[CLOSE] OSVDB ID : 28036 - Disclosed: 2006-08-20

Description:

LBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'comments.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 28282 - Disclosed: 2006-08-20

Description:

Shadows Rising RPG contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to '/core/includes/smarty.inc.php', '/qcms/includes/smarty.inc.php' and '/qlib/smarty.inc.php' scripts not properly sanitizing user input supplied to the 'CONFIG[gameroot]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28283 - Disclosed: 2006-08-20

Description:

Shadows Rising contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to '/core/includes/security.inc.php' not properly sanitizing user input supplied to the 'CONFIG[gameroot]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29515 - Disclosed: 2006-08-20

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to execute arbitrary SQL commands via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

[CLOSE] OSVDB ID : 29516 - Disclosed: 2006-08-20

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

[CLOSE] OSVDB ID : 29517 - Disclosed: 2006-08-20

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

[CLOSE] OSVDB ID : 29518 - Disclosed: 2006-08-20

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

[CLOSE] OSVDB ID : 29519 - Disclosed: 2006-08-20

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Guder und Koch Netzwerktechnik Eichhorn Portal allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly including the (1) profil_nr and (2) sprache parameters in the main portion of the portal, the (3) suchstring field in suchForm in the main portion of the portal, the (4) GaleryKey and (5) Breadcrumbs parameters in the gallerie module, and the (6) GGBNSaction parameter in the ggbns module.

[CLOSE] OSVDB ID : 29513 - Disclosed: 2006-08-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in comments.asp in SimpleBlog 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 28094 - Disclosed: 2006-08-20

Description:

EstateAgent for Mambo has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the estateagent.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. However, subsequent examination indicates that an attacker can not manipulate the content before being used.

[CLOSE] OSVDB ID : 28091 - Disclosed: 2006-08-20

Description:

Display MOSBot Manager module for Mambo has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the contxtd.class.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. However, subsequent evaluation by other researchers indicate the script specifically prevents this variable from being manipulated.

[CLOSE] OSVDB ID : 30643 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

[CLOSE] OSVDB ID : 30639 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

[CLOSE] OSVDB ID : 30640 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

[CLOSE] OSVDB ID : 30642 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

[CLOSE] OSVDB ID : 30645 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

[CLOSE] OSVDB ID : 30646 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SOLMETRA SPAW Editor 1.0.6 and 1.0.7 allow remote attackers to execute arbitrary PHP code via a URL in the spaw_dir parameter in dialogs/ scripts including (1) a.php, (2) collorpicker.php, (3) img.php, (4) img_library.php, (5) table.php, or (6) td.php.

[CLOSE] OSVDB ID : 28171 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.

[CLOSE] OSVDB ID : 28031 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in news.php in Fantastic News 2.1.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CONFIG[script_path] parameter. NOTE: it was later reported that 2.1.5 is also affected.

[CLOSE] OSVDB ID : 28028 - Disclosed: 2006-08-19

Description:

Tutti Nova contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.novaEdit.mysql.php not properly sanitizing user input supplied to the 'TNLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28029 - Disclosed: 2006-08-19

Description:

Tutti Nova contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.novaAdmin.mysql.php not properly sanitizing user input supplied to the 'TNLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28030 - Disclosed: 2006-08-19

Description:

Tutti Nova contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to class.novaRead.mysql.php not properly sanitizing user input supplied to the 'TNLIB_DIR' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28027 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets.

[CLOSE] OSVDB ID : 28090 - Disclosed: 2006-08-19

Description:

XennoBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'topic_post.php' script not properly sanitizing user-supplied input to the 'icon_topic' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 28935 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in admin.lurm_constructor.php in the Lurm Constructor component (com_lurm_constructor) 0.6b and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter.

[CLOSE] OSVDB ID : 29356 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in akocomments.php in AkoComment 1.1 module (com_akocomment) for Mambo 4.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 29782 - Disclosed: 2006-08-19

Description:

RealVNC contains a flaw that may allow a remote denial of service. The issue is triggered when an integer length of -1 on clipboard updates is sent to either the client or the server, and will result in the termination of the connection or possibly the process.

[CLOSE] OSVDB ID : 28099 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter.

[CLOSE] OSVDB ID : 28092 - Disclosed: 2006-08-19

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in catalogshop.php in the CatalogShop component for Mambo (com_catalogshop) allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 28717 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.

[CLOSE] OSVDB ID : 45376 - Disclosed: 2006-08-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29182 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in utape in IBM AIX 5.2.0 and 5.3.0 allows attackers to execute arbitrary commands and overwrite arbitrary files via unspecified vectors.

[CLOSE] OSVDB ID : 28037 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter.

[CLOSE] OSVDB ID : 27996 - Disclosed: 2006-08-18

Description:

Ibm AIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an unspecified error within the 'setlocale()' function of libc.a. This flaw may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 27993 - Disclosed: 2006-08-18

Description:

DB2 Universal Database contains a flaw that may allow a remote denial of service. The issue is triggered by an unspecified error after the CONNECT process, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 28035 - Disclosed: 2006-08-18

Description:

phpCodeGenie contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the '/app/common/lib/codeBeautifier/Beautifier/Core.php' script not properly sanitizing user input supplied to the 'BEAUT_PATH' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28034 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time."

[CLOSE] OSVDB ID : 28033 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in Sonium Enterprise Adressbook 0.2 allows remote attackers to execute arbitrary PHP code via the folder parameter in multiple files in the plugins directory, as demonstrated by plugins/1_Adressbuch/delete.php.

[CLOSE] OSVDB ID : 27995 - Disclosed: 2006-08-18

Description:

AOL contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to default permissions that grants 'Everyone' group 'Full Control' to the 'America Online 9.0' directory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 89714 - Disclosed: 2006-08-18

Description:

Libxml2 contains a flaw in valid.c that may allow a denial of service. The issue is triggered when parsing DTD validation errors. This may allow a context-dependent attacker to crash the program.