Monthly Archive: January 2008

unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be...

Race condition in fileserver in OpenAFS 1.3.50 through 1.4.5 and 1.5.0 through 1.5.27 allows remote attackers to cause a denial of service (daemon crash) by simultaneously acquiring and giving back file callbacks, which causes...

Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same...

Cross-site scripting (XSS) vulnerability in index.php in the search module in Appalachian State University phpWebSite 1.4.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter. Date published : 2008-01-03...

Directory traversal vulnerability in download2.php in AGENCY4NET WEBFTP 1 allows remote attackers to read and delete arbitrary files via a .. (dot dot) in the file parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27092 https://www.exploit-db.com/exploits/4828

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. Date published :...

SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter. Date published : 2008-01-03 http://www.securityfocus.com/bid/27108 https://www.exploit-db.com/exploits/4830

MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving,...