Monthly Archive: September 2007

Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding,...

PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the...

Unspecified vulnerability in the PD tools component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK33803. Date published : 2007-09-12 http://www-1.ibm.com/support/docview.wss?uid=swg27007951 http://osvdb.org/41611

Multiple buffer overflows in CellFactor Revolution 1.03 and earlier allow remote attackers to execute arbitrary code via a long string in a (1) 0x21, (2) 0x22, or (3) 0x23 packet. Date published : 2007-09-12...

SQL injection vulnerability in anket.asp in Proxy Anket 3.0.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-09-12 http://www.securityfocus.com/bid/25613 http://www.securityfocus.com/archive/1/478971/100/0/threaded

Cross-site scripting (XSS) vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to inject arbitrary web script or HTML via the id parameter in an edit action. Date published : 2007-09-12 http://www.securityfocus.com/bid/25615 http://www.securityfocus.com/archive/1/478967/100/0/threaded

SQL injection vulnerability in index.php in phpMyQuote 0.20 allows remote attackers to execute arbitrary SQL commands via the id parameter in an edit action. Date published : 2007-09-12 http://www.securityfocus.com/bid/25615 http://www.securityfocus.com/archive/1/478967/100/0/threaded

Multiple PHP remote file inclusion vulnerabilities in phpRealty 0.02 allow remote attackers to execute arbitrary PHP code via a URL in the MGR parameter to (1) index.php, (2) p_ins.php, and (3) u_ins.php in manager/admin/....

Unspecified vulnerability in the Edge Component in IBM WebSphere Application Server (WAS) 6.1 before Fix Pack 11 (6.1.0.11) has unknown impact and attack vectors, aka PK44789. Date published : 2007-09-12 http://www.securityfocus.com/bid/25626 http://www-1.ibm.com/support/docview.wss?uid=swg27007951

Format string vulnerability in CellFactor Revolution 1.03 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a malformed nickname. Date published : 2007-09-12 http://www.securityfocus.com/bid/25625 http://aluigi.altervista.org/adv/cellfucktor-adv.txt

Multiple cross-site scripting (XSS) vulnerabilities in account_settings.php in TorrentTrader 1.07 allow remote attackers to inject arbitrary web script or HTML via the (1) avatar and (2) title parameters. Date published : 2007-09-12 http://www.securityfocus.com/bid/25616 http://www.telspace.co.za/press-030.php

Cross-site scripting (XSS) vulnerability in CMD_BANDWIDTH_BREAKDOWN in DirectAdmin 1.30.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the user parameter. Date published : 2007-09-12 http://www.securityfocus.com/bid/25607 http://pridels-team.blogspot.com/2007/09/directadmin-v1302-xss-vuln.html

Cross-site scripting (XSS) vulnerability in the API pretty-printing mode in MediaWiki 1.8.0 through 1.8.4, 1.9.0 through 1.9.3, 1.10.0 through 1.10.1, and the 1.11 development versions before 1.11.0 allows remote attackers to inject arbitrary web...

bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference....