Monthly Archive: October 2007

VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges. Date published : 2007-10-29 http://www.securityfocus.com/bid/5583 http://archives.neohapsis.com/archives/hp/2002-q3/0064.html

Cross-site scripting (XSS) vulnerability in form_header.php in MyMarket 1.71 allows remote attackers to inject arbitrary web script or HTML via the noticemsg parameter. Date published : 2007-10-29 http://www.securityfocus.com/bid/6035 http://www.securityfocus.com/archive/1/296861

The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing. Date published : 2007-10-29 http://www.securityfocus.com/bid/5579 http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00384.html

The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests....

Cross-site scripting (XSS) vulnerability in the FTP view feature in Mozilla 1.0 allows remote attackers to inject arbitrary web script or HTML via the title tag of an ftp URL. Date published : 2007-10-29...

Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL....

MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow. Date published : 2007-10-29 http://www.securityfocus.com/bid/6197 http://archives.neohapsis.com/archives/bugtraq/2002-11/0236.html

HAMweather 2.x allows remote attackers to modify administrative settings and obtain sensitive information via a direct request to hwadmin.cgi. Date published : 2007-10-29 http://www.hamweather.net/hw3/hw2securityalert.shtml http://securitytracker.com/id?1005270

Netgear FM114P firmware 1.3 wireless firewall, when configured to backup configuration information, stores DDNS (DynDNS) user name and password, MAC address filtering table and possibly other information in cleartext, which could allow local users...

Netgear FM114P firmware 1.3 wireless firewall allows remote attackers to cause a denial of service (crash or hang) via a large number of TCP connection requests. Date published : 2007-10-29 http://www.securityfocus.com/bid/5940 http://www.securityfocus.com/archive/1/294702

tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests. Date published : 2007-10-29 http://www.securityfocus.com/bid/6198 http://www.kb.cert.org/vuls/id/632633

The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs. Date published : 2007-10-29 http://www.securityfocus.com/bid/6191 http://online.securityfocus.com/archive/1/300073

Eudora 5.1 allows remote attackers to bypass security warnings and possibly execute arbitrary code via attachments with names containing a trailing "." (dot). Date published : 2007-10-29 http://www.securityfocus.com/bid/5432 http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00142.html

Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreelistproperty_method.php in Zorum 2.4 allows remote attackers to inject arbitrary web script or HTML via the class parameter. Date published : 2007-10-29 http://archives.neohapsis.com/archives/bugtraq/2002-10/0152.html http://www.iss.net/security_center/static/10337.php