Monthly Archive: June 2007

Multiple cross-site scripting (XSS) vulnerabilities in 4print.asp in WmsCMS 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) sbl, (2) sbr, or (3) search parameter. NOTE: the...

PHP remote file inclusion vulnerability in inc/nuke_include.php in newsSync 1.5.0rc6 allows remote attackers to execute arbitrary PHP code via a URL in the newsSync_NUKE_PATH parameter. Date published : 2007-06-08 http://www.securityfocus.com/bid/24361 https://www.exploit-db.com/exploits/4041

Cross-site scripting (XSS) vulnerability in atomPhotoBlog.php in Atom Photoblog 1.0.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the tag parameter. Date published : 2007-06-08 http://www.securityfocus.com/bid/24363 http://www.securityfocus.com/archive/1/470750/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in atomPhotoBlog.php in Atom PhotoBlog 1.0.9 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Your Name, (2) Your Homepage, and (3) Your...

SQL injection vulnerability in urunbak.asp in W1L3D4 WEBmarket 0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-06-08 http://www.securityfocus.com/bid/24364 http://www.securityfocus.com/archive/1/470745/100/0/threaded

Multiple vulnerabilities in Symantec Ghost Solution Suite 2.0.0 and earlier, with Ghost 8.0.992 and possibly other versions, allow remote attackers to cause a denial of service (client or server crash) via malformed requests to...

Cross-site scripting (XSS) vulnerability in add_comment.php in Light Blog 4.1 before 20070606 allows remote attackers to inject arbitrary web script or HTML via the id parameter. Date published : 2007-06-08 http://www.securityfocus.com/archive/1/470673/100/0/threaded http://www.secvsn.com/content/Advisories/sr-060607-lightblog.html

Multiple PHP remote file inclusion vulnerabilities in the OpenWiki (formerly JD-Wiki) component (com_jd-wiki) 1.0.2, and possibly earlier, for Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter...

Buffer overflow in k9filter.exe in BlueCoat K9 Web Protection 3.2.36, and probably other versions before 3.2.44, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long...

The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not...

Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237. Date published : 2007-06-07...

Buffer overflow in backup/src/vmsbackup.c (aka the backup utility) in FreeVMS before 0.3.6 might allow local users to gain privileges via a long string in response to an "extract [ny]" prompt. Date published : 2007-06-07...

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers...

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR....