[CLOSE] OSVDB ID : 33802 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in fcring.php in FCRing 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the s_fuss parameter.

[CLOSE] OSVDB ID : 33600 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in ScryMUD before 2.1.11 have unknown impact and attack vectors, possibly related to denial of service caused by a search that begins with a .* sequence.

[CLOSE] OSVDB ID : 32087 - Disclosed: 2007-02-23

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious website to trap a user from further browsing to a manual entered URL in the address bar. This issue is due to a error in the handling of 'onunload' events in Internet Explorer. The flaw could possible result in phishing attacks by means of address bar spoofing.

[CLOSE] OSVDB ID : 33474 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : The ReadDirectoryChangesW API function on Microsoft Windows 2000, XP, Server 2003, and Vista does not check permissions for child objects, which allows local users to bypass permissions by opening a directory with LIST (READ) access and using ReadDirectoryChangesW to monitor changes of files that do not have LIST permissions, which can be leveraged to determine filenames, access times, and other sensitive information.

[CLOSE] OSVDB ID : 36003 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : Unspecified vulnerability in Hitachi OSAS/FT/W before 20070223 allows attackers to cause a denial of service (responder control processing halt) by sending "data unexpectedly through the port".

[CLOSE] OSVDB ID : 33444 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the config/config_admin.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33445 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the config/config_main.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33446 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the config/config_member.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33447 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the config/mysql_config.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33448 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admini/admin.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33449 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admini/index.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33450 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the paypalipn/ipnprocess.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33451 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the members/index.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33452 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the members/registration.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33453 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the main/ppcbannerclick.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33454 - Disclosed: 2007-02-23

Description:

WGS-PPC (aka PPC Search Engine) contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the main/ppcclick.php script not properly sanitizing user input supplied to the 'INC' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 37007 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in sinagb.php in Sinapis Gastebuch 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.

[CLOSE] OSVDB ID : 37008 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in sinapis.php in Sinapis Forum 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the fuss parameter.

[CLOSE] OSVDB ID : 37443 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the "Contact Us" functionality in MTCMS 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) message and (2) title fields.

[CLOSE] OSVDB ID : 33389 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 33272 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in WebAPP before 0.9.9.6 have unknown impact and attack vectors.

[CLOSE] OSVDB ID : 45395 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to open files and write "wrong data" via a crafted QUERY_STRING.

[CLOSE] OSVDB ID : 45396 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in form input validation in web-app.org WebAPP before 0.9.9.6 allow remote authenticated users to corrupt data files, gain access to private files, and execute arbitrary code via "certain characters."

[CLOSE] OSVDB ID : 32103 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize hook on DOM window objects.

[CLOSE] OSVDB ID : 39213 - Disclosed: 2007-02-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33526 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.

[CLOSE] OSVDB ID : 33527 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in eFiction 3.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the path_to_smf parameter to (1) bridges/SMF/logout.php or (2) get_session_vars.php.

[CLOSE] OSVDB ID : 33853 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.

[CLOSE] OSVDB ID : 40972 - Disclosed: 2007-02-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 40971 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables.

[CLOSE] OSVDB ID : 40970 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow.

[CLOSE] OSVDB ID : 40969 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."

[CLOSE] OSVDB ID : 33803 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Mozilla Firefox 2.0.0.1 and earlier does not prompt users before saving bookmarklets, which allows remote attackers to bypass the same-domain policy by tricking a user into saving a bookmarklet with a data: scheme, which is executed in the context of the last visited web page.

[CLOSE] OSVDB ID : 45246 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : The SSH server in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier, uses a hard-coded username and password, which allows remote attackers to access the device.

[CLOSE] OSVDB ID : 33143 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : webSPELL 4.0, and possibly later versions, allows remote attackers to bypass authentication via a ws_auth cookie, a different vulnerability than CVE-2006-4782.

[CLOSE] OSVDB ID : 33142 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in jmx-console/HtmlAdaptor in JBoss allows remote attackers to perform privileged actions as administrators via certain MBean operations, a different vulnerability than CVE-2006-3733.

[CLOSE] OSVDB ID : 33141 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : JBrowser allows remote attackers to bypass authentication and access certain administrative capabilities via a direct request for _admin/.

[CLOSE] OSVDB ID : 34229 - Disclosed: 2007-02-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33140 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Directory traversal vulnerability in edit.php in pheap allows remote attackers to read and modify arbitrary files via a .. (dot dot) in the filename parameter.

[CLOSE] OSVDB ID : 33138 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in list_main_pages.php in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to list arbitrary directories, and read arbitrary files, via an absolute pathname in the nfolder parameter.