Monthly Archive: May 2007

Cisco IOS 12.4 and earlier, when using the crypto packages and SSL support is enabled, allows remote attackers to cause a denial of service via a malformed (1) ClientHello, (2) ChangeCipherSpec, or (3) Finished...

Cross-site scripting (XSS) vulnerability in hlstats.php in HLstats 1.35, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) the action parameter. Date published :...

Cross-site scripting (XSS) vulnerability in OSK Advance-Flow 4.41 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-05-22 http://www.securityfocus.com/bid/24071 http://www.evalue.jp/support/security/IPA_92832583.asp

SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely...

Buffer overflow in the transfer manager in Opera before 9.21 for Windows allows user-assisted remote attackers to execute arbitrary code via a crafted torrent file. NOTE: due to the lack of details, it is...

Cross-site scripting (XSS) vulnerability in gnatsweb.pl in Gnatsweb 4.00 and Gnats 4.1.99 allows remote attackers to inject arbitrary web script or HTML via the database parameter. Date published : 2007-05-22 http://www.securityfocus.com/bid/24081 http://www.debian.org/security/2008/dsa-1486

Stack-based buffer overflow in mod/server.mod/servrmsg.c in Eggdrop 1.6.18, and possibly earlier, allows user-assisted, remote IRC servers to execute arbitrary code via a long private message. Date published : 2007-05-22 http://www.securityfocus.com/bid/24070 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=427157

Multiple cross-site scripting (XSS) vulnerabilities in index.php in GaliX 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) galix_cat_detail, (2) galix_gal_detail, and (3) galix_cat_detail_sort parameters. Date published : 2007-05-22...

Multiple cross-site scripting (XSS) vulnerabilities in index.php in ClientExec (CE) 3.0 beta2, and possibly other versions, allow remote attackers to inject arbitrary web script or HTML via the (1) ticketID, (2) view, and (3)...

Multiple cross-site scripting (XSS) vulnerabilities in scripts/prodList.asp in CandyPress Store 3.5.2.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) brand and (2) Msg parameters. Date published :...

SQL injection vulnerability in default.asp in Vizayn Urun Tanitim Sitesi 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter in a haberdetay action. Date published : 2007-05-22 http://www.securityfocus.com/bid/24079 http://www.securityfocus.com/bid/24238

Cross-site scripting (XSS) vulnerability in cp/ps/Main/login/Login in RM EasyMail Plus allows remote attackers to inject arbitrary web script or HTML via the d parameter. Date published : 2007-05-22 http://redlevel.org/wp-content/uploads/2007/05/rmeasymail.txt http://osvdb.org/36254

Cross-site scripting (XSS) vulnerability in index.php in Jetbox CMS 2.1 allows remote attackers to inject arbitrary web script or HTML via the login parameter in a sendpwd task. Date published : 2007-05-22 http://www.securityfocus.com/bid/24095 http://www.securityfocus.com/archive/1/469233/100/0/threaded

Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element...