Monthly Archive: June 2007

A certain admin script in Inout Meta Search Engine sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to inject arbitrary PHP code,...

Multiple buffer overflows in certain ActiveX controls in sasatl.dll in Zenturi ProgramChecker allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the (1) DebugMsgLog or (2) DoFileProperties methods. Date published :...

PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter. Date published : 2007-06-01 https://www.exploit-db.com/exploits/4005 http://osvdb.org/38364

Pheap 2.0 allows remote attackers to bypass authentication by setting a pheap_login cookie value to the administrator’s username, which can be used to (1) obtain sensitive information, including the administrator password, via settings.php or...

Multiple stack-based buffer overflows in the Media Technology Group CDPass ActiveX control in CDPass.dll allow remote attackers to execute arbitrary code via unspecified vectors, possibly involving the GetTOC2 method. Date published : 2007-06-01 http://www.securityfocus.com/bid/24220...