[CLOSE] OSVDB ID : 28693 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefreport.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28694 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefreview.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28695 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_ahrefvisit.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28696 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_checkbox.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28697 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_cycle.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28698 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_dateformat.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28699 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_editor.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28700 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_form.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28701 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_image.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28702 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_input.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28703 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_javascript.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28704 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_listalpha.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28705 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_listingname.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28706 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_modify.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28707 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_mtpath.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28708 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_options.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28709 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_radios.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28710 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_rating.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28711 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_stylesheet.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28712 - Disclosed: 2006-07-21

Description:

Mosets Tree contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the Savant2_Plugin_textarea.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 32723 - Disclosed: 2006-07-21

Description:

Apache Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a crafted file request containing a semicolon (;) before the file name, which will result in the server displaying the contents of the directory. This may disclose sensitive files, unpublished content or back up files.

[CLOSE] OSVDB ID : 27551 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in downloadTrigger.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to download arbitrary files via an absolute pathname in the filePath parameter.

[CLOSE] OSVDB ID : 27552 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : system/workplace/editors/editor.jsp in Alkacon OpenCms before 6.2.2 allows remote authenticated users to read the source code of arbitrary JSP files by specifying the file in the resource parameter, as demonstrated using index.jsp.

[CLOSE] OSVDB ID : 27553 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Alkacon OpenCms before 6.2.2 allows remote authenticated users to inject arbitrary web script or HTML via the message body.

[CLOSE] OSVDB ID : 27554 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.

[CLOSE] OSVDB ID : 27493 - Disclosed: 2006-07-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27494 - Disclosed: 2006-07-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27664 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : Integer overflow in parse_comment in GnuPG (gpg) 1.4.4 allows remote attackers to cause a denial of service (segmentation fault) via a crafted message.

[CLOSE] OSVDB ID : 27447 - Disclosed: 2006-07-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27231 - Disclosed: 2006-07-21

Description:

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when calling the "Click()" method of the Internet.HHCtrl.1 ActiveX object. This triggers a NULL dereference and will result in loss of availability for the browser.

[CLOSE] OSVDB ID : 27439 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : The IPv4 implementation in Sun Solaris 10 before 20060721 allows local users to select routes that differ from the routing table, possibly facilitating firewall bypass or unauthorized network communication.

[CLOSE] OSVDB ID : 28615 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook.

[CLOSE] OSVDB ID : 29060 - Disclosed: 2006-07-21

Description:

(Description Provided by CVE) : Password Safe 2.11, 2.16 and 3.0BETA1 does not respect the configuration settings for locking the password database when certain dialogue windows are open, which might allow attackers with physical access to obtain the database contents.

[CLOSE] OSVDB ID : 29812 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/blogroll/edit_cat.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29813 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/blogroll/index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29814 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/blogroll/edit_link.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29815 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/syslog/index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29816 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/thememng/index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29817 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/toolsmng/index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 29818 - Disclosed: 2006-07-21

Description:

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /ecrire/tools/utf8convert/index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.