Archive: March 2007

Direct static code injection vulnerability in postpost.php in Dayfox Blog (dfblog) 4 allows remote attackers to execute arbitrary PHP code via the cat parameter, which can be executed via a request to posts.php. Date...

Directory traversal vulnerability in themes/default/ in ZomPlog 3.7.6 and earlier allows remote attackers to include arbitrary local files via a .. (dot dot) in the settings[skin] parameter, as demonstrated by injecting PHP code into...

Heap-based buffer overflow in the kernel in NetBSD 3.0, certain versions of FreeBSD and OpenBSD, and possibly other BSD derived operating systems allows local users to have an unknown impact. NOTE: this information is...

Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage...

Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a...

The cross-site request forgery (CSRF) protection in PHP-Nuke 8.0 and earlier does not ensure the SERVER superglobal is an array before validating the HTTP_REFERER, which allows remote attackers to conduct CSRF attacks. Date published...

Cross-site scripting (XSS) vulnerability in modules.php in PHP-Nuke 8.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search operation in the Downloads module, a...

SQL injection vulnerability in usergroups.php in Woltlab Burning Board (wBB) 2.x allows remote attackers to execute arbitrary SQL commands via the array index of the applicationids array. Date published : 2007-03-20 http://www.securityfocus.com/bid/22970 http://www.securityfocus.com/archive/1/462860/100/0/threaded

SQL injection vulnerability in comments.php in WSN Guest 1.02 and 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-03-20 http://www.securityfocus.com/bid/22969 http://www.securityfocus.com/archive/1/462814/100/0/threaded

PHP remote file inclusion vulnerability in functions/update.php in Cicoandcico CcMail 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the functions_dir parameter. Date published : 2007-03-20 http://www.securityfocus.com/bid/22983 https://www.exploit-db.com/exploits/3487

Multiple cross-site scripting (XSS) vulnerabilities in Horde IMP H3 4.1.3, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via (1) the email Subject header in thread.php, (2) the edit_query...

PHP remote file inclusion vulnerability in index.php in ViperWeb Portal alpha 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the modpath parameter. Date published : 2007-03-20 http://www.securityfocus.com/bid/22979 http://www.securityfocus.com/archive/1/462930/100/0/threaded

PHP remote file inclusion vulnerability in comanda.php in GraFX Company WebSite Builder (CWB) PRO 1.9.8, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the INCLUDE_PATH parameter....

Stack-based buffer overflow in the AfxOleSetEditMenu function in the MFC component in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 Gold and SP1, and Visual Studio .NET 2002 Gold and SP1, and 2003...