Monthly Archive: June 2007

Multiple cross-site scripting (XSS) vulnerabilities in netjukebox 4.01b allow remote attackers to inject arbitrary web script or HTML via the (1) album_id, (2) order, (3) sort, (4) filter, and (5) genre_id parameters to (a)...

Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-06-22 http://www.securityfocus.com/bid/24568 http://www.raidenhttpd.com/jp/security.html

Multiple stack-based buffer overflows in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allow remote attackers to execute arbitrary code via the (1) uuid_from_char or...

wakeup in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (Computer Associates) products, allows local users to truncate arbitrary files via a symlink attack on the alarmwkp.def file....

Multiple "pointer overwrite" vulnerabilities in Ingres database server 2006 9.0.4, r3, 2.6, and 2.5, as used in multiple CA (formerly Computer Associates) products, allow remote attackers to execute arbitrary code by sending certain TCP...

Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by creating a ADODB.Recordset object and making a series of calls to the NextRecordset method with...

Multiple cross-site scripting (XSS) vulnerabilities in Movable Type (MT) before 3.34 allow remote attackers to inject arbitrary web script or HTML via comments that have (1) a malformed SGML numeric character reference with a...

Unspecified vulnerability in the FTP implementation in Microsoft Internet Explorer allows remote attackers to "see a valid memory address" via unspecified vectors, a different issue than CVE-2007-0217. Date published : 2007-06-21 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473 http://osvdb.org/36398

BugHunter HTTP SERVER (httpsv.exe) 1.6.2 allows remote attackers to cause a denial of service (application crash) via a large number of requests for nonexistent pages. Date published : 2007-06-21 http://www.securityfocus.com/bid/24576 http://www.securityfocus.com/archive/1/471917/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in forum/include/error/autherror.cfm in FuseTalk Basic, Standard, Enterprise, and ColdFusion allow remote attackers to inject arbitrary web script or HTML via the (1) FTVAR_LINKP and (2) FTVAR_URLP parameters to (a)...

Multiple SQL injection vulnerabilities in the admin panel in PHPEcho CMS before 1.6 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. Date published : 2007-06-21 http://sourceforge.net/project/shownotes.php?release_id=493155 http://osvdb.org/34004

Multiple heap-based buffer overflows in the (1) Communications Server (iigcc.exe) and (2) Data Access Server (iigcd.exe) components for Ingres Database Server 3.0.3, as used in CA (Computer Associates) products including eTrust Secure Content Manager...

Directory traversal vulnerability in Satellite.php in Satel Lite for PhpNuke allows remote attackers to read arbitrary files via a .. (dot dot) sequence in the name parameter in a modload action. Date published :...

Cross-site request forgery (CSRF) vulnerability in STphp EasyNews PRO 4.0 allows remote attackers to change the admin password via (1) a certain HTML form that is posted automatically by JavaScript or (2) a news...