Monthly Archive: June 2007

Cross-site scripting (XSS) vulnerability in search.php in Codelib Linker 2.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the kword parameter. NOTE: the provenance of this information is unknown;...

Session fixation vulnerability in Calimero.CMS 3.3.1232 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Date published : 2007-06-05 http://www.securityfocus.com/archive/1/470272/100/0/threaded http://www.majorsecurity.de/index_2.php?major_rls=major_rls49

SQL injection vulnerability in index.php in the PNphpBB2 1.2i and earlier module for PostNuke allows remote attackers to execute arbitrary SQL commands via the c parameter. Date published : 2007-06-05 http://www.securityfocus.com/bid/24295 https://www.exploit-db.com/exploits/4026

SQL injection vulnerability in inc/class_users.php in RevokeSoft RevokeBB 1.0 RC4 and earlier allows remote attackers to execute arbitrary SQL commands via the revokebb_user cookie. Date published : 2007-06-05 http://www.securityfocus.com/bid/24272 http://www.securityfocus.com/archive/1/470276/100/0/threaded

Session fixation vulnerability in chameleon cms 3.0 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Date published : 2007-06-05 http://www.securityfocus.com/archive/1/470273/100/0/threaded http://www.securityfocus.com/archive/1/470759/100/0/threaded

Cross-site scripting (XSS) vulnerability in index.php in Buttercup web file manager (BWFM) May 2007 allows remote attackers to inject arbitrary web script or HTML via the title parameter. Date published : 2007-06-05 http://www.securityfocus.com/bid/24269 http://redlevel.org/wp-content/uploads/buttercup.txt

** DISPUTED ** GNU screen 4.0.3 allows local users to unlock the screen via a CTRL-C sequence at the password prompt. NOTE: multiple third parties report inability to reproduce this issue. Date published :...

The Vonage VoIP Telephone Adapter has a default administrator username "user" and password "user," which allows remote attackers to obtain administrative access. Date published : 2007-06-05 http://www.securityfocus.com/archive/1/470443/100/0/threaded http://osvdb.org/38522

Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file...

Unspecified vulnerability in Hitachi TP1/NET/OSI-TP-Extended on HI-UX/WE2 before 20070213, and on HP-UX before 20070314, allows remote attackers to cause a denial of service via certain data to a port. Date published : 2007-06-05 http://www.hitachi-support.com/security_e/vuls_e/HS07-012_e/index-e.html...

Unspecified vulnerability in the Map I/O Service (xpwmap) in Hitachi XP/W on HI-UX/WE2 before 20070319, and XP/W on HP-UX before 20070405, allows remote attackers to cause a denial of service via certain data to...

Cross-site scripting (XSS) vulnerability in Collaboration – File Sharing 01-20 up to 01-20-/B and 01-30 up to 01-30-/B in Hitachi Groupmax Collaboration Portal up to 07-30-/D, Groupmax Collaboration Web Client – Forum/File Sharing up...

Cross-site scripting (XSS) vulnerability in Meneame before 2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-06-05 http://www.securityfocus.com/bid/24290 http://jvn.jp/jp/JVN%2389497739/index.html

Symantec Reporting Server 1.0.197.0, and other versions before 1.0.224.0, as used in Symantec Client Security 3.1 and later, and Symantec AntiVirus Corporate Edition (SAV CE) 10.1 and later, displays the password hash for a...