Monthly Archive: June 2007

Cross-site scripting (XSS) vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to inject arbitrary web script or HTML via the topic parameter. NOTE: this might be resultant from SQL injection. Date published...

SQL injection vulnerability in low.php in Fuzzylime Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the topic parameter. Date published : 2007-06-14 http://www.securityfocus.com/bid/24451 https://www.exploit-db.com/exploits/4062

The TEC-IT TBarCode OCX ActiveX control (TBarCode7.ocx) 7.0.2.3524 allows remote attackers to overwrite arbitrary files via the SaveImage method. Date published : 2007-06-14 http://www.securityfocus.com/bid/24440 https://www.exploit-db.com/exploits/4060

The IBM TotalStorage DS400 with firmware 4.15 uses a blank password for the (1) root, (2) user, (3) manager, (4) administrator, and (5) operator accounts, which allows remote attackers to gain login access via...

Buffer overflow in MeCab before 0.96 has unknown impact and attack vectors. Date published : 2007-06-14 http://internap.dl.sourceforge.net/sourceforge/mecab/mecab-0.96.tar.gz http://osvdb.org/41595

PHP remote file inclusion vulnerability in phphtml.php in Idan Sofer PHP::HTML 0.6.4 allows remote attackers to execute arbitrary PHP code via a URL in the htmlclass_path parameter. Date published : 2007-06-14 http://www.securityfocus.com/bid/24477 https://www.exploit-db.com/exploits/4072

index.php in Singapore Gallery allows remote attackers to obtain sensitive information via a request with a non-directory gallery parameter, which reveals the path in an error message. Date published : 2007-06-14 http://www.securityfocus.com/archive/1/471354/100/0/threaded http://osvdb.org/41345

PHP remote file inclusion vulnerability in saf/lib/PEAR/PhpDocumentor/Documentation/tests/bug-559668.php in Sitellite CMS 4.2.12 and earlier might allow remote attackers to execute arbitrary PHP code via a URL in the FORUM[LIB] parameter. NOTE: by default, access to...

Cross-site scripting (XSS) vulnerability in the to_json (ActiveRecord::Base#to_json) function in Ruby on Rails before edge 9606 allows remote attackers to inject arbitrary web script via the input values. Date published : 2007-06-14 http://www.securityfocus.com/bid/24161 http://bugs.gentoo.org/show_bug.cgi?id=195315

Cross-site scripting (XSS) vulnerability in dotProject before 2.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2006-2851 and CVE-2006-3240. Date published : 2007-06-14 http://www.securityfocus.com/bid/24472...

Unspecified vulnerability in Sun Java System Directory Server (slapd) 6.0, and 5.2 with Patch 3 or 4, allows remote attackers to modify certain data via unknown vectors. Date published : 2007-06-14 http://www.securityfocus.com/bid/24468 http://osvdb.org/37246

Unspecified vulnerability in Sun ONE/Java System Directory Server (slapd) 6.0, and 5.x before 5.2 Patch 5, allows remote attackers to determine the existence of attributes of an entry via unspecified vectors. Date published :...

Unspecified vulnerability in the NFS server in Sun Solaris 10 before 20070613 allows remote attackers to cause a denial of service (system crash) via certain XDR data in NFS requests, probably related to processing...

PHP remote file inclusion vulnerability in modify.php in the XFsection 1.07 module for XOOPS allows remote attackers to execute arbitrary PHP code via a URL in the dir_module parameter. Date published : 2007-06-14 http://www.securityfocus.com/bid/24465...