[CLOSE] OSVDB ID : 25851 - Disclosed: 2006-05-31

Description:

FreeBSD contains a flaw that allows a remote attacker to escape a chroot environment when the chroot is implemented over a Server Message Block File System (SMBFS). The issue is due to the SMBFS not properly sanitizing user input, specifically directory traversal style attacks (..\). This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 25852 - Disclosed: 2006-05-31

Description:

FreeBSD contains a flaw that may allow "securenets" access restrictions to be inadvertantly disabled. The issue is triggered when a change in the build process caused ypserv to fail to load or process the networks and hosts specified in the /var/yp/securenets file. It is possible that the flaw may allow access to NIS maps resulting in a loss of integrity.

[CLOSE] OSVDB ID : 31648 - Disclosed: 2006-05-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in VBulletin 3.0.10 allows remote attackers to execute arbitrary SQL commands via the featureid parameter.

[CLOSE] OSVDB ID : 31649 - Disclosed: 2006-05-31

Description:

(Description Provided by CVE) : The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.

[CLOSE] OSVDB ID : 37032 - Disclosed: 2006-05-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in view_album.php in SelectaPix 1.4 allows remote attackers to execute arbitrary SQL commands via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party sources.

[CLOSE] OSVDB ID : 39401 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'uptodate.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39402 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'slide.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39403 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'sitemap.datatype.php' not properly sanitizing user input supplied to the 'GLOBALS[system_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39404 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'sitemap.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39405 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'shop.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39406 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'search.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39407 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'search.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39408 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'related.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39409 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'register.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39410 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'online.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39411 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'menu.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39412 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'login.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39413 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'listpopulardoc.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39414 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'listlatestdoc.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39415 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'listing_view_combidialog.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39416 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'listing.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39417 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'listing.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39418 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'listcomment.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39419 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'indexadv.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39420 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'index.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39421 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'gallery.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39422 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'gallery.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39423 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'forumdata.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39424 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'forum.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39425 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'forum.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39426 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'forgottenpassword.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39427 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to <SCRIPT> not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39428 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'filelist.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39429 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'changepassword.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39430 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'cform.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39431 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'cform.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39432 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'bulletinboard.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39433 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'breadcrumb.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39434 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'article.datatype.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39435 - Disclosed: 2006-05-31

Description:

METAjour contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'article.class.php' not properly sanitizing user input supplied to the 'system_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.