[CLOSE] OSVDB ID : 37337 - Disclosed: 2006-04-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in sources/join.php in Aardvark Topsites PHP 4.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[path] parameter, a different vector than CVE-2006-2149.

[CLOSE] OSVDB ID : 27780 - Disclosed: 2006-04-29

Description:

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an OS X application is directed to open a malformed EXR file, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 26968 - Disclosed: 2006-04-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25163 - Disclosed: 2006-04-29

Description:

HB-NS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "topic" and "id" variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 25164 - Disclosed: 2006-04-29

Description:

HB-NS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "poster_name", "poster_email", "poster_homepage", and "message" variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25157 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in news.php in AZNEWS allows remote attackers to execute arbitrary SQL commands via the ID parameter.

[CLOSE] OSVDB ID : 25155 - Disclosed: 2006-04-29

Description:

WEBInsta Limbo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to sql.php not properly sanitizing user input supplied to the 'classes_dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 25140 - Disclosed: 2006-04-29

Description:

OpenPHPNuke contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to master.php not properly sanitizing user input supplied to the 'root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 26774 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Project EROS bbsengine before bbsengine-20060429-1550-jam allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters in the php/comment.php and (2) the getpartialmatches method in php/aolbonics.php.

[CLOSE] OSVDB ID : 25262 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

[CLOSE] OSVDB ID : 25166 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Thyme 1.3 allows remote attackers to inject arbitrary web script or HTML via the search page.

[CLOSE] OSVDB ID : 25123 - Disclosed: 2006-04-29

Description:

TextFileBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '[color]', '[size]', and '[url]' BBcode upon submission to an unknown or unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 41174 - Disclosed: 2006-04-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25295 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events.

[CLOSE] OSVDB ID : 25607 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in weblog_posting.php in Blog Mod 0.2.x allows remote attackers to execute arbitrary SQL commands via the r parameter.

[CLOSE] OSVDB ID : 25606 - Disclosed: 2006-04-29

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.4 might allow attackers to cause a denial of service via format string specifiers in an MP3 filename specified on the command line. NOTE: this is a different vulnerability than CVE-2006-1905. In addition, if the only attack vectors involve a user-assisted, local command line argument of a non-setuid program, this issue might not be a vulnerability.

[CLOSE] OSVDB ID : 33794 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the registration form in Casinosoft Casino Script (Masvet) 3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) surname field.

[CLOSE] OSVDB ID : 25582 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.

[CLOSE] OSVDB ID : 25581 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is probably erroneous, since CoolMenus does not appear to be written in PHP.

[CLOSE] OSVDB ID : 31436 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : SQL injection vulnerability in detail.asp in DUclassified allows remote attackers to execute arbitrary SQL commands via the iPro parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 25130 - Disclosed: 2006-04-28

Description:

ARtmedic Event contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 25248 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : Virtual Private Server (Vserver) 2.0.x before 2.0.2-rc18 and 2.1.x before 2.1.1-rc18 provides certain context capabilities (ccaps) that allow local guest users to perform operations that were only intended to be allowed by the guest-root.

[CLOSE] OSVDB ID : 25066 - Disclosed: 2006-04-28

Description:

Network Administration Visualized contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the report interface not properly sanitizing user-supplied input to an unknown variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 25156 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : SQL injection vulnerability in login.php in Ruperts News allows remote attackers to execute arbitrary SQL commands via the username parameter.

[CLOSE] OSVDB ID : 25188 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array.

[CLOSE] OSVDB ID : 25073 - Disclosed: 2006-04-28

Description:

Internet Explorer contains a flaw that may allow a malicious user to access documents served from another web site. The issue is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. It is possible that the flaw may allow a malicious website to access properties of a site in an arbitrary external domain in the context of the victim user's browser resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 25153 - Disclosed: 2006-04-28

Description:

4images contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'top.php' script not properly sanitizing user-supplied input to the 'sessionid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 25154 - Disclosed: 2006-04-28

Description:

4images contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'member.php' script not properly sanitizing user-supplied input to the 'sessionid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 25061 - Disclosed: 2006-04-28

Description:

Kmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' and 'ordner' variables upon submission to the main.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25062 - Disclosed: 2006-04-28

Description:

Kmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'draft' variable upon submission to the compose.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25063 - Disclosed: 2006-04-28

Description:

Kmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ordner' variable upon submission to the webdisk.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25064 - Disclosed: 2006-04-28

Description:

Kmail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'm' and 'y' variables upon submission to the calendar.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25065 - Disclosed: 2006-04-28

Description:

Kmail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the 'd' variable of the calendar.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 25261 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 25294 - Disclosed: 2006-04-28

Description:

TopList contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to list.php not properly sanitizing user input supplied to the 'returnpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 25260 - Disclosed: 2006-04-28

Description:

TopList contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to toplist.php not properly sanitizing user input supplied to the 'phpbb_root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 25298 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request.

[CLOSE] OSVDB ID : 25299 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.

[CLOSE] OSVDB ID : 25296 - Disclosed: 2006-04-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25297 - Disclosed: 2006-04-28

Description:

Unknown / Incomplete