[CLOSE] OSVDB ID : 41730 - Disclosed: 2007-04-30

Description:

(Description Provided by CVE) : RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.

[CLOSE] OSVDB ID : 35510 - Disclosed: 2007-04-29

Description:

appweb contains a flaw that may allow a remote denial of service. The issue is triggered when using format strings (%s %d %d ...) directly into the URL requested, and will result in loss of availability for the appweb server.

[CLOSE] OSVDB ID : 34356 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.

[CLOSE] OSVDB ID : 35476 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.

[CLOSE] OSVDB ID : 35503 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.

[CLOSE] OSVDB ID : 35501 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.

[CLOSE] OSVDB ID : 35502 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.

[CLOSE] OSVDB ID : 35469 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.

[CLOSE] OSVDB ID : 35466 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally."

[CLOSE] OSVDB ID : 35490 - Disclosed: 2007-04-29

Description:

(Description Provided by CVE) : Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.

[CLOSE] OSVDB ID : 35620 - Disclosed: 2007-04-28

Description:

(Description Provided by CVE) : ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use.

[CLOSE] OSVDB ID : 34454 - Disclosed: 2007-04-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 34174 - Disclosed: 2007-04-28

Description:

(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue."

[CLOSE] OSVDB ID : 35474 - Disclosed: 2007-04-28

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.

[CLOSE] OSVDB ID : 35616 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : ** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable."

[CLOSE] OSVDB ID : 35613 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

[CLOSE] OSVDB ID : 35614 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

[CLOSE] OSVDB ID : 35615 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

[CLOSE] OSVDB ID : 35608 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.

[CLOSE] OSVDB ID : 35640 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.

[CLOSE] OSVDB ID : 35641 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.

[CLOSE] OSVDB ID : 35642 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.

[CLOSE] OSVDB ID : 35643 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.

[CLOSE] OSVDB ID : 35607 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.

[CLOSE] OSVDB ID : 38063 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

[CLOSE] OSVDB ID : 35609 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.

[CLOSE] OSVDB ID : 35438 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.

[CLOSE] OSVDB ID : 35439 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.

[CLOSE] OSVDB ID : 35437 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 35467 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

[CLOSE] OSVDB ID : 35465 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.

[CLOSE] OSVDB ID : 35464 - Disclosed: 2007-04-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35463 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.

[CLOSE] OSVDB ID : 35485 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

[CLOSE] OSVDB ID : 35505 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.

[CLOSE] OSVDB ID : 40188 - Disclosed: 2007-04-27

Description:

(Description Provided by CVE) : ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 48423 - Disclosed: 2007-04-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35701 - Disclosed: 2007-04-26

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.

[CLOSE] OSVDB ID : 35702 - Disclosed: 2007-04-26

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.

[CLOSE] OSVDB ID : 34154 - Disclosed: 2007-04-26

Description:

Apache Axis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests a non-existant WSDL (Web Service Definition Language) file/resource, causing a fault in the java.io.FileNotFoundException function, which will disclose the software's physical path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.