Monthly Archive: May 2008

The Javascript API in Adobe Acrobat Professional 7.0.9 and possibly 8.1.1 exposes a dangerous method, which allows remote attackers to execute arbitrary commands or trigger a buffer overflow via a crafted PDF file that...

Linux kernel before 2.6.25.2 does not apply a certain protection mechanism for fcntl functionality, which allows local users to (1) execute code in parallel or (2) exploit a race condition to obtain "re-ordered access...

Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. Date published : 2008-05-07 http://www.securityfocus.com/bid/29078 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01447010

Linux kernel 2.6.18, and possibly other versions, when running on AMD64 architectures, allows local users to cause a denial of service (crash) via certain ptrace calls. Date published : 2008-05-07 http://www.securityfocus.com/bid/29086 http://www.debian.org/security/2008/dsa-1588

SQL injection vulnerability in index.php in the FlippingBook (com_flippingbook) 1.0.4 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the book_id parameter. Date published : 2008-05-06 http://www.securityfocus.com/bid/28886 https://www.exploit-db.com/exploits/5484

SQL injection vulnerability in article.php in the Article module for XOOPS allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-05-06 http://www.securityfocus.com/bid/28879 http://www.securityfocus.com/archive/1/491150/100/0/threaded

SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to index.php. Date...

Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there...

Directory traversal vulnerability in ipn.php in KubeLabs Kubelance 1.6.4 allows remote attackers to include and execute arbitrary local files via the i parameter. Date published : 2008-05-06 http://www.securityfocus.com/bid/28873 https://www.exploit-db.com/exploits/5477

Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (CPU consumption and network traffic amplification) via a crafted SCTP packet. Date published :...

Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. Date published : 2008-05-06 http://www.securityfocus.com/bid/29023 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5165

SQL injection vulnerability in admin/news.php in PHP Forge 3.0 beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter in the news module to admin.php. Date published : 2008-05-06 http://www.securityfocus.com/bid/28950...

SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817. Date published...

Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file...