Internet Security Report 102406
Internet Security Advisory 102406
These Internet Security advisories are validated and verified in many differentways e.g. by downloading the software and performing comprehensive
tests, by reviewing source code, or by validating the credibility of
the source from which the vulnerability report was issued.
Top Read IT security Advisories
1. Microsoft Word Malformed Object Code Execution
Vulnerability
2. Internet Explorer "object" Tag Memory Corruption
Vulnerability
3. RealVNC Password Authentication Bypass Vulnerability
4. Internet Explorer "mhtml:" Redirection Disclosure of
Sensitive Information
5. Cisco VPN Client Privilege Escalation Vulnerability
6. Internet Explorer Window Loading Race Condition Address
Bar Spoofing
7. Microsoft Internet Explorer "createTextRange()" Code
Execution
8. Novell Netware abend.log User Credentials Disclosure
9. Mozilla / Mozilla Firefox Frame Injection Vulnerability
10. Basic Analysis and Security Engine "BASE_path" File
Inclusion
Internet Security Summary Listing
Windows:
wodSFTP ActiveX Component Arbitrary File Access
Vulnerability
Symantec Client Security / AntiVirus Unspecified Code
Execution
F-Secure Products Web Console Buffer Overflow Vulnerability
Enigma Haber Multiple SQL Injection Vulnerabilities
AspSitem SQL Injection and Private Message Disclosure
Nukedit "groupid" Parameter Administrator Register
Vulnerability
Hitachi HITSENSER3 SQL Injection Vulnerability
My Web Server Long URL Denial of Service
Mini-NUKE SQL Injection Vulnerabilities
qjForum member.asp SQL Injection Vulnerability
NewsCMSLite Admin Logon Bypass Vulnerability
ASPBB "search" Parameter Cross-Site Scripting Vulnerability
Omegasoft Insel "WCE" Parameter Cross-Site Scripting
Jiwa Financials Information Disclosure Vulnerability
UNIX/Linux:
Ubuntu update for nagios
Mandriva update for mpg123
SUSE update for kernel
4nForum "tid" Parameter SQL Injection Vulnerability
Gentoo update for libtiff
Gentoo update for cherrypy
Mandriva update for dia
Debian update for kernel-source-2.4.17
Debian update for libextractor
Open-Xchange Default Account Password
Ubuntu update for postgresql
Pre News Manager Multiple SQL Injection Vulnerabilities
UnixWare update for MySQL
Debian update for awstats
SUSE update for rug
FreeBSD ypserv Inoperative Access Controls Security Issue
Debian update for mysql-dfsg
OpenOBEX ircp File Overwrite Vulnerability
FreeBSD SMBFS chroot Directory Traversal Vulnerability
SUSE update for vixie-cron
Vixie Cron "do_command.c" setuid Security Issue
Shadow "useradd.c" Insecure Mailbox File Permissions
Debian update for motor
Avaya PDS Software Distributor Privilege Escalation
Motor ktools VGETSTRING Buffer Overflow Vulnerability
AIX lsmcode Unspecified Privilege Escalation Vulnerability
SUSE update for foomatic-filters
xine-lib HTTP Response Heap Corruption Weakness
Debian update for tiff
Debian update for dovecot
Dovecot "LIST" Command Directory Traversal Weakness
Linux Kernel SMP "/proc" Race Condition Denial of Service
PHP "curl_init()" Safe Mode Bypass Weakness
Other:
Secure Elements Class 5 AVR Multiple Vulnerabilities
D-Link Airspot DSA-3100 Gateway "uname" Cross-Site Scripting
Novell Netware abend.log User Credentials Disclosure
Secure Elements Class 5 AVR Message Encryption Security
Issue
Cross Platform:
METAjour "system_path" Parameter File Inclusion
Vulnerabilities
Ottoman "default_path" File Inclusion Vulnerabilities
phpMyDesktop|arcade Local File Inclusion and Script
Insertion
IBM DCE Two Kerberos Vulnerabilities
F_at_cile Interactive Web Multiple Vulnerabilities
tinyBB SQL Injection and File Inclusion Vulnerabilities
phpBB Activity Mod Plus Module "phpbb_root_path" File
Inclusion
UBB.threads Cross-Site Scripting and File Inclusion
phpBB Blend Portal System Module "phpbb_root_path" File
Inclusion
Fastpublish CMS "config[fsBase]" File Inclusion
Vulnerabilities
Hot Open Tickets "CLASS_PATH" Parameter File Inclusion
Plume CMS "/manager/frontinc/prepend.php" File Inclusion
open-medium.CMS "404.php" File Inclusion Vulnerability
Basic Analysis and Security Engine "BASE_path" File
Inclusion
ActionApps "GLOBALS[AA_INC_PATH]" File Inclusion
DoceboLMS "lang" Parameter File Inclusion Vulnerabilities
Back-End CMS "_PSL[classdir]" File Inclusion Vulnerability
pppBLOG "files[0]" Parameter Disclosure of Sensitive
Information
WebCalendar "includedir" Parameter Arbitrary Setting File
Loading
WikiNi Script Insertion Vulnerabilities
phpBB Nivisec Hacks List Module Local File Inclusion
Eggblog posts.php SQL Injection Vulnerability
aMule Information Disclosure Vulnerability
Geeklog Multiple Vulnerabilities and Weaknesses
Seditio "Referer" HTTP Header Script Insertion Vulnerability
ByteHoard File Copy and Script Insertion Vulnerabilities
MailManager PostgreSQL Encoding-Based SQL Injection
V-webmail "CONFIG[pear_dir]" File Inclusion Vulnerability
Pre Shopping Mall SQL Injection Vulnerabilities
ChatPat Script Insertion and SQL Injection Vulnerabilities
iFdate Cross-Site Scripting and Script Insertion
Vulnerabilities
Realty Pro One Cross-Site Scripting and SQL Injection
XiTi Tracking Script "xiti.js" Cross-Site Scripting
Vulnerabilities
Open Searchable Image Catalogue SQL Injection
Vulnerabilities
DGNews "upprocess.php" File Upload Vulnerability
Photoalbum B&W "index.php" Cross-Site Scripting
Vulnerabilities
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Achievo "atkselector" Parameter SQL Injection Vulnerability
Vacation Rental Script "obj" Parameter Cross-Site Scripting
Pretty Guestbook "pagina" Cross-Site Scripting Vulnerability
Smile Guestbook "pagina" Cross-Site Scripting Vulnerability
Morris Guestbook "pagina" Cross-Site Scripting Vulnerability
php-residence Multiple Script Insertion Vulnerabilities
PHPSimpleChoose Cross-Site Scripting Vulnerability
PHP-AGTC membership system "useremail" Script Insertion
CMS Mundo "searchstring" Cross-Site Scripting Vulnerability
phpESP ADOdb Cross-Site Scripting Vulnerabilities
AZ Photo Album Script Pro Cross-Site Scripting Vulnerability
Elite-Board "search" Parameter Cross-Site Scripting
Vulnerability
Assetman Unspecified Script Insertion Vulnerabilities
iFlance Multiple Cross-Site Scripting Vulnerabilities
Internet Security Vulnerabilities - Content
Windows:
wodSFTP ActiveX Component Arbitrary File Access
Vulnerability
Critical: Highly critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, System access
Will Dormann has reported a vulnerability in WeOnlyDo wodSFTP, which
can be exploited by malicious people to disclose sensitive information
and potentially compromise a user's system.
Symantec Client Security / AntiVirus Unspecified Code
Execution
Critical: Highly critical
Where: From remote
Impact: System access
eEye Digital Security has reported a vulnerability in Symantec Client
Security and Symantec AntiVirus Corporate Edition, which can be
exploited by malicious people to compromise a user's system.
F-Secure Products Web Console Buffer Overflow Vulnerability
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
A vulnerability has been reported in F-Secure Anti-Virus for Microsoft
Exchange and F-Secure Internet Gatekeeper, which potentially can be
exploited by malicious people to compromise a vulnerable system.
Enigma Haber Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Mustafa Can Bjorn has reported some vulnerabilities in Enigma Haber,
which can be exploited by malicious people to conduct SQL injection
attacks.
AspSitem SQL Injection and Private Message Disclosure
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information
Mustafa Can Bjorn has reported two vulnerabilities in AspSitem, which
can be exploited by malicious users to disclose sensitive information
or malicious people to conduct SQL injection attacks.
Nukedit "groupid" Parameter Administrator Register
Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
FarhadKey has discovered a vulnerability in Nukedit, which can be
exploited by malicious people to bypass certain security restrictions.
Hitachi HITSENSER3 SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
A vulnerability has been reported in Hitachi HITSENSER3, which can be
exploited by malicious people to conduct SQL injection attacks.
My Web Server Long URL Denial of Service
Critical: Moderately critical
Where: From remote
Impact: DoS
s3rv3r_hack3r has discovered a vulnerability in My Web Server, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Mini-NUKE SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Mustafa Can Bjorn has reported some vulnerabilities in Mini-NUKE, which
can be exploited by malicious people to conduct SQL injection attacks.
qjForum member.asp SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
ajann has reported a vulnerability in qjForum, which can be exploited
by malicious people to conduct SQL injection attacks.
NewsCMSLite Admin Logon Bypass Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
FarhadKey has discovered a vulnerability in NewsCMSLite, which can be
exploited by malicious people to bypass certain security restrictions.
ASPBB "search" Parameter Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Mustafa Can Bjorn has reported a vulnerability in ASPBB, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Omegasoft Insel "WCE" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
MC.Iglo has reported a vulnerability in Omegasoft Insel, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Jiwa Financials Information Disclosure Vulnerability
Critical: Less critical
Where: From local network
Impact: Exposure of sensitive information
Robert Passlow has reported a vulnerability in Jiwa Financials, which
can be exploited by malicious users to disclose potentially sensitive
information.
UNIX/Linux:
Ubuntu update for nagios
Critical: Highly critical
Where: From remote
Impact: DoS, System access
Ubuntu has issued an update for nagios. This fixes a vulnerability,
which can be exploited by malicious people to cause a DoS (Denial of
Service) and potentially compromise a vulnerable system.
Mandriva update for mpg123
Critical: Highly critical
Where: From remote
Impact: System access
Mandriva has issued an update for mpg123. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise a
user's system.
SUSE update for kernel
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of system information, Exposure
of sensitive information, DoS
SUSE has issued an update for the kernel. This fixes some
vulnerabilities and weaknesses, which can be exploited by malicious,
local users to bypass certain security restrictions, gain knowledge of
potentially sensitive information and to cause a DoS (Denial of
Service), and by malicious people to disclose certain system
information, potentially to bypass certain security restrictions and to
cause a DoS (Denial of Service).
4nForum "tid" Parameter SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
CrAzY CrAcKeR has reported a vulnerability in 4nForum, which can be
exploited by malicious people to conduct SQL injection attacks.
Gentoo update for libtiff
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Gentoo has issued an update for libtiff. This fixes some
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially to compromise a user's system.
Gentoo update for cherrypy
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Gentoo has issued an update for cherrypy. This fixes a vulnerability,
which can be exploited by malicious people to disclose potentially
sensitive information.
Mandriva update for dia
Critical: Moderately critical
Where: From remote
Impact: System access
Mandriva has issued an update for dia. This fixes some vulnerabilities,
which potentially can be exploited by malicious people to compromise a
user's system.
Debian update for kernel-source-2.4.17
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information, Privilege escalation, DoS, System access
Debian has issued an update for kernel-source-2.4.17. This fixes some
vulnerabilities, which can be exploited by malicious, local users to
gain knowledge of sensitive information, cause a DoS (Denial of
Service), gain escalated privileges, and by malicious people to cause a
DoS, and disclose potentially sensitive information.
Debian update for libextractor
Critical: Moderately critical
Where: From remote
Impact: DoS, System access
Debian has issued an update for libextractor. This fixes two
vulnerabilities, which can be exploited by malicious people to cause a
DoS (Denial of Service) and potentially compromise an application that
uses the library.
Open-Xchange Default Account Password
Critical: Moderately critical
Where: From remote
Impact: Security Bypass
Cemil Degirmenci has reported a security issue in Open-Xchange, which
potentially can be exploited by malicious people to bypass certain
security restrictions.
Ubuntu update for postgresql
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Ubuntu has issued an update for postgresql. This fixes two
vulnerabilities, which potentially can be exploited by malicious people
to conduct SQL injection attacks.
Pre News Manager Multiple SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
luny has reported some vulnerabilities in Pre News Manager, which can
be exploited by malicious people to conduct cross-site scripting
attacks and SQL injection attacks.
UnixWare update for MySQL
Critical: Moderately critical
Where: From local network
Impact: System access
SCO has issued an update for MySQL. This fixes a vulnerability, which
can be exploited by malicious users to compromise a vulnerable system.
Debian update for awstats
Critical: Less critical
Where: From remote
Impact: Security Bypass, System access
Debian has issued an update for awstats. This fixes a security issue,
which can be exploited by malicious people to bypass certain security
restrictions.
SUSE update for rug
Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of sensitive information
SUSE has issued an update for rug. This fixes a security issue and a
weakness, which can be exploited by malicious, local users to disclose
certain sensitive information and potentially by malicious people to
bypass security restrictions.
FreeBSD ypserv Inoperative Access Controls Security Issue
Critical: Less critical
Where: From local network
Impact: Security Bypass
A security issue has been reported in FreeBSD, which can be exploited
by malicious people to bypass certain security restrictions.
Debian update for mysql-dfsg
Critical: Less critical
Where: From local network
Impact: Security Bypass, Exposure of sensitive information, System
access
Debian has issued an update for mysql-dfsg. This fixes some
vulnerabilities, which can be exploited by malicious users to bypass
certain security restrictions, disclose potentially sensitive
information, and compromise a vulnerable system.
OpenOBEX ircp File Overwrite Vulnerability
Critical: Less critical
Where: From local network
Impact: Manipulation of data
Jeroen van Wolffelaar has reported a vulnerability in Open OBEX, which
can be exploited by malicious people to manipulate certain data on a
user's system.
FreeBSD SMBFS chroot Directory Traversal Vulnerability
Critical: Less critical
Where: Local system
Impact: Security Bypass
A vulnerability has been reported in FreeBSD, which can be exploited by
malicious, local users to bypass certain security restrictions.
SUSE update for vixie-cron
Critical: Less critical
Where: Local system
Impact: Privilege escalation
SUSE has issued an update for vixie-cron. This fixes a security issue,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Vixie Cron "do_command.c" setuid Security Issue
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Roman Veretelnikov has reported a security issue in Vixie Cron, which
potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Shadow "useradd.c" Insecure Mailbox File Permissions
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A security issue has been reported in Shadow, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
Debian update for motor
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Debian has issued an update for motor. This fixes a vulnerability,
which potentially can be exploited by malicious, local users to perform
certain actions with escalated privileges.
Avaya PDS Software Distributor Privilege Escalation
Critical: Less critical
Where: Local system
Impact: Privilege escalation
Avaya has acknowledged a vulnerability in Avaya Predictive Dialing
System (PDS), which can be exploited by malicious, local users to gain
escalated privileges.
Motor ktools VGETSTRING Buffer Overflow Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in Motor, which potentially can be
exploited by malicious, local users to perform certain actions with
escalated privileges.
AIX lsmcode Unspecified Privilege Escalation Vulnerability
Critical: Less critical
Where: Local system
Impact: Privilege escalation
A vulnerability has been reported in AIX, which can be exploited by
malicious, local users to gain escalated privileges.
SUSE update for foomatic-filters
Critical: Less critical
Where: Local system
Impact: Privilege escalation
SUSE has issued an update for foomatic-filters. This fixes a
vulnerability, which can be exploited by malicious, local users to gain
escalated privileges.
xine-lib HTTP Response Heap Corruption Weakness
Critical: Not critical
Where: From remote
Impact: DoS
Federico L. Bossi Bonin has discovered a weakness in xine-lib, which
can be exploited by malicious people to crash certain applications on a
user's system.
Debian update for tiff
Critical: Not critical
Where: From remote
Impact: DoS
Debian has issued an update for tiff. This fixes a vulnerability, which
can be exploited by malicious people to cause a DoS (Denial of
Service).
Debian update for dovecot
Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
Debian has issued an update for dovecot. This fixes a weakness, which
can be exploited by malicious users to gain knowledge of potentially
sensitive information.
Dovecot "LIST" Command Directory Traversal Weakness
Critical: Not critical
Where: From remote
Impact: Exposure of sensitive information
A weakness has been reported in Dovecot, which can be exploited by
malicious users to gain knowledge of potentially sensitive
information.
Linux Kernel SMP "/proc" Race Condition Denial of Service
Critical: Not critical
Where: Local system
Impact: DoS
Tony Griffiths has reported a vulnerability in the Linux Kernel, which
can be exploited malicious, local users to cause a DoS (Denial of
Service).
PHP "curl_init()" Safe Mode Bypass Weakness
Critical: Not critical
Where: Local system
Impact: Security Bypass
Maksymilian Arciemowicz has discovered a weakness in PHP, which can be
exploited by malicious, local users to bypass certain security
restrictions.
Other:
Secure Elements Class 5 AVR Multiple Vulnerabilities
Critical: Moderately critical
Where: From local network
Impact: Security Bypass, Spoofing, Exposure of system information,
Exposure of sensitive information, DoS, System access
Multiple vulnerabilities and security issues have been reported in
Secure Elements Class 5 AVR, which can be exploited by malicious people
to disclose potentially sensitive information, bypass certain security
restrictions, spoof the contents of messages, cause a DoS (Denial of
Service) and potentially to compromise a vulnerable system.
D-Link Airspot DSA-3100 Gateway "uname" Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
jaime.blasco has reported a vulnerability in D-Link Airspot DSA-3100
Gateway, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Novell Netware abend.log User Credentials Disclosure
Critical: Less critical
Where: Local system
Impact: Exposure of sensitive information
A security issue has been reported in Novell Netware, which can be
exploited by malicious, local users to gain knowledge of sensitive
information.
Secure Elements Class 5 AVR Message Encryption Security
Issue
Critical: Not critical
Where: From local network
Impact: Exposure of sensitive information
A security issue has been reported in Secure Elements Class 5 AVR,
which potentially can be exploited by malicious people to disclose
certain sensitive information.
Cross Platform:
METAjour "system_path" Parameter File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has discovered some vulnerabilities in METAjour, which can be
exploited by malicious people to compromise a vulnerable system.
Ottoman "default_path" File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has discovered some vulnerabilities in Ottoman, which can be
exploited by malicious people to compromise a vulnerable system.
phpMyDesktop|arcade Local File Inclusion and Script
Insertion
Critical: Highly critical
Where: From remote
Impact: Exposure of sensitive information, System access, Cross
Site Scripting
darkgod has discovered two vulnerabilities in phpMyDesktop|arcade,
which can be exploited by malicious people to conduct script insertion
attacks, disclose sensitive information, and compromise a vulnerable
system.
IBM DCE Two Kerberos Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: DoS, System access
IBM has acknowledged two vulnerabilities in IBM DCE, which can be
exploited by malicious people to cause a DoS (Denial of Service) or
potentially compromise a vulnerable system.
F_at_cile Interactive Web Multiple Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Mustafa Can Bjorn has reported some vulnerabilities in F_at_cile
Interactive Web, which can be exploited by malicious people to conduct
cross-site scripting attacks, disclose sensitive information, and
compromise a vulnerable system.
tinyBB SQL Injection and File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: Manipulation of data, System access
Mustafa Can Bjorn has discovered some vulnerabilities in tinyBB, which
can be exploited by malicious people to conduct SQL injection attacks
and to compromise a vulnerable system.
phpBB Activity Mod Plus Module "phpbb_root_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Mustafa Can Bjorn has reported a vulnerability in the Activity Mod Plus
module for phpBB, which can be exploited by malicious people to
compromise a vulnerable system.
UBB.threads Cross-Site Scripting and File Inclusion
Critical: Highly critical
Where: From remote
Impact: Cross Site Scripting, System access
Mustafa Can Bjorn has discovered some vulnerabilities in UBB.threads,
which can be exploited by malicious people to conduct cross-site
scripting attacks and compromise a vulnerable system.
phpBB Blend Portal System Module "phpbb_root_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Mustafa Can Bjorn has reported a vulnerability in the Blend Portal
System module for phpBB, which can be exploited by malicious people to
compromise a vulnerable system.
Fastpublish CMS "config[fsBase]" File Inclusion
Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has reported some vulnerabilities in Fastpublish CMS, which can
be exploited by malicious people to compromise a vulnerable system.
Hot Open Tickets "CLASS_PATH" Parameter File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has discovered a vulnerability in Hot Open Tickets, which can be
exploited by malicious people to compromise a vulnerable system.
Plume CMS "/manager/frontinc/prepend.php" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
beford has discovered a vulnerability in Plume CMS, which can be
exploited by malicious people to compromise a vulnerable system.
open-medium.CMS "404.php" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has discovered a vulnerability in the open-medium.CMS, which can
be exploited by malicious people to compromise a vulnerable system.
Basic Analysis and Security Engine "BASE_path" File
Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
str0ke has discovered some vulnerabilities in Basic Analysis and
Security Engine, which can be exploited by malicious people to
compromise a vulnerable system.
ActionApps "GLOBALS[AA_INC_PATH]" File Inclusion
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has discovered some vulnerabilities in ActionApps, which can be
exploited by malicious people to compromise a vulnerable system.
DoceboLMS "lang" Parameter File Inclusion Vulnerabilities
Critical: Highly critical
Where: From remote
Impact: System access
beford has discovered some vulnerabilities in DoceboLMS, which can be
exploited by malicious people to compromise a vulnerable system.
Back-End CMS "_PSL[classdir]" File Inclusion Vulnerability
Critical: Highly critical
Where: From remote
Impact: System access
Kacper has discovered a vulnerability in Back-End CMS, which can be
exploited by malicious people to compromise a vulnerable system.
pppBLOG "files[0]" Parameter Disclosure of Sensitive
Information
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
rgod has discovered a vulnerability in pppBLOG, which can be exploited
by malicious people to disclose sensitive information.
WebCalendar "includedir" Parameter Arbitrary Setting File
Loading
Critical: Moderately critical
Where: From remote
Impact: Security Bypass, Exposure of sensitive information
socsam has discovered a vulnerability in WebCalendar, which can be
exploited by malicious people to bypass certain security restrictions
and disclose sensitive information.
WikiNi Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Raphael Huck has discovered some vulnerabilities in WikiNi, which can
be exploited by malicious people to conduct script insertion attacks.
phpBB Nivisec Hacks List Module Local File Inclusion
Critical: Moderately critical
Where: From remote
Impact: Exposure of sensitive information
Mustafa Can Bjorn has discovered a vulnerability in the Nivisec Hacks
List module for phpBB, which can be exploited by malicious people to
disclose sensitive information.
Eggblog posts.php SQL Injection Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
Mustafa Can Bjorn has discovered a vulnerability in Eggblog, which can
be exploited by malicious people to conduct SQL injection attacks.
aMule Information Disclosure Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Exposure of system information, Exposure of sensitive
information
A vulnerability has been reported in aMule, which can be exploited by
malicious people and by malicious users to disclose potentially
sensitive information.
Geeklog Multiple Vulnerabilities and Weaknesses
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data, Exposure of
system information
trueend5 has reported some vulnerabilities and weaknesses in Geeklog,
which can be exploited by malicious people to disclose system
information, and conduct cross-site scripting and SQL injection
attacks.
Seditio "Referer" HTTP Header Script Insertion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
Yunus Emre Yilmaz has discovered a vulnerability in Seditio, which can
be exploited by malicious people to conduct script insertion attacks.
ByteHoard File Copy and Script Insertion Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Nomenumbra has discovered two vulnerabilities in ByteHoard, which can
be exploited by malicious people to manipulate sensitive information
and conduct script insertion attacks.
MailManager PostgreSQL Encoding-Based SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
A vulnerability has been reported in MailManager, which potentially can
be exploited by malicious people to conduct SQL injection attacks.
V-webmail "CONFIG[pear_dir]" File Inclusion Vulnerability
Critical: Moderately critical
Where: From remote
Impact: System access
beford has discovered a vulnerability in V-webmail, which can be
exploited by malicious people to compromise a vulnerable system.
Pre Shopping Mall SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Manipulation of data
luny has reported some vulnerabilities in Pre Shopping Mall, which can
be exploited by malicious people to conduct SQL injection attacks.
ChatPat Script Insertion and SQL Injection Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
luny has reported two vulnerabilities in ChatPat, which can be
exploited by malicious people to conduct script insertion and SQL
injection attacks.
iFdate Cross-Site Scripting and Script Insertion
Vulnerabilities
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting
luny has reported some vulnerabilities in iFdate, which can be
exploited by malicious people to conduct cross-site scripting and
script insertion attacks.
Realty Pro One Cross-Site Scripting and SQL Injection
Critical: Moderately critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
luny has reported some vulnerabilities in Realty Pro One, which can be
exploited by malicious people to conduct cross-site scripting and SQL
injection attacks.
XiTi Tracking Script "xiti.js" Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Yannick Daffaud has reported two vulnerabilities in the XiTi Tracking
Script, which can be exploited by malicious people to conduct
cross-site scripting attacks.
Open Searchable Image Catalogue SQL Injection
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting, Manipulation of data
Nenad Jovanovic has discovered some vulnerabilities in Open Searchable
Image Catalogue, which can be exploited by malicious users to conduct
SQL injection attacks and by malicious people to conduct cross-site
scripting attacks.
DGNews "upprocess.php" File Upload Vulnerability
Critical: Less critical
Where: From remote
Impact: System access
r0t has discovered a vulnerability in DGNews, which can be exploited by
malicious users to compromise a vulnerable system.
Photoalbum B&W "index.php" Cross-Site Scripting
Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
black-code and sweet-devil have discovered some vulnerabilities in
Photoalbum B&W, which can be exploited by malicious people to conduct
cross-site scripting attacks.
TikiWiki Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Blwood has discovered some vulnerabilities in TikiWiki, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Achievo "atkselector" Parameter SQL Injection Vulnerability
Critical: Less critical
Where: From remote
Impact: Manipulation of data
Christian Nancy has reported a vulnerability in Achievo, which can be
exploited by malicious users to conduct SQL injection attacks.
Vacation Rental Script "obj" Parameter Cross-Site Scripting
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has discovered a vulnerability in Vacation Rental Script, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Pretty Guestbook "pagina" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has discovered a vulnerability in Pretty Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Smile Guestbook "pagina" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has discovered a vulnerability in Smile Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Morris Guestbook "pagina" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has discovered a vulnerability in Morris Guestbook, which can be
exploited by malicious people to conduct cross-site scripting attacks.
php-residence Multiple Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Nomenumbra has reported some vulnerabilities in php-residence, which
can be exploited by malicious users to conduct script insertion
attacks.
PHPSimpleChoose Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has discovered a vulnerability in PHPSimpleChoose, which can be
exploited by malicious people to conduct cross-site scripting attacks.
PHP-AGTC membership system "useremail" Script Insertion
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Nomenumbra has discovered a vulnerability in PHP-AGTC membership
system, which can be exploited by malicious users to conduct script
insertion attacks.
CMS Mundo "searchstring" Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has reported a vulnerability in CMS Mundo, which can be exploited
by malicious people to conduct cross-site scripting attacks.
phpESP ADOdb Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Some vulnerabilities have been reported in phpESP, which can be
exploited by malicious people to conduct cross-site scripting attacks.
AZ Photo Album Script Pro Cross-Site Scripting Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has reported a vulnerability in AZ Photo Album Script Pro, which
can be exploited by malicious people to conduct cross-site scripting
attacks.
Elite-Board "search" Parameter Cross-Site Scripting
Vulnerability
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has reported a vulnerability in Elite-Board, which can be
exploited by malicious people to conduct cross-site scripting attacks.
Assetman Unspecified Script Insertion Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
Nomenumbra has reported some vulnerabilities in Assetman, which can be
exploited by malicious users to conduct script insertion attacks.
iFlance Multiple Cross-Site Scripting Vulnerabilities
Critical: Less critical
Where: From remote
Impact: Cross Site Scripting
luny has reported some vulnerabilities in iFlance, which can be
exploited by malicious people to conduct cross-site scripting attacks.
