[CLOSE] OSVDB ID : 29068 - Disclosed: 2006-07-26

Description:

Multiple Cisco products contain a flaw that may allow a remote denial of service. The issue is triggered when IKE Phase-1 packets are sent to a VPN-enabled product at a faster rate than the session expiry setting on the device, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 27556 - Disclosed: 2006-07-26

Description:

(Description Provided by CVE) : Eval injection vulnerability in the configure script in TWiki 4.0.0 through 4.0.4 allows remote attackers to execute arbitrary Perl code via an HTTP POST request containing a parameter name starting with "TYPEOF".

[CLOSE] OSVDB ID : 27764 - Disclosed: 2006-07-26

Description:

(Description Provided by CVE) : Hewlett-Packard (HP) ProCurve 3500yl, 6200yl, and 5400zl switches with software before K.11.33 allow remote attackers to cause a denial of service (possibly memory leak or system crash) via unknown vectors.

[CLOSE] OSVDB ID : 27550 - Disclosed: 2006-07-26

Description:

(Description Provided by CVE) : The SMB Mailslot parsing functionality in PAM in multiple ISS products with XPU (24.39/1.78/epj/x.x.x.1780), including Proventia A, G, M, Server, and Desktop, BlackICE PC and Server Protection 3.6, and RealSecure 7.0, allows remote attackers to cause a denial of service (infinite loop) via a crafted SMB packet that is not properly handled by the SMB_Mailslot_Heap_Overflow decode.

[CLOSE] OSVDB ID : 27548 - Disclosed: 2006-07-26

Description:

ZyXEL Prestige 660H-61 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'a' variable upon submission to Forms/rpSysAdmin. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27541 - Disclosed: 2006-07-26

Description:

(Description Provided by CVE) : The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm.

[CLOSE] OSVDB ID : 27516 - Disclosed: 2006-07-26

Description:

A local overflow exists in AutoVue SolidModel Professional. The AutoVue SolidModel Professional fails to open specialy crafted ARJ, RAR and ZIP archive files resulting in a stack overflow. With a specially crafted archive, an attacker can potentially cause the execution of arbitrary code resulting in a loss of availability or integrity.

[CLOSE] OSVDB ID : 28992 - Disclosed: 2006-07-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 84076 - Disclosed: 2006-07-26

Description:

PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker submits a malformed cookie to the session_start() function, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29071 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : Buffer overflow in the daemon function in midirecord.cc in Tuomas Airaksinen Midirecord 2.0 allows local users to execute arbitrary code via a long command line argument (filename). NOTE: This may not be a vulnerability if Midirecord is not installed setuid.

[CLOSE] OSVDB ID : 38539 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.

[CLOSE] OSVDB ID : 29109 - Disclosed: 2006-07-25

Description:

Phpauction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'auction_room.php' script not properly sanitizing user-supplied input to the 'ar' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 29110 - Disclosed: 2006-07-25

Description:

Phpauction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'auction_store.php' script not properly sanitizing user-supplied input to the 'u' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 29067 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : post.php in x_atrix xGuestBook 1.02 allows remote attackers to obtain sensitive information via a request without the (1) user, (2) mail, (3) p, or (4) url parameter, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 27486 - Disclosed: 2006-07-25

Description:

A remote overflow exists in FileCOPA FTP server. The product fails to perform correct boundary checks on directory names such as 'CWD', 'DELE', 'MDTM', and 'MKD' when processing a client's command, resulting in a integer underflow. With a specially crafted command, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27560 - Disclosed: 2006-07-25

Description:

Mozilla Firefox 1.5.0.1, 1.5.0.2, 1.5.0.3, and 1.5.0.4, Mozilla Thunderbird 1.5.0.1, 1.5.0.2, 1.5.0.3, and 1.5.0.4, and Mozilla SeaMonkey 1.0.2 contain a use-after-free error when handling simultaneously occurring XPCOM events. With a specially crafted web page, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 27491 - Disclosed: 2006-07-25

Description:

A local overflow exists in TurboZIP. TurboZIP fails to properly repair a crafted ZIP file archive resulting in a stack overflow. By using a long filename (>2048 bytes) in the ZIP archive, an attacker can trick someone into opening and repairing the archive to execute arbitrary code.

[CLOSE] OSVDB ID : 27557 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : OSSP shiela 1.1.5 and earlier allows remote authenticated users to execute arbitrary commands on the CVS server via shell metacharacters in a filename that is committed.

[CLOSE] OSVDB ID : 27544 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.

[CLOSE] OSVDB ID : 27545 - Disclosed: 2006-07-25

Description:

PHPProBid contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'viewfeedback.php' script not properly sanitizing user-supplied input to the 'view' or 'start' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 27546 - Disclosed: 2006-07-25

Description:

PHPProBid contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'categories.php' script not properly sanitizing user-supplied input to the 'orderType' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 27481 - Disclosed: 2006-07-25

Description:

sNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search_query' variables upon submission to the 'snews.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27543 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in manager/media/ibrowser/scripts/rfiles.php in Etomite CMS 0.6.1 and earlier allows remote attackers to upload and execute arbitrary files via an nfile[] parameter with a filename that contains a .php extension followed by a valid image extension such as .gif or .jpg, then calling the rename function.

[CLOSE] OSVDB ID : 27492 - Disclosed: 2006-07-25

Description:

A local overflow exists in PowerArchiver. PowerArchiver fails to add a file with a long filename into a ZIP archive resulting in a stack overflow. With a specially crafted archive containing a long filename, an attacker can execute arbitrary code resulting in a loss of integrity and/or availability.

[CLOSE] OSVDB ID : 27495 - Disclosed: 2006-07-25

Description:

A remote overflow exists in the Tumbleweed Email Firewall. The mail decomposer module (MMSDecompose) of Tumbleweed Email Firewall fails to handle specially crafted LHA compressed archives resulting in a stack overflow. By sending a crafted mail, an attacker can potentially execute arbitrary code resulting in a loss of integrity and/or availability.

[CLOSE] OSVDB ID : 27522 - Disclosed: 2006-07-25

Description:

Professional Home Page Tools contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "name", "vorname", and "nachname" variables upon submission to the Login script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27542 - Disclosed: 2006-07-25

Description:

WWWthreads contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'week' variable upon submission to the 'calendar.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27518 - Disclosed: 2006-07-25

Description:

LinksCaffe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the links.php script not properly sanitizing user-supplied input to the 'cat', 'link_id', 'newdays', and 'offset' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database. When the magic_quote_gpc PHP option is disabled an attacker may use this flaw to create a shell in a writable folder that can be used to run arbitrary commands. Additionally, if a failed query is performed, the program will disclose the softwares installation path. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 27519 - Disclosed: 2006-07-25

Description:

LinksCaffe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tablewidth' variable upon submission to the counter.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27520 - Disclosed: 2006-07-25

Description:

LinksCaffe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'newdays' variable upon submission to the links.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27521 - Disclosed: 2006-07-25

Description:

LinksCaffe contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tableborder', 'menucolor', 'textcolor' and 'bodycolor' variables upon submission to the menu.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27489 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : Stack-based buffer overflow in sipd.dll in AGEphone 1.24 and 1.38.1 allows remote attackers to execute arbitrary code via a crafted UDP SIP packet.

[CLOSE] OSVDB ID : 27517 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in SD Studio CMS allows remote attackers to execute arbitrary SQL commands via the (1) news_id, (2) tid, and (3) page_id parameters.

[CLOSE] OSVDB ID : 27490 - Disclosed: 2006-07-25

Description:

Multiple overflows exist in DynaZip. DZIP32.DLL and DZIPS32.DLL fail to validate ZIP archives resulting in stack overflows. With a specially crafted file, a context-dependent attacker can cause arbitrary code executions resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27525 - Disclosed: 2006-07-25

Description:

A remote overflow exists in eIQnetworks Enterprise Security Analyzer. The Syslog daemon (syslogserver.exe) fails to perform proper bounds checking on the listening TCP port requests resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27526 - Disclosed: 2006-07-25

Description:

A remote overflow exists in eIQnetworks Enterprise Security Analyzer. The license manager daemon (EnterpriseSecurityAnalyzer.exe) fails to perform proper bounds checking on the LICMGR_ADDLICENSE commands resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27527 - Disclosed: 2006-07-25

Description:

A remote overflow exists in eIQnetworks Enterprise Security Analyzer. The Syslog daemon (syslogserver.exe) fails to perform proper bounds checking on various commands passed through TCP port 10617, resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27528 - Disclosed: 2006-07-25

Description:

A remote overflow exists in eIQnetworks Enterprise Security Analyzer. Topology.exe fails to perform proper bounds checking on the GUIADDDEVICE, ADDDEVICE, or DELETEDEVICE commands passed to TCP port 10628 resulting in a stack based buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27529 - Disclosed: 2006-07-25

Description:

An unspecified remote vulnerability exists in eIQnetworks Enterprise Security Analyzer Monitoring.exe. With a specially crafted request sent to port TCP 9999, an attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27558 - Disclosed: 2006-07-25

Description:

(Description Provided by CVE) : Mozilla Firefox 1.5 before 1.5.0.5 and SeaMonkey before 1.0.3 does not properly clear a JavaScript reference to a frame or window, which leaves a pointer to a deleted object that allows remote attackers to execute arbitrary native code.