[CLOSE] OSVDB ID : 31702 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.

[CLOSE] OSVDB ID : 30724 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Apple Airport Extreme firmware 0.1.27 in Mac OS X 10.4.8 on Mac mini, MacBook, and MacBook Pro with Core Duo hardware allows remote attackers to cause a denial of service (out-of-bounds memory access and kernel panic) and have possibly other security-related impact via certain beacon frames.

[CLOSE] OSVDB ID : 31781 - Disclosed: 2006-11-30

Description:

A remote overflow exists in NetBSD and Mac OS X. The glob.c implementation in ftpd daemon fails to validate long pathnames resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 31718 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals.

[CLOSE] OSVDB ID : 31716 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. (dot dot) in the src parameter, a different vector than CVE-2005-3086.

[CLOSE] OSVDB ID : 31803 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

[CLOSE] OSVDB ID : 31804 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

[CLOSE] OSVDB ID : 31805 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. NOTE: vector 1 might be the same as CVE-2006-5290.

[CLOSE] OSVDB ID : 31806 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allow remote attackers to gain access via unspecified vectors related to "browser permissions."

[CLOSE] OSVDB ID : 31807 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option."

[CLOSE] OSVDB ID : 31808 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Web services in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 do not require HTTPS, which allows remote attackers to obtain sensitive information by sniffing the unencrypted HTTP traffic.

[CLOSE] OSVDB ID : 31809 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors.

[CLOSE] OSVDB ID : 31810 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors.

[CLOSE] OSVDB ID : 31811 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps.

[CLOSE] OSVDB ID : 31812 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to bypass authentication controls via unknown vectors.

[CLOSE] OSVDB ID : 31813 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.

[CLOSE] OSVDB ID : 31814 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.

[CLOSE] OSVDB ID : 31815 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.

[CLOSE] OSVDB ID : 31816 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors.

[CLOSE] OSVDB ID : 31817 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.

[CLOSE] OSVDB ID : 31818 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature.

[CLOSE] OSVDB ID : 31819 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon.

[CLOSE] OSVDB ID : 31820 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates.

[CLOSE] OSVDB ID : 31821 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing.

[CLOSE] OSVDB ID : 31822 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing.

[CLOSE] OSVDB ID : 31823 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive.

[CLOSE] OSVDB ID : 31824 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Multple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allow remote attackers to have an unspecified impact via unspecified vectors relating to "HTTP Security issues."

[CLOSE] OSVDB ID : 31825 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to download the audit log and obtain potentially sensitive information via unspecified vectors.

[CLOSE] OSVDB ID : 31826 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file.

[CLOSE] OSVDB ID : 31827 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : ops3-dmn in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows attackers to cause a denial of service (application crash and core dump) via a certain PS file.

[CLOSE] OSVDB ID : 31828 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages.

[CLOSE] OSVDB ID : 31829 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : The SNMP implementation in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 does not generate authentication failure traps, which allows remote attackers to more easily gain system access and obtain sensitive information via a brute force attack.

[CLOSE] OSVDB ID : 31513 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Stack-based buffer overflow in AtomixMP3 2.3 and earlier allows remote attackers to execute arbitrary code via a long pathname in an M3U file.

[CLOSE] OSVDB ID : 31710 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Stack-based buffer overflow in VUPlayer 2.44 and earlier allows remote attackers to execute arbitrary code via a long string in an M3U file, aka an "M3U UNC Name" attack.

[CLOSE] OSVDB ID : 31701 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow.

[CLOSE] OSVDB ID : 31706 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 31700 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 34022 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.

[CLOSE] OSVDB ID : 31727 - Disclosed: 2006-11-30

Description:

(Description Provided by CVE) : HTTP request smuggling vulnerability in Sun Java System Proxy Server before 20061130, when used with Sun Java System Application Server or Sun Java System Web Server, allows remote attackers to bypass HTTP request filtering, hijack web sessions, perform cross-site scripting (XSS), and poison web caches via unspecified attack vectors.

[CLOSE] OSVDB ID : 31782 - Disclosed: 2006-11-30

Description:

Unknown / Incomplete