[CLOSE] OSVDB ID : 29059 - Disclosed: 2006-07-24

Description:

(Description Provided by CVE) : SQL injection vulnerability in Shalwan MusicBox 2.3.4 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter in a viewgallery action in a request for the top-level URI. NOTE: the start parameter/search action is already covered by CVE-2006-1807, and the show parameter/top action is already covered by CVE-2006-1360.

[CLOSE] OSVDB ID : 29406 - Disclosed: 2006-07-24

Description:

Some RadScripts products contain a flaw that may allow a remote attacker to overwrite arbitrary files. The issue is due to a_editpage.php not properly sanitizing user input supplied to the filename variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29870 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in moodle.php in Mam-moodle alpha component (com_moodle) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 30870 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in BSQ Sitestats (bsq_sitestats) before 2.1.1 for Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 27448 - Disclosed: 2006-07-23

Description:

PHP Live! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to help.php not properly sanitizing user input supplied to the 'css_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27449 - Disclosed: 2006-07-23

Description:

PHP Live! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to /setup/header.php not properly sanitizing user input supplied to the 'css_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28466 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Buffer overflow in the Loader_XM::load_instrument_internal function in loader_xm.cpp for Cheese Tracker 0.9.9 and earlier allows user-assisted attackers to execute arbitrary code via a crafted file with a large amount of extra data.

[CLOSE] OSVDB ID : 27444 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.

[CLOSE] OSVDB ID : 27445 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Buffer overflow in Freeciv 2.1.0-beta1 and earlier, and SVN 15 Jul 2006 and earlier, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) negative chunk_length or a (2) large chunk->offset value in a PACKET_PLAYER_ATTRIBUTE_CHUNK packet in the generic_handle_player_attribute_chunk function in common/packets.c, and (3) a large packet->length value in the handle_unit_orders function in server/unithand.c.

[CLOSE] OSVDB ID : 27910 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.

[CLOSE] OSVDB ID : 27911 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Warzone 2100 and Warzone Resurrection 2.0.3 and earlier allows remote attackers to execute arbitrary code via a (1) long message handled by the recvTextMessage function in multiplay.c or a (2) long filename handled by NETrecvFile function in netplay/netplay.c.

[CLOSE] OSVDB ID : 28287 - Disclosed: 2006-07-23

Description:

Vanilla CMS has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the upgrader.php script not properly sanitizing user input supplied to the 'RootDirectory' variable. However, subsequent evaluation indicates that an attacker can not manipulate the variable as reported.

[CLOSE] OSVDB ID : 27440 - Disclosed: 2006-07-23

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter.

[CLOSE] OSVDB ID : 27232 - Disclosed: 2006-07-23

Description:

A local overflow exists in Internet Explorer.Internet Explorer fails to check the boundaries of the NMSA.ASFSourceMediaDescription.1 ActiveX object's 'dispValue' property resulting in a stack overflow. With a specially crafted web page, an attacker can cause a deny of service or possibly execute arbitrary code resulting in a loss of availability or integrity.

[CLOSE] OSVDB ID : 27372 - Disclosed: 2006-07-23

Description:

Microsoft Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a user visits a malicious web site that instanciates a Form 2.0 ActiveX component, and will result loss of availability of the browser.

[CLOSE] OSVDB ID : 29864 - Disclosed: 2006-07-22

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in inc/gabarits.php in R. Corson PHP Forge 3 beta 2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cfg_racine parameter.

[CLOSE] OSVDB ID : 27451 - Disclosed: 2006-07-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27446 - Disclosed: 2006-07-22

Description:

IPCalc contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the REQUEST_URI parameter upon submission to the CGI. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 27443 - Disclosed: 2006-07-22

Description:

Micro Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' and 'comment' variables upon submission to the add.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 29129 - Disclosed: 2006-07-22

Description:

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a user accesses a malicious web page that contains a long value of the content-type parameter, and will result in loss of availability for the browser.

[CLOSE] OSVDB ID : 27483 - Disclosed: 2006-07-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in add.php in Fire-Mouse Toplist 1.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the Seitenname parameter.

[CLOSE] OSVDB ID : 29404 - Disclosed: 2006-07-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to inject arbitrary web script or HTML via the entry parameter. NOTE: this issue might be resultant from SQL injection.

[CLOSE] OSVDB ID : 29405 - Disclosed: 2006-07-22

Description:

(Description Provided by CVE) : SQL injection vulnerability in guestbook.php in Advanced Guestbook 2.4 for phpBB allows remote attackers to execute arbitrary SQl commands via the entry parameter.

[CLOSE] OSVDB ID : 28674 - Disclosed: 2006-07-21

Description:

miniBB contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to news.php not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28675 - Disclosed: 2006-07-21

Description:

miniBB contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to search.php not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28676 - Disclosed: 2006-07-21

Description:

miniBB contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to whosOnline.php not properly sanitizing user input supplied to the 'absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28679 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Compiler_basic.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28680 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Error_pear.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28681 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Error_stack.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28682 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Filter_colorizeCode.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28683 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Filter_trimwhitespace.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28684 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahref.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28685 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefcontact.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28686 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahreflisting.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28687 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahreflistingimage.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28688 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefmap.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28689 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefownerlisting.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28690 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefprint.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28691 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefrating.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28692 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefrecommend.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.