[CLOSE] OSVDB ID : 54106 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31982 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31983 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31984 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31985 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31986 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31987 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31988 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31989 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31990 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31991 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31992 - Disclosed: 2006-11-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31953 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).

[CLOSE] OSVDB ID : 33212 - Disclosed: 2006-11-21

Description:

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'gID' variable upon submission to the 'configuration.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33213 - Disclosed: 2006-11-21

Description:

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'set' and 'module' variables upon submission to the 'modules.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33214 - Disclosed: 2006-11-21

Description:

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'option_order_by' , 'option_page' and 'value_page' variables upon submission to the 'products_attributes.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33216 - Disclosed: 2006-11-21

Description:

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'lID' variable upon submission to the 'languages.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33217 - Disclosed: 2006-11-21

Description:

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cID' and 'selected_box' variables upon submission to the 'customers.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33218 - Disclosed: 2006-11-21

Description:

osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'spage', 'zID' and 'sID' variables upon submission to the 'geo_zones.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30641 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

[CLOSE] OSVDB ID : 30658 - Disclosed: 2006-11-21

Description:

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mod', 'image', 'area', and 'source' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30659 - Disclosed: 2006-11-21

Description:

CuteNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30657 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in system/core/users/users.profile.inc.php in Neocrome Seditio 1.10 and earlier allows remote authenticated users to execute arbitrary SQL commands via a double-url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by an encoded NULL and ' (apostrophe) (%2500%2527).

[CLOSE] OSVDB ID : 31712 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 30656 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.

[CLOSE] OSVDB ID : 30655 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 30564 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.

[CLOSE] OSVDB ID : 30721 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

[CLOSE] OSVDB ID : 30652 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in search.asp in CreaScripts Creadirectory allows remote attackers to execute arbitrary SQL commands via the category parameter.

[CLOSE] OSVDB ID : 30653 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.

[CLOSE] OSVDB ID : 30654 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in CreaScripts Creadirectory allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to addlisting.asp or the (2) search parameter to search.asp.

[CLOSE] OSVDB ID : 30651 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter.

[CLOSE] OSVDB ID : 30650 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in adminprint.php in PicturesPro Photo Cart 3.9 allow remote attackers to execute arbitrary PHP code via a URL in the (1) admin_folder and (2) path parameters.

[CLOSE] OSVDB ID : 30560 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple buffer overflows in the Message Parsing Interpreter (MPI) in Fuzzball MUCK before 6.07 allow remote attackers to execute arbitrary code via crafted messages.

[CLOSE] OSVDB ID : 30510 - Disclosed: 2006-11-21

Description:

Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when mounting a corrupt UDTO HFS+ disk image file, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 30647 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.

[CLOSE] OSVDB ID : 30648 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in JiRos Links Manager allow remote attackers to execute arbitrary SQL commands via the (1) LinkID parameter to openlink.asp or the (2) CategoryID parameter to viewlinks.asp.

[CLOSE] OSVDB ID : 30649 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 79165 - Disclosed: 2006-11-21

Description:

(Description Provided by CVE) : The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password.

[CLOSE] OSVDB ID : 30637 - Disclosed: 2006-11-21

Description:

A remote overflow exists in BrightStor ARCserve Backup Tape Engine. The BrightStor ARCserve Backup Tape Engine uses insufficient bounds checking resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.