[CLOSE] OSVDB ID : 41347 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : Xen 3.1.1 allows virtual guest system users to cause a denial of service (hypervisor crash) by using a debug register (DR7) to set certain breakpoints.

[CLOSE] OSVDB ID : 42004 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : The format string protection mechanism in IMAPD for Perdition Mail Retrieval Proxy 1.17 and earlier allows remote attackers to execute arbitrary code via an IMAP tag with a null byte followed by a format string specifier, which is not counted by the mechanism.

[CLOSE] OSVDB ID : 42011 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : GUI.pm in yarssr 0.2.2, when Gnome default URL handling is disabled, allows remote attackers to execute arbitrary commands via shell metacharacters in a link element in a feed.

[CLOSE] OSVDB ID : 56408 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : Vidalia bundle before 0.1.2.18, when running on Windows and Mac OS X, installs Privoxy with a configuration file (config.txt or config) that contains insecure (1) enable-remote-toggle and (2) enable-edit-actions settings, which allows remote attackers to bypass intended access restrictions and modify configuration.

[CLOSE] OSVDB ID : 38328 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Services/Utilities/classes/class.ilUtil.php in ILIAS 3.8.3 and earlier allows remote attackers to inject arbitrary web script or HTML via attributes inside a domain-name string in the (1) mailing or (2) forum component, as demonstrated using the style and onmouseover HTML attributes.

[CLOSE] OSVDB ID : 38358 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in download.php in ISPworker 1.21 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) ticketid and (2) filename parameters.

[CLOSE] OSVDB ID : 38414 - Disclosed: 2007-10-31

Description:

ModuleBuilder contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the DownloadModule.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'file' variable.

[CLOSE] OSVDB ID : 39018 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : ** DISPUTED ** Directory traversal vulnerability in PageTraiteDownload.php in phpMyConferences 8.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter. NOTE: this issue is disputed for 8.0.2 by a reliable third party, who notes that the PHP code is syntactically incorrect and cannot be executed.

[CLOSE] OSVDB ID : 39061 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in Amazing Flash AFCommerce allows remote attackers to execute arbitrary SQL commands via the firstname parameter to an unspecified component, a different issue than CVE-2006-3794. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 39068 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in modules/Builder/DownloadModule.php in ModuleBuilder 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

[CLOSE] OSVDB ID : 40580 - Disclosed: 2007-10-31

Description:

(Description Provided by CVE) : Integer overflow in McAfee E-Business Server before 8.5.3 for Solaris, and before 8.1.2 for Linux, HP-UX, and AIX, allows remote attackers to execute arbitrary code via a large length value in an authentication packet, which results in a heap-based buffer overflow.

[CLOSE] OSVDB ID : 40402 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.

[CLOSE] OSVDB ID : 40403 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.

[CLOSE] OSVDB ID : 40404 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.

[CLOSE] OSVDB ID : 40405 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.

[CLOSE] OSVDB ID : 40406 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.

[CLOSE] OSVDB ID : 40407 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.

[CLOSE] OSVDB ID : 48693 - Disclosed: 2007-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39389 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Buffer overflow in IMail Client 9.22, as shipped with IPSwitch IMail Server 2006.22, allows remote attackers to execute arbitrary code via a long boundary parameter in a multipart MIME e-mail message.

[CLOSE] OSVDB ID : 41620 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : IBM Tivoli Continuous Data Protection for Files (CDP) 3.1.0 uses weak permissions (unrestricted write) for the Central Admin Global download directory, which allows local users to place arbitrary files into a location used for updating CDP clients.

[CLOSE] OSVDB ID : 55763 - Disclosed: 2007-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45295 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : The reDirect function in lib/controllers/RepViewController.php in OrangeHRM before 2.2.2 does not verify the privileges of a user, which allows remote attackers to obtain access to data via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 57117 - Disclosed: 2007-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57118 - Disclosed: 2007-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38300 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Omnistar Live allow remote attackers to inject arbitrary web script or HTML via (1) the category_id parameter to users/kb.php, and possibly (3) the Email Box field in profile.php.

[CLOSE] OSVDB ID : 38305 - Disclosed: 2007-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38347 - Disclosed: 2007-10-30

Description:

A code execution flaw exists in Update Service ActiveX control. isusweb.dll fails to validate data passed to several methods resulting download of arbitrary code. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 38394 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in IBM Tivoli Service Desk 6.2 allows remote authenticated users to inject arbitrary web script or HTML via the Description parameter in a Maximo change action.

[CLOSE] OSVDB ID : 40647 - Disclosed: 2007-10-30

Description:

phpFaber URLInn contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'urlinn_includes/config.php' script not properly sanitizing user input supplied to the 'dir_ws' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 41943 - Disclosed: 2007-10-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in bb_func_search.php in miniBB 2.1 allows remote attackers to execute arbitrary SQL commands via the table parameter to index.php.

[CLOSE] OSVDB ID : 50716 - Disclosed: 2007-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45297 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in the profiles script in ProfileCMS 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors involving creation of a profile.

[CLOSE] OSVDB ID : 45330 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 45331 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 45332 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 45333 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 45334 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : SAXON 5.4, with display_errors enabled, allows remote attackers to obtain sensitive information via (1) a direct request for news.php, (2) an invalid use of a newsid array parameter to admin/edit-item.php, and possibly unspecified vectors related to additional scripts in (3) admin/, (4) rss/, and (5) the root directory of the installation, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 45285 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : ** DISPUTED ** Cross-site request forgery (CSRF) vulnerability in the admin panel in Django 0.96 allows remote attackers to change passwords of arbitrary users via a request to admin/auth/user/1/password/. NOTE: this issue has been disputed by Debian, since product documentation includes a recommendation for a CSRF protection module that is included with the product. However, CVE considers this an issue because the default configuration does not use this module.

[CLOSE] OSVDB ID : 41998 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Sony SonicStage CONNECT Player (CP) 4.3 allows remote attackers to execute arbitrary code via a long file name in an M3U file.

[CLOSE] OSVDB ID : 50714 - Disclosed: 2007-10-29

Description:

Blue Coat ProxySG Management Console contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'file' parameter upon submission to the '/Secure/Local/console/install_upload_from_file.htm' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.