[CLOSE] OSVDB ID : 32995 - Disclosed: 2007-01-19

Description:

(Description Provided by CVE) : T-Com Speedport 500V routers with firmware 1.31 allow remote attackers to bypass authentication and reconfigure the device via a LOGINKEY=TECOM cookie value.

[CLOSE] OSVDB ID : 36011 - Disclosed: 2007-05-11

Description:

(Description Provided by CVE) : Deutsche Telekom (T-com) Speedport W 700v uses JavaScript delays for invalid authentication attempts to the CGI script, which allows remote attackers to bypass the delays and conduct brute-force attacks via direct calls to the authentication CGI script.

[CLOSE] OSVDB ID : 58452 - Disclosed: 2009-09-10

Description:

T-HTB Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' and 'name' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 34986 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 61235 - Disclosed: 2009-12-20

Description:

(Description Provided by CVE) : Unspecified vulnerability in t-prot (TOFU Protection) before 2.8 allows remote attackers to cause a denial of service via unspecified vectors related to the "--maxlines" option and a crafted email message. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 61293 - Disclosed: 2003-06-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 61292 - Disclosed: 2002-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33966 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.

[CLOSE] OSVDB ID : 74334 - Disclosed: 2011-04-05

Description:

WPtouch Plugin for WordPress has a compromised download which contains a trojaned backdoor with may allow an attacker to conduct XSS attacks or have other unspecified impact.

[CLOSE] OSVDB ID : 38698 - Disclosed: 2007-07-27

Description:

(Description Provided by CVE) : Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloadfont function in php_gd2.dll in the gd (PHP_GD2) extension in PHP 5.2.3.

[CLOSE] OSVDB ID : 74527 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.

[CLOSE] OSVDB ID : 74528 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.

[CLOSE] OSVDB ID : 72302 - Disclosed: 2011-03-22

Description:

A memory corruption flaw exists in t1lib. The font handling function fails to sanitize user-supplied input using Type 1 fonts resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 74526 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.

[CLOSE] OSVDB ID : 23193 - Disclosed: 2004-12-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23194 - Disclosed: 2004-12-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23196 - Disclosed: 2005-12-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23195 - Disclosed: 2005-08-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23192 - Disclosed: 2004-04-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 75943 - Disclosed: 2011-09-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62074 - Disclosed: 2010-02-01

Description:

T3BLOG Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62075 - Disclosed: 2010-02-01

Description:

T3BLOG Extension for TYPO3 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate unspecified input upon submission to an unspecified script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 66682 - Disclosed: 2009-08-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in the T3M E-Mail Marketing Tool (t3m) extension 0.2.4 and earlier for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 66692 - Disclosed: 2009-08-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in the t3m_affiliate extension 0.5.0 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 63038 - Disclosed: 2010-03-16

Description:

t3sec_saltedpw contains a flaw related to the frontend authentication that may allow an attacker to bypass authentication. No further details have been provided.

[CLOSE] OSVDB ID : 77352 - Disclosed: 2011-11-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77353 - Disclosed: 2011-11-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64360 - Disclosed: 2010-05-01

Description:

Table JX contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate "data_search' and 'rpp' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 19479 - Disclosed: 2005-09-16

Description:

TRAC Vista Webstation contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the ISALogin.dll program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the Template variable.

[CLOSE] OSVDB ID : 8848 - Disclosed: 2002-01-30

Description:

(Description Provided by CVE) : tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files.