Monthly Archive: January 2008

Multiple eval injection vulnerabilities in MyBB 1.2.10 and earlier allow remote attackers to execute arbitrary code via the sortby parameter to (1) forumdisplay.php or (2) a results action in search.php. Date published : 2008-01-22...

Unspecified vulnerability in Mahara before 0.9.1 has unknown impact and remote attack vectors, probably related to cross-site scripting (XSS) in uploaded files. Date published : 2008-01-22 http://www.securityfocus.com/bid/27348 https://eduforge.org/frs/shownotes.php?release_id=342

Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property. Date published : 2008-01-22 http://www.securityfocus.com/bid/27337 https://www.exploit-db.com/exploits/4932

Race condition in the Enterprise Tree ActiveX control (EnterpriseControls.dll 11.5.0.313) in Crystal Reports XI Release 2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the SelectedSession...

Stack-based buffer overflow in SocksCap 2.40-051231 and earlier, when "Resolve all names remotely" is enabled, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long hostname....

MicroNews allows remote attackers to bypass authentication and gain administrative privileges via a direct request to admin.php. Date published : 2008-01-22 http://www.securityfocus.com/bid/27288 http://www.securityfocus.com/archive/1/486349/100/0/threaded

PHP remote file inclusion vulnerability in inc/linkbar.php in Small Axe Weblog 0.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the cfile parameter. Date published : 2008-01-22 http://www.securityfocus.com/bid/27345 https://www.exploit-db.com/exploits/4937

Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors. Date published :...

OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to...

Unrestricted file upload vulnerability in PHP F1 Max’s File Uploader allows remote attackers to upload and execute arbitrary PHP files. Date published : 2008-01-22 http://www.securityfocus.com/bid/27285 http://www.securityfocus.com/archive/1/486335/100/0/threaded

8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. Date published : 2008-01-22 http://www.securityfocus.com/bid/27309 http://www.securityfocus.com/archive/1/486398/100/0/threaded

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute...

Cross-site scripting (XSS) vulnerability in dohtaccess.html in cPanel before 11.17 build 19417 allows remote attackers to inject arbitrary web script or HTML via the rurl parameter. NOTE: some of these details are obtained from...

The SingleSignOn Valve (org.apache.catalina.authenticator.SingleSignOn) in Apache Tomcat before 5.5.21 does not set the secure flag for the JSESSIONIDSSO cookie in an https session, which can cause the cookie to be sent in http requests...