[CLOSE] OSVDB ID : 32995 - Disclosed: 2007-01-19

Description:

(Description Provided by CVE) : T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.

[CLOSE] OSVDB ID : 36011 - Disclosed: 2007-05-11

Description:

(Description Provided by CVE) : Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script.

[CLOSE] OSVDB ID : 85469 - Disclosed: 2012-08-17

Description:

T-dah WebMai contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate "almost every field" (though only 'name' was specified) when creating a new contact. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85504 - Disclosed: 2012-08-20

Description:

T-dah WebMail contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addressbook.php script. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into creating a new contact in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 85468 - Disclosed: 2012-08-17

Description:

T-dah WebMail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'message' field in new events in the calendar before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 84694 - Disclosed: 2012-08-08

Description:

T-dah WebMail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via an the message body of an email before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 58452 - Disclosed: 2009-09-10

Description:

T-HTB Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' and 'name' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 34986 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 61235 - Disclosed: 2009-12-20

Description:

(Description Provided by CVE) : Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 61293 - Disclosed: 2003-06-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 61292 - Disclosed: 2002-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33966 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.

[CLOSE] OSVDB ID : 74334 - Disclosed: 2011-04-05

Description:

WPtouch Plugin for WordPress has a compromised download which contains a trojaned backdoor with may allow an attacker to conduct XSS attacks or have other unspecified impact.

[CLOSE] OSVDB ID : 87691 - Disclosed: 2011-03-04

Description:

t1lib contains a flaw that is triggered when a buffer overflow occurs in the token() and linetoken() functions in backend/dvi/mdvi-lib/afmparse.c during the handling of a specially crafted AFM file. This will allow a context-dependent attacker to cause an off-by-one error, which may allow the attacker to potentially cause a denial of service or execute arbitrary code.

[CLOSE] OSVDB ID : 70302 - Disclosed: 2010-12-07

Description:

t1lib is prone to an overflow condition. The 'token()' function in 'backend/dvi/mdvi-lib/afmparse.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted DVI file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 74729 - Disclosed: 2011-02-24

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the linetoken function in afmparse.c in t1lib, as used in teTeX 3.0.x, GNOME evince, and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a DVI file containing a crafted Adobe Font Metrics (AFM) file, a different vulnerability than CVE-2010-2642.

[CLOSE] OSVDB ID : 38698 - Disclosed: 2007-07-27

Description:

(Description Provided by CVE) : Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

[CLOSE] OSVDB ID : 74527 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

[CLOSE] OSVDB ID : 74528 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.

[CLOSE] OSVDB ID : 72302 - Disclosed: 2011-03-23

Description:

A memory corruption flaw exists in t1lib. The font handling function fails to sanitize user-supplied input using Type 1 fonts resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74526 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6, teTeX, and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

[CLOSE] OSVDB ID : 23193 - Disclosed: 2004-12-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23194 - Disclosed: 2004-12-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23196 - Disclosed: 2005-12-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23195 - Disclosed: 2005-08-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23192 - Disclosed: 2004-04-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 89129 - Disclosed: 2013-01-11

Description:

T3 jQuery (t3jquery) Extension for TYPO3 contains a flaw that is triggered when an error occurs during an unserialize() function call. This may allow a remote attacker to execute arbitrary PHP code.

[CLOSE] OSVDB ID : 89130 - Disclosed: 2013-01-11

Description:

T3 Mootools (t3mootools) Extension for TYPO3 contains a flaw that is triggered when an error occurs during an unserialize() function call. This may allow a remote attacker to execute arbitrary PHP code.

[CLOSE] OSVDB ID : 75943 - Disclosed: 2011-09-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62074 - Disclosed: 2010-02-01

Description:

T3BLOG Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.