[CLOSE] OSVDB ID : 38130 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php.

[CLOSE] OSVDB ID : 40126 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Microsoft MSN Messenger 6.2, 7.0, and 7.5, and Live Messenger 8.0 allows user-assisted remote attackers to execute arbitrary code via unspecified vectors involving video conversation handling in Web Cam and video chat sessions.

[CLOSE] OSVDB ID : 36040 - Disclosed: 2007-01-31

Description:

Raymond BERTHOU Script Collection contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'user_confirm.asp' script not properly sanitizing user-supplied input to the 'id' and 'pass' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 33079 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions.php in Phpbb Tweaked 3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 33051 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : Cisco IOS after 12.3(14)T, 12.3(8)YC1, 12.3(8)YG, and 12.4, with voice support and without Session Initiated Protocol (SIP) configured, allows remote attackers to cause a denial of service (crash) by sending a crafted packet to port 5060/UDP.

[CLOSE] OSVDB ID : 33078 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/usercp_viewprofile.php in Hailboards 1.2.0 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 33077 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in theme/include_mode/template.php in JV2 Folder Gallery 3.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the galleryfilesdir parameter.

[CLOSE] OSVDB ID : 31675 - Disclosed: 2007-01-31

Description:

CascadianFAQ contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "catid" and "qid" parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 33631 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in fw/class.Quick_Config_Browser.php in Cadre PHP Framework 20020724 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[config][framework_path] parameter.

[CLOSE] OSVDB ID : 34086 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 31965 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.

[CLOSE] OSVDB ID : 33604 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 33605 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 36027 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 36038 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.

[CLOSE] OSVDB ID : 36039 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.

[CLOSE] OSVDB ID : 36041 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.

[CLOSE] OSVDB ID : 36476 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."

[CLOSE] OSVDB ID : 36149 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.

[CLOSE] OSVDB ID : 36148 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.

[CLOSE] OSVDB ID : 38129 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.

[CLOSE] OSVDB ID : 37351 - Disclosed: 2007-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37353 - Disclosed: 2007-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35848 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.

[CLOSE] OSVDB ID : 34983 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 34984 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 34985 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 34986 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 32949 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.

[CLOSE] OSVDB ID : 45353 - Disclosed: 2007-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32711 - Disclosed: 2007-01-30

Description:

iPhoto contains a format string flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially crafted photo:// string is passed to iPhoto. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 32138 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

[CLOSE] OSVDB ID : 33070 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.

[CLOSE] OSVDB ID : 32137 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

[CLOSE] OSVDB ID : 33034 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

[CLOSE] OSVDB ID : 33035 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

[CLOSE] OSVDB ID : 33036 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

[CLOSE] OSVDB ID : 33033 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.

[CLOSE] OSVDB ID : 33627 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : A certain ActiveX control in sapi.dll (aka the Speech API) in Speech Components in Microsoft Windows Vista, when the Speech Recognition feature is enabled, allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer.

[CLOSE] OSVDB ID : 33019 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.