| OSVDB ID | Disclosure Date | Title |
|---|
|
19482
Description:
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'limit' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-16
|
DeluxeBB index.php limit Parameter SQL Injection
|
|
19483
Description:
DeluxeBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'limit' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-09-16
|
DeluxeBB index.php limit Parameter XSS
|
|
19614
Description:
Lotus Domino contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-09-16
|
IBM Lotus Domino Unspecified XSS
|
|
19569
Description:
Apple Safari contains a flaw that may allow a URI to cause a denial of service. The issue is triggered when a malformed data:// URI is loaded, which will result in a crash of the browser.
|
2005-09-16
|
Apple Safari data:// URI Handler Memory Corruption DoS
|
|
19458
Description:
(Description Provided by CVE) : arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
|
2005-09-16
|
ARC arc Temporary Archive Permission Weakness Information Disclosure
|
|
19459
Description:
The vulnerability is caused due to temporary file being created insecurely. This can be exploited via symlink attacks to create and overwrite arbitrary files with the privileges of the user running the affected script.
|
2005-09-16
|
GNOME Workstation Command Center (gwcc) gwcc_out.txt Symlink Arbitrary File Overwrite
|
|
19984
Description:
(Description Provided by CVE) : arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
|
2005-09-16
|
ARC marc Temporary Archive Permission Weakness Information Disclosure
|
|
19479
Description:
TRAC Vista Webstation contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the ISALogin.dll program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the Template variable.
|
2005-09-16
|
TAC Vista ISALogin.dll Template Parameter Traversal Arbitrary File Access
|
|
19619
Description:
ncompress 4.2.4 and earlier contains a flaw related to (1) zdiff or (2) zcmp,and it may allow an attacker to overwrite files using a symlink attack.
|
2005-09-16
|
ncompress / gzip zcmp Symlink Arbitrary File Overwrite
|
|
25417
Description:
Unknown / Incomplete
|
2005-09-16
|
IBM WebSphere Application Server (WAS) Session Trace Information Disclosure (PK05011)
|
|
19434
Description:
(Description Provided by CVE) : URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.
|
2005-09-16
|
URBAN savegame.dat Symlink Arbitrary File Overwrite
|
|
19435
Description:
(Description Provided by CVE) : URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.
|
2005-09-16
|
URBAN .urban Symlink Arbitrary File Overwrite
|
|
19432
Description:
(Description Provided by CVE) : ADSL Road Runner modem in the Annex A family has a service running on port 224, which allows remote attackers to login to the modem with a blank password and gain unauthorized access.
|
2005-09-16
|
ADSL Road Runner (Annex A) Port 224 Unauthenticated Access
|
|
19433
Description:
(Description Provided by CVE) : CRLF injection vulnerability in thesitewizard.com chfeedback.pl Feedback Form Perl Script 2.0.1 allows remote attackers to use the script as a mail relay (spam proxy) via CRLF sequences in the (1) name or (2) email fields, which are injected into mail headers.
|
2005-09-16
|
thesitewizard chfeedback.pl Multiple Field CRLF Arbitrary Mail Relay
|
|
20693
Description:
PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the article.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
PHP-Nuke article.php sid Parameter SQL Injection
|
|
20694
Description:
PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the comments.php script not properly sanitizing user-supplied input to the 'sid', 'pid' and 'tid' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
PHP-Nuke comments.php Multiple Parameter SQL Injection
|
|
19487
Description:
(Description Provided by CVE) : The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the gtkdiskfree temporary file.
|
2005-09-15
|
GtkDiskFree /tmp/gtkdiskfree Symlink Arbitrary File Overwrite
|
|
19608
Description:
(Description Provided by CVE) : HP LaserJet 2430, and possibly other printers that use Jetdirect controls, stores information about recently printed documents without proper protection, which could allow remote attackers to obtain sensitive information via SNMP.
|
2005-09-15
|
HP LaserJet SNMP Username/Document Information Disclosure
|
|
19605
Description:
(Description Provided by CVE) : SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes.
|
2005-09-15
|
Oracle Reports Lexical Reference SQL Injection
|
|
19471
Description:
(Description Provided by CVE) : The MasterDataCD::createImage function in masterdatacd.cpp for SimpleCDR-X 1.3.3 creates the .temp temporary directory with insecure permissions, which allows local users to read sensitive ISO images.
|
2005-09-15
|
SimpleCDR-X Temporary Image Local Disclosure
|
|
19414
Description:
Various AhnLab V3 products contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the 'v3flt2k.sys' real-time scan driver does not validate the source of received 'DeviceIoControl()' commands, which may allow a malicious user to run 'explorer.exe' with SYSTEM privileges and/or disable the scan engine with specially crafted 'DeviceIoControl' requests resulting in a loss of integrity.
|
2005-09-15
|
AhnLab V3 Anti-Virus v3flt2k.sys DeviceIoControl() Local Privilege Escalation
|
|
19415
Description:
A remote overflow exists in various AhnLab V3 products. The ACE archive decompression library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ACE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-09-15
|
AhnLab V3 Anti-Virus ACE Archive Decompression Long Filename Overflow
|
|
19416
Description:
Ahnlab V3 contains a flaw that allows a remote attacker to write files to arbitrary directories. The issue is due to an error in the archive decompression library and occurs when a malicious archive is scanned containing compressed files with directory traversal sequences in their filenames.
|
2005-09-15
|
AhnLab V3 Anti-Virus Archive Decompression Traversal Arbitrary File Write
|
|
19418
Description:
(Description Provided by CVE) : Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 allows remote attackers to list and read contents of arbitrary drives, related to "the PHP vulnerability."
|
2005-09-15
|
Hosting Controller Unspecified PHP Arbitrary Drive/File Access
|
|
19419
Description:
(Description Provided by CVE) : Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 and earlier might allow remote NNTP servers to execute arbitrary code via a date with a long month.
|
2005-09-15
|
Turquoise SuperStat Date Parser Crafted NNTP Server Response Overflow
|
|
21522
Description:
Unknown / Incomplete
|
2005-09-15
|
libextractor PNG Extractor Overflow
|
|
19420
Description:
Noahs Classifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'rollid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
Noah's Classifieds index.php rollid Parameter SQL Injection
|
|
19421
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in phpoutsourcing Noah's classifieds 1.3 allows remote attackers to inject arbitrary web script or HTML via the rollid parameter.
|
2005-09-15
|
Noah's Classifieds index.php rollid Parameter XSS
|
|
19462
Description:
(Description Provided by CVE) : Avocent CCM console server running firmware 2.1 CCM4850 allows remote authenticated attackers to bypass port restrictions by connecting to the server via SSH and using the connect command to access the serial port.
|
2005-09-15
|
Avocent CCM Port Access Control Bypass
|
|
19463
Description:
aeDating contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search_result.php script not properly sanitizing user-supplied input to the Country[] variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
aeDating search_result.php Country[] Parameter SQL Injection
|
|
19404
Description:
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'topic.php' script not properly sanitizing user-supplied input to the 'tid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
DeluxeBB topic.php tid Parameter SQL Injection
|
|
19405
Description:
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'misc.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
DeluxeBB misc.php uid Parameter SQL Injection
|
|
19406
Description:
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
DeluxeBB forums.php fid Parameter SQL Injection
|
|
19407
Description:
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
DeluxeBB pm.php uid Parameter SQL Injection
|
|
19408
Description:
DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newpost.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
DeluxeBB newpost.php fid Parameter SQL Injection
|
|
19460
Description:
Digital Scribe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-15
|
Digital Scribe login Field SQL Injection
|
|
19469
Description:
(Description Provided by CVE) : Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to bypass authentication via a null session.
|
2005-09-14
|
Compuware DriverStudio NULL Session Authentication
|
|
19470
Description:
(Description Provided by CVE) : Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 beta 2 allows remote attackers to cause a denial of service (reboot) via a UDP packet sent directly to port 9110.
|
2005-09-14
|
Compuware DriverStudio Port 9110 Crafted UDP Packet DoS
|
|
19411
Description:
ATutor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password_reminder.php script not properly sanitizing user-supplied input to the 'email' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-14
|
ATutor password_reminder.php Email Field SQL Injection
|
|
19412
Description:
(Description Provided by CVE) : config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an incomplete blacklist to check for dangerous file extensions, which allows authenticated administrators or educators to execute arbitrary code by uploading files with other executable extensions such as .inc, .php4, or others.
|
2005-09-14
|
ATutor .inc File Extension Validation Failure Command Execution
|
