[CLOSE] OSVDB ID : 33074 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in the IEEE 802.11 dissector in Wireshark (formerly Ethereal) 0.10.14 through 0.99.4 allows remote attackers to cause a denial of service (application crash) via unspecified vectors.

[CLOSE] OSVDB ID : 33636 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in EasyMoblog 0.5.1 allow remote attackers to execute arbitrary SQL commands via the (1) i or (2) post_id parameter to add_comment.php, which triggers an injection in libraries.inc.php; or (3) the i parameter to list_comments.php, which triggers an injection in libraries.inc.php.

[CLOSE] OSVDB ID : 33651 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive information, by reading the xterm process memory. NOTE: it could be argued that this is an expected consequence of multiple users sharing the same interactive process, in which case this is not a vulnerability.

[CLOSE] OSVDB ID : 33652 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed, which might allow the users to obtain sensitive information, including core file contents.

[CLOSE] OSVDB ID : 33633 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/includes.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) before 2.5.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter.

[CLOSE] OSVDB ID : 33634 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allows remote attackers to read arbitrary files via a .. (dot dot) in the page parameter. NOTE: this issue was later reported for 2.5.1.1.

[CLOSE] OSVDB ID : 33607 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in library/StageLoader.php in WebBuilder 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[core][module_path] parameter.

[CLOSE] OSVDB ID : 33608 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in install.php in Somery 0.4.6 allows remote attackers to execute arbitrary PHP code via a URL in the skindir parameter, a different vector than CVE-2006-4669. NOTE: the documentation says to remove install.php after installation.

[CLOSE] OSVDB ID : 33646 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

[CLOSE] OSVDB ID : 33647 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Ipswitch WS_FTP Server 5.04 allows FTP site administrators to execute arbitrary code on the system via a long input string to the (1) iFTPAddU or (2) iFTPAddH file, or to a (3) edition module.

[CLOSE] OSVDB ID : 33632 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : cmdmon.sys in Comodo Firewall Pro (formerly Comodo Personal Firewall) before 2.4.16.174 does not validate arguments that originate in user mode for the (1) NtConnectPort and (2) NtCreatePort hooked SSDT functions, which allows local users to cause a denial of service (system crash) and possibly gain privileges via invalid arguments.

[CLOSE] OSVDB ID : 40088 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : The PIIX4 power management subsystem in EMC VMware Workstation 5.5.3.34685 and VMware Server 1.0.1.29996 allows local users to write to arbitrary memory locations via a crafted poke to I/O port 0x1004, triggering a denial of service (virtual machine crash) or other unspecified impact, a related issue to CVE-2007-1337.

[CLOSE] OSVDB ID : 31936 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.

[CLOSE] OSVDB ID : 31937 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in phpEventMan 1.0.2 allow remote attackers to execute arbitrary PHP code via a URL in the level parameter to (1) Shared/controller/text.ctrl.php or (2) UserMan/controller/common.function.php.

[CLOSE] OSVDB ID : 31938 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in inc/common.inc.php in Epistemon 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.

[CLOSE] OSVDB ID : 32989 - Disclosed: 2007-02-01

Description:

(Description Provided by CVE) : The RPC Server service (catirpc.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 SP2 and earlier allows remote attackers to cause a denial of service (service crash) via a crafted TADDR2UADDR that triggers a null pointer dereference in catirpc.dll, possibly related to null credentials or verifier fields.

[CLOSE] OSVDB ID : 79588 - Disclosed: 2007-02-01

Description:

Unknown / Incomplete