[CLOSE] OSVDB ID : 52912 - Disclosed: 2008-12-22

Description:

(Description Provided by CVE) : The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

[CLOSE] OSVDB ID : 74752 - Disclosed: 2011-07-25

Description:

(Description Provided by CVE) : The change_process_uid function in os-posix.c in Qemu 0.14.0 and earlier does not properly drop group privileges when the -runas option is used, which allows local guest users to access restricted files on the host.

[CLOSE] OSVDB ID : 67473 - Disclosed: 2010-07-28

Description:

(Description Provided by CVE) : The subpage MMIO initialization functionality in the subpage_register function in exec.c in QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly select the index for access to the callback array, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

[CLOSE] OSVDB ID : 67475 - Disclosed: 2010-02-26

Description:

(Description Provided by CVE) : QEMU-KVM, as used in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and KVM 83, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.

[CLOSE] OSVDB ID : 67477 - Disclosed: 2010-02-26

Description:

(Description Provided by CVE) : libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly validate guest QXL driver pointers, which allows guest OS users to cause a denial of service (invalid pointer dereference and guest OS crash) or possibly gain privileges via unspecified vectors.

[CLOSE] OSVDB ID : 67476 - Disclosed: 2010-02-26

Description:

(Description Provided by CVE) : libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.

[CLOSE] OSVDB ID : 40496 - Disclosed: 2007-08-30

Description:

(Description Provided by CVE) : The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.

[CLOSE] OSVDB ID : 71031 - Disclosed: 2011-02-18

Description:

Qi Bo CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the member/list.php script not properly sanitizing user-supplied input to the 'aidDB[]' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71810 - Disclosed: 2011-04-14

Description:

QianBo Enterprise Web Site Management System contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Keyword' parameters upon submission to the 'Search.Asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79750 - Disclosed: 2012-03-01

Description:

The QianXun YingShi application for Android contains an unspecified flaw that may allow a remote attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 51755 - Disclosed: 2009-02-04

Description:

(Description Provided by CVE) : QIP 2005 build 8082 allows remote attackers to cause a denial of service (CPU consumption and application hang) via a crafted Rich Text Format (RTF) ICQ message, as demonstrated by an {\rtf\pict\&&} message. NOTE: the vulnerability may be in Sergey Tkachenko TRichView. If so, then this should not be treated as a vulnerability in QIP.

[CLOSE] OSVDB ID : 78588 - Disclosed: 2011-12-14

Description:

QIWI Wallet Application for Android contains a flaw related that may allow a remote attacker to access and manipulate a user's financial data.

[CLOSE] OSVDB ID : 25786 - Disclosed: 2006-05-25

Description:

(Description Provided by CVE) : SQL injection vulnerability in member.asp in qjForum allows remote attackers to execute arbitrary SQL commands via the uName parameter.

[CLOSE] OSVDB ID : 43533 - Disclosed: 2007-12-12

Description:

(Description Provided by CVE) : QK SMTP Server 3 allows remote attackers to cause a denial of service (daemon crash) via a long (1) HELO, (2) MAIL FROM, or (3) RCPT TO command; or (4) a long string in the message sent after the DATA command; possibly a related issue to CVE-2006-5551.

[CLOSE] OSVDB ID : 29991 - Disclosed: 2006-10-23

Description:

(Description Provided by CVE) : Stack-based buffer overflow in QK SMTP 3.01 and earlier might allow remote attackers to execute arbitrary code via a long argument to the RCPT TO command.

[CLOSE] OSVDB ID : 91233 - Disclosed: 2013-03-13

Description:

QlikView contains an integer overflow condition in the .qvw file format parser. The issue is triggered as user-supplied input is not properly validated when an unspecified parameter that is responsible for section length is not properly checked. This may allow a context-dependent attacker to cause a heap overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 24301 - Disclosed: 2006-03-30

Description:

qliteNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the loginprocess.php script not properly sanitizing user-supplied input to the 'username' or 'password' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 24291 - Disclosed: 2006-03-30

Description:

QLnews contains a flaw that may allow a malicious user to execute arbitrary code. The issue is due to the the administrator having permission to add any content to the config.php script. Once modified to contain arbitrary PHP code, an attacker can call the script directly to execute the code.

[CLOSE] OSVDB ID : 24290 - Disclosed: 2006-03-30

Description:

QLnews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'autorx' and 'newsx' variables upon submission to the news.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16344 - Disclosed: 2005-05-06

Description:

A remote overflow exists in qmail when running on 64 bit platforms with 8GB of virtual memory or more. The 'commands()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause the process to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 56527 - Disclosed: 1997-06-11

Description:

(Description Provided by CVE) : Denial of service in Qmail through long SMTP commands.

[CLOSE] OSVDB ID : 3538 - Disclosed: 2004-01-15

Description:

qmail contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates an exceptionally long SMTP session, and will result in loss of availability for the session.

[CLOSE] OSVDB ID : 50546 - Disclosed: 2008-12-07

Description:

(Description Provided by CVE) : Gazatem QMail Mailing List Manager 1.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for qmail.mdb.

[CLOSE] OSVDB ID : 5850 - Disclosed: 1997-06-12

Description:

qmail-smtpd contains a flaw that may allow a remote denial of service. The issue is triggered by sending an email with a large number of recipient addresses. Qmail will attempt to process such message, which will consume all memory on the server host, and will result in loss of availability for this computer.

[CLOSE] OSVDB ID : 16343 - Disclosed: 2005-05-06

Description:

A remote overflow exists in qmail when running on 64 bit platforms with 8 GB virtual memory or more. The 'stralloc_readyplus()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause the SMTP service to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 16345 - Disclosed: 2005-05-06

Description:

A remote overflow exists in qmail when running on 64 bit platforms with 4GB of virtual memory or more. The 'substdio_put()' function fails to perform proper bounds checking resulting in an integer overflow. With a specially crafted request, a remote attacker can cause the qmail process to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 23948 - Disclosed: 2003-07-24

Description:

qmailadmin contains a flaw that may allow a local user to execute privileged commands. The issue occured when a user would use the "Modify User" screen to configure their account to forward email to an arbitrary program on the server. The program would run with vpopmail user privileges (usually significantly higher than a regular user) allowing for privileged command execution.

[CLOSE] OSVDB ID : 2440 - Disclosed: 2003-08-18

Description:

A remote overflow exists in the 'autorespond' utility included in the qmailadmin package. autorespond fails to perform boundary checks when copying environment variables set by the Mail Transfer Agent (MTA). With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity and availability.

[CLOSE] OSVDB ID : 23705 - Disclosed: 2006-02-20

Description:

A local overflow exists in qmailadmin. The program fails to properly check input reveived from the PATH_INFO environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14533 - Disclosed: 2002-08-05

Description:

A local overflow exists in qmailadmin. The CGI program fails to do proper boundary checking when processing environment variables resulting in a stack overflow. With a specially crafted request, an attacker can run arbitatry code on the server resulting in a loss of integrity.