[CLOSE] OSVDB ID : 32781 - Disclosed: 2007-03-08

Description:

PHP contains a flaw that may allow a malicious user to access arbitrary memory addresses. The issue is due to the shared memory (shmop) function failing to verify if the type of resource supplied is a shmop resource. By using other types of resources it is possible to read and write to shared memory addresses resulting in a loss of integrity and/or availability.

[CLOSE] OSVDB ID : 32780 - Disclosed: 2007-03-07

Description:

An information leak vulnerability exists in PHP. An integer overflow which occurs while performing sanity checks on the input parameters to the substr_compare() function makes it possible to compare offsets outside of the allocated buffer. This allows memory access outside the buffer and the retrieval of sensitive information, leading to a loss of confidentiality.

[CLOSE] OSVDB ID : 32779 - Disclosed: 2007-03-06

Description:

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the ovrimos_longreadlen function in the Ovrimos Extension not properly sanitizing user-supplied input. This may allow an attacker to manipulate arbitrary portions of system memory and execute code.

[CLOSE] OSVDB ID : 32773 - Disclosed: 2007-01-26

Description:

Zend Platform contains a flaw that may allow a malicious user to gain access to unauthorized privileges. A local user can trigger this issue by using the ini_modifier utility's -f parameter to edit a copy of php.ini, which is responsible for loading of PHP extensions that run with root credentials, performing a symlink attack using the directory that contains the attacker-controlled php.ini file, and then linking this directory to /usr/local/Zend/etc. Upon server restart, the injected malicious PHP extensions will be run with root credentials. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 29893 - Disclosed: 2006-10-19

Description:

Serendipity contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to the administration back-end script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 28230 - Disclosed: 2006-08-24

Description:

Zend Platform contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the value in the 'PHPSESSID' variable is a 0 length session identifier or a very long session identifier. It is possible that the flaw may allow an attacker to execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28231 - Disclosed: 2006-08-24

Description:

A remote overflow exists in Zend Platform. The 'mod_cluster' module fails to handle PHP sessions with an overly long or a zero-length session identifier resulting in a buffer overflow. With a specially crafted request, an attacker can cause a arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28232 - Disclosed: 2006-08-24

Description:

Zend Platform contains a flaw that allows a remote attacker to create arbitrary files on the hard disk, via the PHP session identifier. The issue is due to an error in the disk storage module, and may result in a loss of integrity.

[CLOSE] OSVDB ID : 28233 - Disclosed: 2006-08-24

Description:

Zend Platform contains a flaw that may allow a malicious user to hijack an existing session. The flaw exists because the product uses non-standard characters in its creation of PHP session IDs. It is possible that the flaw may allow injection of arbitrary code into the session file resulting in a loss of integrity.

[CLOSE] OSVDB ID : 24072 - Disclosed: 2006-03-23

Description:

A remote overflow exists in KisMAC. KisMAC fails to check boundary in the "WavePacket:parseTaggedData()" function when parsing the Cisco vendor tag for additional SSIDs in a received 802.11 management frame resulting in a stack-based buffer overflow. With a specially crafted set of management frames that are sent onto the wireless network while the user is performing a passive network scan or tricking the user into opening a malicious pcap file, an attacker can cause arbitrary code execution resulting in a loss of integrity, and/or availability.

[CLOSE] OSVDB ID : 22117 - Disclosed: 2005-12-29

Description:

TinyMCE Compressor contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'index' variable and others upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20559 - Disclosed: 2005-11-07

Description:

PHPKIT contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Homepage" variable upon submission to the guestbook scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20560 - Disclosed: 2005-11-07

Description:

PHPKIT contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the userinfo.php script not properly sanitizing user-supplied input to the "id" variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20561 - Disclosed: 2005-11-07

Description:

PHPKIT contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the include.php script not properly sanitizing user-supplied input to the Session ID field. This may allow an attacker to inject or manipulate SQL queries, or delete arbitrary data rows from the back-end database.

[CLOSE] OSVDB ID : 20562 - Disclosed: 2005-11-07

Description:

PHPKIT contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to its subsystem not properly sanitizing user input supplied to the "path" variable. This may allow a remote attacker to send a specially-crafted URL to include a file from the local host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 20563 - Disclosed: 2005-11-07

Description:

PHPKIT contains a flaw that allows remote code execution. This flaw exists because the application does not validate variables upon submission to the scripts utilizing its template engine. This could allow a user to execute remote code, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20386 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code. The issue is triggered due to an error where global variables defined by the user are not properly unset. It is possible that the flaw may allow cross site scripting and SQL injection attacks, and/or execution of arbitrary PHP code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 20387 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'error_msg' variables upon submission to the 'usercp_register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20388 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forward_page' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20389 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list_cat' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20390 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'usercp_register.php' script not properly sanitizing user-supplied input to the 'signature_bbcode_uid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20391 - Disclosed: 2005-10-31

Description:

phpbb contains a flaw that allows remote code execution. This flaw exists because the application does not validate the 'signature_bbcode_uid' variable upon submission to the 'usercp_register.php' script. This could allow a user to execute remote code, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20413 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The flaw exists because the application starts not knowing the values of the $_SESSION or $HTTP_SESSION_VARS variables. It is possible a user can supply arbitrary values to these variables which will cause the register_globals setting to be ignored, allowing for cross-site scripting or SQL injection attacks.

[CLOSE] OSVDB ID : 20414 - Disclosed: 2005-10-31

Description:

phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The issue is triggered when the 'register_long_array' option is turned off making PHP not able to verify user-supplied input to the HTTP_* variables. It is possible that the flaw may result in cross site scripting and SQL injection attacks due to the lack of the register_globals function being honored.

[CLOSE] OSVDB ID : 18889 - Disclosed: 2005-08-15

Description:

XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The problem is that the library does not properly sanitizing certain XML tags that are nested in a parsed PHP document before being used in an 'eval()' call, which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 17786 - Disclosed: 2005-07-07

Description:

PunBB contains a flaw that may allow a remote authenticated attacker to execute arbitrary commands. The issue is due to pun_include not properly sanitizing user input supplied to the redirect_url variable. This may allow an attacker to include a malicious uploaded file such as a forum picture that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 17719 - Disclosed: 2005-07-02

Description:

Cacti contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker uses the no_http_headers variable to bypass normal authentication, and gain administrative privileges. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 17398 - Disclosed: 2005-06-19

Description:

Trac contains a flaw that may allow a malicious user to upload and access arbitrary file. The issue is due to insufficient validation of 'id' variable. An attacker can supply arbitrary paths to attachement upload and viewer scripts, resulting in a loss of integrity.