[CLOSE] OSVDB ID : 33139 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in Cromosoft Simple Plantilla PHP (SPP) allows remote attackers to upload arbitrary scripts via a filename with a double extension.

[CLOSE] OSVDB ID : 33479 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Buffer overflow in the Configuration Checker (ConfigChk) ActiveX control in VSCnfChk.dll 2.0.0.2 for Verisign Managed PKI Service, Secure Messaging for Microsoft Exchange, and Go Secure! allows remote attackers to execute arbitrary code via long arguments to the VerCompare method.

[CLOSE] OSVDB ID : 33482 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

[CLOSE] OSVDB ID : 33375 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in OpenPinboard 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the language parameter. NOTE: this issue has been disputed by the developer and a third party, since the variable is set before use. CVE analysis suggests that there is a small time window of risk before the installation is complete.

[CLOSE] OSVDB ID : 33839 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in function.php in arabhost allows remote attackers to execute arbitrary PHP code via a URL in the adminfolder parameter.

[CLOSE] OSVDB ID : 33837 - Disclosed: 2007-02-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33525 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Mathis Dirksen-Thedens ZephyrSoft Toolbox Address Book Continued (ABC) 1.00 allow remote attackers to execute arbitrary SQL commands via the id parameter to the (1) updateRow and (2) deleteRow functions in functions.php. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 33534 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : The (1) Import.LoadFromURL and (2) Export.asText.SaveToFile functions in TeeChart Pro ActiveX control (TeeChart7.ocx) allow remote attackers to download a crafted .tee file to an arbitrary location. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 36879 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in modules/out.php in Pyrophobia 2.1.3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 37397 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in CutePHP CuteNews 1.3.6 allow remote attackers to execute arbitrary PHP code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: issue might overlap CVE-2004-1660 or CVE-2006-4445.

[CLOSE] OSVDB ID : 37398 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Pyrophobia 2.1.3.1 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) act or (2) pid parameter to the top-level URI (index.php), or the (3) action parameter to admin/index.php. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 58778 - Disclosed: 2007-02-22

Description:

(Description Provided by CVE) : web-app.org WebAPP before 0.9.9.6 allows remote authenticated users to upload certain files (1) via a crafted filename or (2) by "using percent encoding in forms."

[CLOSE] OSVDB ID : 34963 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : A certain ActiveX control in the Common Controls Replacement Project (CCRP) CCRP BrowseDialog Server (ccrpbds6.dll) allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) IsFolderAvailable or (2) RootFolder property value, different vectors than CVE-2007-0371.

[CLOSE] OSVDB ID : 45245 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : The Cisco Unified IP Conference Station 7935 3.2(15) and earlier, and Station 7936 3.3(12) and earlier does not properly handle administrator HTTP sessions, which allows remote attackers to bypass authentication controls via a direct URL request to the administrative HTTP interface for a limited time

[CLOSE] OSVDB ID : 33483 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature.

[CLOSE] OSVDB ID : 32089 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in TaskFreak! before 0.5.7 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly a variant of CVE-2007-0982.

[CLOSE] OSVDB ID : 37740 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TTF) support.

[CLOSE] OSVDB ID : 33537 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in part.userprofile.php in Connectix Boards 0.7 and earlier allows remote authenticated users to execute arbitrary SQL commands and obtain privileges via the p_skin parameter to index.php.

[CLOSE] OSVDB ID : 33538 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in admin.bbcode.php in Connectix Boards 0.7 and earlier allows remote authenticated administrators to execute arbitrary PHP code by uploading a crafted GIF smiley image with a .php extension via the uploadimage parameter to admin.php, which can be later accessed via a direct request for the file in smileys/. NOTE: this can be leveraged with a separate SQL injection issue for remote unauthenticated attacks.

[CLOSE] OSVDB ID : 34484 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : CRLF injection vulnerability in IBM WebSphere Application Server (WAS) before 6.0.2.19 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a single CRLF sequence in a context that is not a valid multi-line header.

[CLOSE] OSVDB ID : 33372 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : inc/filebrowser/browser.php in deV!L`z Clanportal (DZCP) 1.4.5 and earlier allows remote attackers to obtain MySQL data via the inc/mysql.php value of the file parameter.

[CLOSE] OSVDB ID : 33231 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in printview.php in webSPELL 4.01.02 and earlier allows remote attackers to execute arbitrary SQL commands via the topic parameter, a different vector than CVE-2007-1019, CVE-2006-5388, and CVE-2006-4783.

[CLOSE] OSVDB ID : 33037 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in call_entry.php in Call Center Software 0,93 allows remote attackers to inject arbitrary web script or HTML via the problem_desc parameter, as demonstrated by the ONLOAD attribute of a BODY element.

[CLOSE] OSVDB ID : 34240 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : SimBin GTR - FIA GT Racing Game 1.5.0.0 and earlier, GT Legends 1.1.0.0 and earlier, GTR 2 1.1 and earlier, and RACE - The WTCC Game 1.0 and earlier allow remote attackers to cause a denial of service (client disconnection) via an empty UDP packet to the server port.

[CLOSE] OSVDB ID : 33117 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

[CLOSE] OSVDB ID : 33118 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

[CLOSE] OSVDB ID : 33377 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.

[CLOSE] OSVDB ID : 33378 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple buffer overflows in NewsBin Pro 5.33 and NewsBin Pro 4.x allow user-assisted remote attackers to execute arbitrary code via a long (1) DataPath or (2) DownloadPath attributed in a (a) NBI file, or (3) a long group field in a (b) NZB file.

[CLOSE] OSVDB ID : 33753 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.

[CLOSE] OSVDB ID : 33064 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : The command line interface (CLI) in Cisco Unified IP Phone 7906G, 7911G, 7941G, 7961G, 7970G, and 7971G, with firmware 8.0(4)SR1 and earlier allows local users to obtain privileges or cause a denial of service via unspecified vectors. NOTE: this issue can be leveraged remotely via CVE-2007-1063.

[CLOSE] OSVDB ID : 33516 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter.

[CLOSE] OSVDB ID : 33517 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.

[CLOSE] OSVDB ID : 33518 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in LoveCMS 1.4 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the step parameter to install/index.php or (2) the load parameter to the top-level URI.

[CLOSE] OSVDB ID : 33519 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in LoveCMS 1.4 allows remote authenticated administrators to upload arbitrary files to /modules/content/pictures/tmp/.

[CLOSE] OSVDB ID : 33520 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in LoveCMS 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter to the top-level URI, possibly related to a SQL error.

[CLOSE] OSVDB ID : 33135 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in preview.php in Magic News Plus 1.0.2 allows remote attackers to execute arbitrary PHP code via a URL in the php_script_path parameter. NOTE: This issue may overlap CVE-2006-0723.

[CLOSE] OSVDB ID : 33136 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

[CLOSE] OSVDB ID : 33137 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Magic News Plus 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the link_parameters parameter in (1) news.php and (2) n_layouts.php.

[CLOSE] OSVDB ID : 33492 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in FlashGameScript 1.5.4 allows remote attackers to execute arbitrary PHP code via a URL in the func parameter.

[CLOSE] OSVDB ID : 33495 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in DBGuestbook 1.1 allow remote attackers to execute arbitrary PHP code via a URL in the dbs_base_path parameter to (1) utils.php, (2) guestbook.php, or (3) views.php in includes/.