| OSVDB ID | Disclosure Date | Title |
|---|
|
24792
Description:
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'dn' variable upon submission to the delete_form.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-21
|
phpLDAPadmin delete_form.php dn Parameter XSS
|
|
24793
Description:
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'scope' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-21
|
phpLDAPadmin search.php scope Parameter XSS
|
|
24794
Description:
phpLDAPadmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Container DN', 'Machine Name', or 'UID Number' fields as well as the 'dn' variable upon submission to the template_engine.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-21
|
phpLDAPadmin template_engine.php Multiple Parameter XSS
|
|
24883
Description:
A remote overflow exists in Winny. Winny fails to perform proper bounds checking of unspecified file transfer port commands resulting in a heap-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution in the context of the user who executed the Winny, resulting in a loss of integrity.
|
2006-04-21
|
Winny File Transfer Port Unspecified Remote Overflow
|
|
24902
Description:
(Description Provided by CVE) : Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests.
|
2006-04-21
|
Symantec AntiVirus Scan Engine Authentication Bypass
|
|
24903
Description:
(Description Provided by CVE) : Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications.
|
2006-04-21
|
Symantec AntiVirus Scan Engine Static DSA Key Encryption Weakness
|
|
24904
Description:
(Description Provided by CVE) : Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests.
|
2006-04-21
|
Symantec AntiVirus Scan Engine Unauthenticated Arbitrary File Access
|
|
25136
Description:
(Description Provided by CVE) : CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
|
2006-04-21
|
phpwcms mail_file_form.php Multiple Parameter Arbitrary PHP Code Execution
|
|
25137
Description:
(Description Provided by CVE) : CRLF injection vulnerability in (1) include/inc_act/act_formmailer.php and possibly (2) sample_ext_php/mail_file_form.php in phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to modify HTTP headers and send spam e-mail via a spoofed HTTP Referer (HTTP_REFERER).
|
2006-04-21
|
phpwcms act_formmailer.php HTTP_REFERER Email Header Injection
|
|
24867
Description:
FlexBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the function/showprofile.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2006-04-21
|
FlexBB function/showprofile.php id Parameter SQL Injection
|
|
25207
Description:
Green Minute has been reported to contain an SQL injection flaw in the userscript.php script. The original report indicates that multiple variables fail to sanitize input before passing it to the database for processing. After vendor contact and subsequent testing, it appears that user input is properly sanitized. It is believed that the SQL error message output on a failed query was mistaken for indication of injection ability.
|
2006-04-20
|
Green Minute userscript.php Multiple Parameter SQL Injection
|
|
24805
Description:
Asterisk Recording Interface contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker requests the configuration file '/recordings/includes/main.conf' directly, as there are no controls to prevent such access. This will disclose the application's configuration information, including administrative and database passwords, resulting in a loss of confidentiality.
|
2006-04-20
|
Asterisk Recording Interface (ARI) includes/main.conf Remote Credential Disclosure
|
|
24806
Description:
Asterisk Recording Interface contains a flaw that allows a remote attacker to access other user's voice mail. The issue is due to the '/recordings/misc/audio.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'recording' variable. This may lead to a loss of confidentiality of '.mp3', '.wav' and '.gsm' voice mail messages. In addition, attackers might be able to determine the existence of files of other files within the remote file system.
|
2006-04-20
|
Asterisk Recording Interface (ARI) misc/audio.php recording Parameter Traversal Arbitrary File Access
|
|
25081
Description:
Basic Analysis and Security Engine (BASE) contains a flaw that may allow a malicious user to gain admin privileges without authentication. The issue is triggered when sending a specially crafted cookie. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of confidentiality, integrity, and/or availability.
|
2006-04-20
|
Basic Analysis and Security Engine (BASE) Cookie Authentication Bypass
|
|
24797
Description:
Bloggage contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the check_login.asp script not properly sanitizing user-supplied input to the 'acc_name' and 'password' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2006-04-20
|
Bloggage check_login.asp Multiple Parameter SQL Injection
|
|
24759
Description:
W2B Online Banking contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'SID' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
W2B Online Banking index.php SID Parameter XSS
|
|
24795
Description:
Bookmark4U contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the config.php script not properly sanitizing user-supplied input to the 'sqlcmd' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2006-04-20
|
Bookmark4U config.php 'sqlcmd' Parameter SQL Injection
|
|
25211
Description:
WebSense contains a flaw that may allow a malicious user to bypass URL filtering policies. The issue is triggered when appending a '/?' to the end of a URL which is part of the 'uncategorized' WebSense category, and will allow the user to bypass any restrictions set on 'uncategorized' websites, resulting in a loss of integrity.
|
2006-04-20
|
Websense Crafted URL Uncategorized Filter Bypass
|
|
25206
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter.
|
2006-04-20
|
phpMyAdmin index.php Multiple Parameter XSS
|
|
25204
Description:
(Description Provided by CVE) : ** DISPUTED ** SQL injection vulnerability in search.php in X-Cart Gold and Pro 4.0.18, and X-Cart 4.1.0 beta 1, allows remote attackers to execute arbitrary SQL commands via the "Search for pattern" field, when the settings specify only "Search in Detailed description" and "Search also in ISBN." NOTE: the vendor disputed this issue in a comment on the original researcher's blog, saying "the bug does not impose any security threat and remote attackers can't add, modify, or delete information in the back-end database by sending specially-crafted SQL statements to the search.php script using various search parameters." As of 20060605, the original blog entry is unavailable, although ISS also reports the same dispute. CVE has not been able to investigate this issue further, although the researcher sometimes makes inaccurate claims.
|
2006-04-20
|
X-Cart search.php SQL Injection
|
|
25210
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Thwboard 3.0 Beta 2.84 allows remote attackers to inject arbitrary web script or HTML via the navpath parameter.
|
2006-04-20
|
ThWboard index.php navpath Parameter XSS
|
|
25205
Description:
(Description Provided by CVE) : awstats.pl in AWStats 6.5 build 1.857 and earlier allows remote attackers to obtain the installation path via the (1) year, (2) pluginmode or (3) month parameters.
|
2006-04-20
|
AWStats awstats.pl Multiple Variable Path Disclosure
|
|
24787
Description:
phpSurveyor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'save.php' script not properly sanitizing user-supplied input to the 'surveyid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database. Additionally, the attack can be leveraged to include arbitrary PHP code into the phpSurveyor log files which can then be executed by viewing the log files. Note that this requires the log files to be readable by the attacker and that the web server allows parsing of log files as PHP code.
|
2006-04-20
|
phpSurveyor save.php surveyid Parameter SQL Injection
|
|
31652
Description:
(Description Provided by CVE) : Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
|
2006-04-20
|
GNOME Display Manager (gdm) slave.c Symlink Race Condition
|
|
84275
Description:
Automatic File Distributor (AFD) contains a flaw that is triggered by an error that occurs when enabling tracing. This error will cause the password to be shown for an SSH connection in the trace output.
|
2006-04-20
|
Automatic File Distributor (AFD) Tracing Enabling SSH Connection Local Password Disclosure
|
|
24761
Description:
KCScripts Portal Pack contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sort_order' variables upon submission to the 'calendar/Visitor.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
KCScripts Portal Pack calendar/Visitor.cgi sort_order Parameter XSS
|
|
24762
Description:
KCScripts Portal Pack contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sort_order' variable upon submission to the 'news/NsVisitor' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
KCScripts Portal Pack news/NsVisitor.cgi sort_order Parameter XSS
|
|
24763
Description:
KCScripts Portal Pack contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search/search.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
KCScripts Portal Pack search/search.cgi q Parameter XSS
|
|
24764
Description:
KCScripts Portal Pack contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat_id' variable upon submission to the 'classifieds/viewcat.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
KCScripts Portal Pack classifieds/viewcat.cgi cat_id Parameter XSS
|
|
24777
Description:
I-RATER Platinum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'include/common.php' script not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2006-04-20
|
I-RATER Platinum include/common.php include_path Parameter Remote File Inclusion
|
|
24754
Description:
Net Clubs Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'onuser', 'pass', 'chatsys', 'room', 'username' and 'to' variables upon submission to the 'sendim.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
Net Clubs Pro sendim.cgi Multiple Parameter XSS
|
|
24755
Description:
Net Clubs Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the 'imessage.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
Net Clubs Pro imessage.cgi username Parameter XSS
|
|
24756
Description:
Net Clubs Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'password' variable upon submission to the 'login.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
Net Clubs Pro login.cgi password Parameter XSS
|
|
24757
Description:
Net Clubs Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat_id' variable upon submission to the 'viewcat.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-04-20
|
Net Clubs Pro viewcat.cgi cat_id Parameter XSS
|
|
41400
Description:
Unknown / Incomplete
|
2006-04-20
|
LimeSurvey save.php Apache Log File PHP Code Injection
|
|
31837
Description:
A remote overflow exists in Mac OS X. The ImageIO and AppKit frameworks fail to validate GIF and TIFF image files resulting in a heap overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2006-04-20
|
Apple Mac OS X LZWDecodeVector Crafted TIFF Overflow
|
|
84276
Description:
Automatic File Distributor (AFD) contains a flaw that may allow an attacker to gain access to unauthorized privileges. This issue is triggered when a user cannot read the afd.users file, which will result in the program failing to give proper permissions to users. This may allow an attacker to gain escalated privileges.
|
2006-04-20
|
Automatic File Distributor (AFD) afd.users File Permission Handling Unspecified Privilege Escalation
|
|
25022
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter.
|
2006-04-19
|
Invision Power Board index.php st Parameter SQL Injection
|
|
24819
Description:
A remote overflow exists in the Mac OS X default handler for files with a '.zip' extension. The 'BOMStackPop' function fails to properly validate input, resulting in a heap overflow. With a specially crafted file, an attacker can cause the applicaton to crash and potentially execute arbitrary code on the victim's system, resulting in a loss of integrity.
|
2006-04-19
|
Apple Mac OS X .zip Parsing BOMStackPop() Function Overflow
|
|
24820
Description:
A remote overflow exists in the Mac OS X default handler for files with a '.bmp' extension. The 'ReadBMP' function fails to properly validate input, resulting in a heap overflow. With a specially crafted file, an attacker can cause the applicaton to crash and potentially execute arbitrary code on the victim's system, resulting in a loss of integrity.
|
2006-04-19
|
Apple QuickTime BMP Processing ReadBMP() Function Overflow
|
