Monthly Archive: June 2007

calendar.php in Calendarix 0.7.20070307 allows remote attackers to obtain sensitive information via large values to the (1) year and (2) month parameters, which causes negative values to be passed to the mktime library call,...

Xythos Enterprise Document Manager (XEDM), Digital Locker (XDL), and possibly WebFile Server before 6.0.46.1 allow remote authenticated users to associate arbitrary Content-Type HTTP headers with documents, which might facilitate malware distribution. Date published :...

Multiple cross-site request forgery (CSRF) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to execute commands as arbitrary users via (1) a saved Workflow name...

Multiple cross-site scripting (XSS) vulnerabilities in Xythos Enterprise Document Manager (XEDM) before 5.0.25.8, and 6.x before 6.0.46.1, allow remote authenticated users to inject arbitrary web script or HTML via (1) a saved Workflow name;...

cache_util.c in the mod_cache module in Apache HTTP Server (httpd), when caching is enabled and a threaded Multi-Processing Module (MPM) is used, allows remote attackers to cause a denial of service (child processing handler...

libdayzero.dll in the Filter Hub Service (filter-hub.exe) in Symantec Mail Security for SMTP before 5.0.1 Patch 181 and Mail Security Appliance before 5.0.0-36 allows remote attackers to cause a denial of service (crash) via...

Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly,...

PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL...

cgiChkMasterPwd.exe before 8.0.0.142 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to bypass the password requirement and gain access to the Management Console via an empty hash and empty encrypted password string,...

Stack-based buffer overflow in CGIOCommon.dll before 8.0.0.1042 in Trend Micro OfficeScan Corporate Edition 8.0 allows remote attackers to execute arbitrary code via long crafted requests, as demonstrated using a long session cookie to unspecified...

SQL injection vulnerability in Papoo 3.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the selmenuid parameter to certain components. Date published : 2007-06-26 http://www.securityfocus.com/bid/24611 http://www.securityfocus.com/archive/1/472196/100/0/threaded

SQL injection vulnerability in essentials/minutes/doc.php in eDocStore allows remote attackers to execute arbitrary SQL commands via the doc_id parameter in an inline action. Date published : 2007-06-26 https://www.exploit-db.com/exploits/4108 http://osvdb.org/36292

PHP remote file inclusion vulnerability in admin/index.php in 6ALBlog allows remote authenticated administrators to execute arbitrary PHP code via a URL in the pg parameter. Date published : 2007-06-26 http://www.securityfocus.com/bid/24632 https://www.exploit-db.com/exploits/4104

SQL injection vulnerability in member.php in 6ALBlog allows remote attackers to execute arbitrary SQL commands via the member parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third...