Monthly Archive: June 2007

CVE-2007-3086

Unrestricted critical resource lock in Agnitum Outpost Firewall PRO 4.0 1007.591.145 and earlier allows local users to cause a denial of service (system hang) by capturing the outpost_ipc_hdr mutex. Date published : 2007-06-06 http://www.securityfocus.com/bid/24284...

CVE-2007-3085

Multiple PHP remote file inclusion vulnerabilities in PBSite allow remote attackers to execute arbitrary PHP code via a URL in the (1) dbpath parameter to (a) useronline.php, (b) ucp.php, (c) setcookie.php, (d) sendpm.php, (e)...

CVE-2007-3084

PHP remote file inclusion vulnerability in sampleblogger.php in Comdev Web Blogger 4.1 allows remote attackers to execute arbitrary PHP code via a URL in the path[docroot] parameter, a different vector than CVE-2006-5441. Date published...

CVE-2007-3082

Directory traversal vulnerability in sendcard.php in Sendcard 3.4.1 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sc_language parameter. Date published : 2007-06-06 http://www.securityfocus.com/bid/24308...

CVE-2007-3080

SQL injection vulnerability in haberoku.asp in Hunkaray Okul Portaly 1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained...

CVE-2007-3078

Multiple cross-site scripting (XSS) vulnerabilities in Aigaion before 1.3.3 allow remote attackers to inject arbitrary web script or HTML via the title parameter (Authors and Publication titles) to (1) authoractions.php or (2) publicationactions.php. Date...

CVE-2007-3075

Directory traversal vulnerability in Microsoft Internet Explorer allows remote attackers to read arbitrary files via directory traversal sequences in a URI with a certain scheme, possibly related to "..%5C" (encoded backslash) sequences. Date published...