Monthly Archive: July 2007

Buffer overflow in a certain ActiveX control in the NixonMyPrograms class in sasatl.dll 1.5.0.531 in Zenturi ProgramChecker allows remote attackers to execute arbitrary code via a long argument to the Scan method. NOTE: this...

Absolute path traversal vulnerability in the Data Dynamics DDActiveReports2.ActiveReport.2 (ActiveReports) ActiveX control in arpro2.dll in ActiveReports 2.0 Professional Edition 2.5.0.1308 (SP5 RC) allows remote attackers to create or overwrite arbitrary files via a full...

Absolute path traversal vulnerability in the Data Dynamics ActiveReport (ActiveReports) ActiveX control in actrpt2.dll 2.5 and earlier allows remote attackers to create or overwrite arbitrary files via a full pathname in the first argument...

SQL injection vulnerability in index.php in WSN Links Basic Edition allows remote attackers to execute arbitrary SQL commands via the catid parameter in a displaycat action. Date published : 2007-07-25 http://www.securityfocus.com/bid/24996 https://www.exploit-db.com/exploits/4209

PHP remote file inclusion vulnerability in page.php in RCMS Pro RGameScript Pro allows remote attackers to execute arbitrary PHP code via a URL in the id parameter. Date published : 2007-07-25 http://www.securityfocus.com/bid/24995 https://www.exploit-db.com/exploits/4210

SQL injection vulnerability in index.php in BlogSite Professional (aka Blog System) 1.x allows remote attackers to execute arbitrary SQL commands via the news_id parameter. Date published : 2007-07-25 http://www.securityfocus.com/bid/24976 https://www.exploit-db.com/exploits/4206

Session fixation vulnerability in bwired allows remote attackers to hijack web sessions by setting the PHPSESSID parameter. Date published : 2007-07-25 https://www.exploit-db.com/exploits/4213 http://osvdb.org/39137

Cross-site scripting (XSS) vulnerability in bwired allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2007-07-25 https://www.exploit-db.com/exploits/4213 http://osvdb.org/39136

SQL injection vulnerability in index.php in bwired allows remote attackers to execute arbitrary SQL commands via the newsID parameter. Date published : 2007-07-25 https://www.exploit-db.com/exploits/4213 http://osvdb.org/39135

Cross-site scripting (XSS) vulnerability in index.php in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via the title parameter in a ptopic action, a different vulnerability than CVE-2005-3412. Date...

admin/ajoutaut.php in JBlog 1.0 does not require authentication, which allows remote attackers to create arbitrary accounts via modified mot and droit parameters. Date published : 2007-07-25 http://www.securityfocus.com/bid/24991 http://www.securityfocus.com/archive/1/474320/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in JBlog 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to (a) index.php, or the (2) search parameter or (3) theme...

ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service via a crafted (1) ASPACK or (2) FSG packed file, which triggers a divide-by-zero error. Date published : 2007-07-25 http://www.securityfocus.com/bid/24988...

Integer overflow in ESET NOD32 Antivirus before 2.2289 allows remote attackers to cause a denial of service (CPU and disk consumption) via a crafted ASPACK packed file, which triggers an infinite loop. Date published...