[CLOSE] OSVDB ID : 33676 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 33677 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Phoenix Evolution CMS (PECMS) allow remote attackers to inject arbitrary web script or HTML via the (1) mod or (2) action parameters in index.php, or the (3) pageid parameter in modules/pageedit/index.php. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 33603 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : Variable overwrite vulnerability in interface/globals.php in OpenEMR 2.8.2 and earlier allows remote attackers to overwrite arbitrary program variables and conduct other unauthorized activities, such as conduct (a) remote file inclusion attacks via the srcdir parameter in custom/import_xml.php or (b) cross-site scripting (XSS) attacks via the rootdir parameter in interface/login/login_frame.php, via vectors associated with extract operations on the (1) POST and (2) GET superglobal arrays. NOTE: this issue was originally disputed before the extract behavior was identified in post-disclosure analysis. Also, the original report identified "Open Conference Systems," but this was an error.

[CLOSE] OSVDB ID : 34488 - Disclosed: 2007-02-25

Description:

Microsoft Excel contains a flaw that may allow a remote denial of service. The issue is triggered when a null-pointer is dereferenced, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 34487 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : IrfanView 3.99 allows remote attackers to cause a denial of service (application crash) via a malformed WMF file.

[CLOSE] OSVDB ID : 34489 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : Microsoft Office 2003 allows user-assisted remote attackers to cause a denial of service (application crash) by attempting to insert a corrupted WMF file.

[CLOSE] OSVDB ID : 34490 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : Microsoft Windows Explorer on Windows XP and 2003 allows remote user-assisted attackers to cause a denial of service (crash) via a malformed WMF file, which triggers the crash when the user browses the folder.

[CLOSE] OSVDB ID : 36881 - Disclosed: 2007-02-25

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in top.php in PHP Module Implementation (PHP-MIP) 0.1 allows remote attackers to execute arbitrary PHP code via a URL in the laypath parameter.

[CLOSE] OSVDB ID : 34891 - Disclosed: 2007-02-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35995 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 35996 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Docebo CMS 3.0.3 through 3.0.5 allow remote attackers to inject arbitrary web script or HTML via (1) the searchkey parameter to index.php, or the (2) sn or (3) ri parameter to modules/htmlframechat/index.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 33801 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Directory traversal vulnerability in SQLiteManager 1.2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in a SQLiteManager_currentTheme cookie.

[CLOSE] OSVDB ID : 33773 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Photostand 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) message ("comment") or (2) name field, or the (3) q parameter in a search action in index.php.

[CLOSE] OSVDB ID : 33774 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 33775 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.

[CLOSE] OSVDB ID : 33754 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in Christian Schneider CS-Gallery 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the album parameter during a securealbum todo action.

[CLOSE] OSVDB ID : 42541 - Disclosed: 2007-02-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33133 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : SQL injection vulnerability in thumbnails.php in Coppermine Photo Gallery (CPG) 1.3.x allows remote authenticated users to execute arbitrary SQL commands via a cpg131_fav cookie. NOTE: it was later reported that 1.4.10, 1.4.14, and other 1.4.x versions are also affected using similar cookies.

[CLOSE] OSVDB ID : 33761 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.

[CLOSE] OSVDB ID : 33762 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Phpwebgallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) login or (2) mail_address field in Register.php, or the (3) search_author, (4) mode, (5) start_year, (6) end_year, or (7) date_type field in Search.php, a different vulnerability than CVE-2006-1674. NOTE: 1.6.2 and other versions might also be affected.

[CLOSE] OSVDB ID : 33144 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote attacker to arbitrary file access outside of the web path. The issue is due to the 'showcode.php' not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'page' variable.

[CLOSE] OSVDB ID : 33145 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'flatevents.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33146 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'js.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33148 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'm_2.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33149 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'm_3.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33150 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'm_4.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrit

[CLOSE] OSVDB ID : 33151 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'xmlevents.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33152 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'y_2.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33153 - Disclosed: 2007-02-24

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'y_3.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 33764 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : putmail.py in Putmail before 1.4 does not detect when a user attempts to use TLS with a server that does not support it, which causes putmail.py to send the username and password in plaintext while the user believes encryption is in use, and allows remote attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 34634 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in SQLiteManager 1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) database name, (2) table name, (3) ViewName, (4) view, (5) trigger, and (6) function fields in main.php and certain other files.

[CLOSE] OSVDB ID : 36957 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 37000 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions_nomoketos_rules.php in the NoMoKeTos Rules 0.0.1 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 43469 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.

[CLOSE] OSVDB ID : 43470 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in phpTrafficA before 1.4.2 allow remote attackers to have an unknown impact via the file parameter to (1) plotStatBar.php or (2) plotStatPie.php, different vectors than CVE-2007-1076.

[CLOSE] OSVDB ID : 33147 - Disclosed: 2007-02-23

Description:

ActiveCalendar contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'css' variables upon submission to the 'mysqlevents.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45248 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (NULL dereference and application crash) via JavaScript onUnload handlers that modify the structure of a document.

[CLOSE] OSVDB ID : 33809 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : Mozilla Firefox before 2.0.0.8 and SeaMonkey before 1.1.5 do not properly implement JavaScript onUnload handlers, which allows remote attackers to run certain JavaScript code and access the location DOM hierarchy in the context of the next web site that is visited by a client.

[CLOSE] OSVDB ID : 33812 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated using the UTF-7 character set.

[CLOSE] OSVDB ID : 32088 - Disclosed: 2007-02-23

Description:

Dropbear SSH client contains a flaw that may allow a malicious user to conduct a Man In The Middle Attack by redirecting the client request. This issue is due to a weakness in the client software to explicit warn if a SSH host key mismatch is detected.