Monthly Archive: June 2008

Heap-based buffer overflow in Evolution 2.22.1 allows user-assisted remote attackers to execute arbitrary code via a long DESCRIPTION property in an iCalendar attachment, which is not properly handled during a reply in the calendar...

Buffer overflow in Evolution 2.22.1, when the ITip Formatter plugin is disabled, allows remote attackers to execute arbitrary code via a long timezone string in an iCalendar attachment. Date published : 2008-06-04 http://www.securityfocus.com/bid/29527 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00157.html

The StartApp function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to execute arbitrary programs via a .exe filename in the argument, a different vulnerability than...

The AppendStringToFile function in the HPISDataManagerLib.Datamgr ActiveX control in HPISDataManager.dll in HP Instant Support before 1.0.0.24 allows remote attackers to create files with arbitrary content via a full pathname in the first argument and...

Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into...

The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files,...

Unspecified vulnerability in crontab on Sun Solaris 8 through 10, and OpenSolaris before snv_93, allows local users to insert cron jobs into the crontab files of arbitrary users via unspecified vectors. Date published :...

SQL injection vulnerability in cat.php in HispaH Model Search allows remote attackers to execute arbitrary SQL commands via the cat parameter. Date published : 2008-06-03 http://www.securityfocus.com/bid/29128 https://www.exploit-db.com/exploits/5577

SQL injection vulnerability in out.php in YABSoft Advanced Image Hosting (AIH) Script 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the t parameter. Date published : 2008-06-03 http://www.securityfocus.com/bid/29172 https://www.exploit-db.com/exploits/5601

Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and...

Directory traversal vulnerability in admin/admin_frame.php in Phoenix View CMS Pre Alpha2 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ltarget parameter. Date published...

Multiple cross-site scripting (XSS) vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ltarget parameter to (a) admin/admin_frame.php and the (2)...

SQL injection vulnerability in forum/topic_detail.php in AJ Square aj-hyip (aka AJ HYIP Acme) allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2008-06-03 http://www.securityfocus.com/bid/29173 https://www.exploit-db.com/exploits/5602

Cross-site scripting (XSS) vulnerability in the search script in Build A Niche Store (BANS) 3.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. Date published : 2008-06-03 http://www.securityfocus.com/bid/29187...