Monthly Archive: December 2007

Unspecified vulnerability in RunCMS before 1.6.1 has unknown impact and attack vectors, related to "pagetype using." Date published : 2007-12-27 http://www.runcms.org/modules/mydownloads/singlefile.php?lid=131 http://osvdb.org/41252

Multiple direct static code injection vulnerabilities in RunCMS before 1.6.1 allow remote authenticated administrators to inject arbitrary PHP code via the (1) header and (2) footer parameters to modules/system/admin.php in a meta-generator action, (3)...

RunCMS before 1.6.1 does not require entry of the old password during a password change, which allows context-dependent attackers to change passwords upon obtaining temporary access to a session. Date published : 2007-12-27 http://www.securityfocus.com/bid/27019...

RunCMS before 1.6.1 uses a predictable session id, which makes it easier for remote attackers to hijack sessions via a modified id. Date published : 2007-12-27 http://www.securityfocus.com/bid/27019 http://www.securityfocus.com/archive/1/485512/100/0/threaded

Multiple cross-site scripting (XSS) vulnerabilities in RunCMS before 1.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) the subject parameter to modules/news/submit.php; (2) the PATH_INFO to modules/news/index.php, possibly related to...

Multiple SQL injection vulnerabilities in RunCMS before 1.6.1 allow remote attackers to execute arbitrary SQL commands via the lid parameter to (1) brokenfile.php, (2) visit.php, or (3) ratefile.php in modules/mydownloads/; or (4) ratelink.php, (5)...

SQL injection vulnerability in suggest-link.php in eSyndiCat Link Exchange Script allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-12-27 http://www.securityfocus.com/bid/27029 https://www.exploit-db.com/exploits/4791

PHP remote file inclusion vulnerability in admin/frontpage_right.php in Arcadem LE 2.04 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the loadadminpage parameter. Date published : 2007-12-27 http://www.securityfocus.com/bid/26986 https://www.exploit-db.com/exploits/4764

Multiple cross-site scripting (XSS) vulnerabilities in neuron news 1.0 allow remote attackers to inject arbitrary web script or HTML via (1) the topic parameter in a viewtopic action, or the (2) newsyear or (3)...

SQL injection vulnerability in neuron news 1.0 allows remote attackers to execute arbitrary SQL commands via the q parameter to the default URI in patch/. Date published : 2007-12-27 http://www.securityfocus.com/archive/1/485176/100/0/threaded http://osvdb.org/39988

PHP local file inclusion vulnerability in index.php in IDevspot iSupport 1.8 allows remote attackers to include local files via the include_file parameter. Date published : 2007-12-27 http://www.securityfocus.com/bid/26961 http://www.securityfocus.com/archive/1/485392/100/0/threaded

SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2007-12-27 http://www.securityfocus.com/bid/26977 http://www.securityfocus.com/archive/1/485434/100/0/threaded

Stack-based buffer overflow in the zfile_gunzip function in zfile.c in WinUAE 1.4.4 and earlier allows user-assisted remote attackers to execute arbitrary code via a long filename in a gzipped archive, such as a (1)...

The Custom Button Installer dialog in Google Toolbar 4 and 5 beta presents certain domain names in the (1) "Downloaded from" and (2) "Privacy considerations" sections without verifying domain names, which makes it easier...