[CLOSE] OSVDB ID : 27627 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.

[CLOSE] OSVDB ID : 27628 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in HSPcomplete 3.2.2 and 3.3 Beta and earlier allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in report.php and (2) level parameter in custom_buttons.php.

[CLOSE] OSVDB ID : 28137 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. NOTE: spread deletes this temporary file before use, which could cause conflicts with other programs that use the same filename, but this is not a distinct issue.

[CLOSE] OSVDB ID : 43500 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in MYweb4net Browser 3.8.8.0 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43501 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in GreenBrowser 3.4.0622 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43502 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in Maxthon 1.5.6 build 42 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43503 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43504 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43505 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43506 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43507 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43508 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in Fast Browser Pro 8.1 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 43509 - Disclosed: 2006-06-27

Description:

(Description Provided by CVE) : Cross-domain vulnerability in GoSuRF Browser 2.62 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280.

[CLOSE] OSVDB ID : 26654 - Disclosed: 2006-06-27

Description:

CA Integrated Threat Management, eTrust Antivirus and eTrust PestPatrol Anti-Spyware Corporate Edition contain a flaw that may allow a remote denial of service. The issue is triggered when a format string error occurs when handling the description field of a scan job, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 26829 - Disclosed: 2006-06-26

Description:

Emilia Pinball contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified error occurs when loading compiled plugins, and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 26828 - Disclosed: 2006-06-26

Description:

Qdig contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'pre_gallery' and 'post_gallery' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26862 - Disclosed: 2006-06-26

Description:

CBSMS Mambo module contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_cbsms_messages.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 26861 - Disclosed: 2006-06-26

Description:

A buffer overflow exists in PrivateWire. The registration functionality fails to validate GET requests resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 26930 - Disclosed: 2006-06-26

Description:

Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user performs a search in an AFP share, which will disclose filenames for which the user has no permission resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 26931 - Disclosed: 2006-06-26

Description:

A local overflow exists in Mac OS X. The ImageIO library fails to validate TIFF image files resulting in a stack overflow. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 26932 - Disclosed: 2006-06-26

Description:

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted request to the OpenLDAP server, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 26933 - Disclosed: 2006-06-26

Description:

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the CF_syslog() function passes unchecked data to syslog(), allowing for a possible format string exploit. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 26924 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in IBM Lotus Notes and Domino Server before 6.5.5 have unknown impact and attack vectors, due to "potential security issues" as identified by SPR numbers (1) GPKS6C9J67 in Agents, (2) JGAN6B6TZ3 and (3) KSPR699NBP in the Router, (4) GPKS5YQGPT in Security, or (5) HSAO6BNL6Y in the Web Server. NOTE: vector 3 is related to an issue in NROUTER in IBM Lotus Notes and Domino Server before 6.5.4 FP1, 6.5.5, and 7.0, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted vCal meeting request sent via SMTP (aka SPR# KSPR699NBP).

[CLOSE] OSVDB ID : 26858 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.7.7 allow remote attackers to inject arbitrary HTML or web script via unspecified attack vectors, possibly including (1) calendar/myagenda.php, (2) document/document.php, (3) phpbb/newtopic.php, (4) tracking/userLog.php, and (5) wiki/page.php.

[CLOSE] OSVDB ID : 26910 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Remember Me' functionality. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26911 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Related Items' module. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26912 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to the 'Weblinks' functionality. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 26913 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the 'SEF' functionality. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26914 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw related that enables an unspecified spoofing attack on the 'frontend submission forms'. No further details have been provided.

[CLOSE] OSVDB ID : 26915 - Disclosed: 2006-06-26

Description:

Joomla! contains an unspecified flaw related to the 'mosmsg' variable. No further details have been provided.

[CLOSE] OSVDB ID : 26916 - Disclosed: 2006-06-26

Description:

Joomla! contains an unspecified input validation flaw related to the 'mosgetparam' parameter. No further details have been provided.

[CLOSE] OSVDB ID : 26917 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'com_messages' variables upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26918 - Disclosed: 2006-06-26

Description:

Joomla! contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to scripts that make use of the 'getUserStateFromRequest()' function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26855 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Search gadget in Jaws 0.6.2 allows remote attackers to execute arbitrary SQL commands via queries with the "LIKE" keyword in the searchdata parameter (search field).

[CLOSE] OSVDB ID : 27625 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to execute arbitrary SQL commands via the (1) offset, (2) tid, (3) fromid, (4) sortby, (5) fromfrommethod, and (6) fromfromlist parameters.

[CLOSE] OSVDB ID : 27626 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Zorum Forum 3.5 allows remote attackers to inject web script or HTML via the multiple unspecified parameters, including the (1) frommethod, (2) list, and (3) method, which are reflected in an error message. NOTE: some of these vectors might be resultant from SQL injection.

[CLOSE] OSVDB ID : 27624 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : PlaNet Concept planetNews allows remote attackers to bypass authentication and execute arbitrary code via a direct request to news/admin/planetnews.php.

[CLOSE] OSVDB ID : 27660 - Disclosed: 2006-06-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28189 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : SQL injection vulnerability in cms_admin.php in THoRCMS 1.3.1 allows remote attackers to execute arbitrary SQL commands via multiple unspecified parameters, such as the add_link_mid parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.

[CLOSE] OSVDB ID : 31742 - Disclosed: 2006-06-26

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in mod_cbsms.php in CBSMS Mambo Module 1.0 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the mosC_a_path parameter. NOTE: the provenance of this information is unknown; portions of the details are obtained from third party information.