iDefense Security Advisory 10.30.07 - Local exploitation of a file access vulnerability in the swcons command included in multiple versions of IBM Corp.'s AIX could allow for the creation or modification of arbitrary files anywhere on the system. The vulnerability specifically exists due to a lack of sanity checking when using the -p option. If a user specifies a file with the -p option, the contents of that file will be overwritten with 65,535 bytes of uncontrolled data. If the file doesn't exist, it will be created. In both cases, the file will also be converted to mode 222, which allows all users on the system to modify it. By specifying a system file, users can cause a denial of service condition or elevate privileges. iDefense has confirmed the existence of this vulnerability on IBM AIX version 5.2. It is suspected that previous versions are also vulnerable.
137f1cad4a41d7bcbdb4f9ae9c4cf56ffb3ca54059b49a1b60264399bd6c42f0
ILIAS versions 3.8.3 and below suffer from a cross site scripting vulnerability.
5c04062e7c2d142c43d85c8c39acfd287054dc5704dbada7794672cddb300fba
phpFaber URLInn version 2.0.5 is susceptible to a remote file inclusion vulnerability.
26be7eb819f53a216e02d78a41a48c2e8e4f564bca36e875cb4e98f1ae8aaae4
miniBB version 2.1 suffers from a remote SQL injection vulnerability.
4222c954f5bf2532294f274575e15c2204346ff740800b96422ff0a084047ea0