| OSVDB ID | Disclosure Date | Title |
|
41730
Description:
(Description Provided by CVE) : RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
|
2007-04-30
|
RealPlayer RA File Handling Memory Consumption DoS
|
|
35510
Description:
appweb contains a flaw that may allow a remote denial of service. The issue is triggered when using format strings (%s %d %d ...) directly into the URL requested, and will result in loss of availability for the appweb server.
|
2007-04-29
|
Mbedthis AppWeb URL Protocol Format String
|
|
34356
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
|
2007-04-29
|
myGallery Plugin for WordPress mygallerybrowser.php myPath Variable Remote File Inclusion
|
|
35476
Description:
(Description Provided by CVE) : Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.
|
2007-04-29
|
Imageview fileview.php album Variable Traversal Local File Inclusion
|
|
35503
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
|
2007-04-29
|
The Merchant help/index.php show Variable Remote File Inclusion
|
|
35501
Description:
(Description Provided by CVE) : shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
|
2007-04-29
|
TCExam shared/code/tce_tmx.php SessionUserLang Cookie Arbitrary File Creation
|
|
35502
Description:
(Description Provided by CVE) : Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
|
2007-04-29
|
TCExam shared/config/tce_config.php _SERVER[SCRIPT_NAME] Variable XSS
|
|
35469
Description:
(Description Provided by CVE) : MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
|
2007-04-29
|
MyServer Unspecified Data Processing DoS
|
|
35466
Description:
(Description Provided by CVE) : Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally."
|
2007-04-29
|
Pi3Web Long URI Request Processing DoS
|
|
35490
Description:
(Description Provided by CVE) : Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.
|
2007-04-29
|
Progress WebSpeed Messenger WService Parameter Information Disclosure
|
|
35620
Description:
(Description Provided by CVE) : ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use.
|
2007-04-28
|
Seir Anphin modules/file.php a[filepath] Traversal Arbitrary File Access
|
|
34454
Description:
Unknown / Incomplete
|
2007-04-28
|
Ovidentia Multiple Unspecified Issues
|
|
34174
Description:
(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in Sphider 1.2.x allows remote attackers to execute arbitrary PHP code via a URL in the include_dir parameter. NOTE: a third party disputes this vulnerability, stating that "the application is not vulnerable to this issue."
|
2007-04-28
|
Sphider index.php include_dir Variable Remote File Inclusion
|
|
35474
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
2007-04-28
|
pnFlashGames Module for PostNuke index.php cid Variable SQL Injection
|
|
35616
Description:
(Description Provided by CVE) : ** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable."
|
2007-04-27
|
AFFLIB aimage/aimage.cpp Symlink Arbitrary File Overwrite
|
|
35613
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB lib/s3.cpp S3 XML Response LastModified Value Overflow
|
|
35614
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB lib/vnode_s3.cpp S3 URL Handling Multiple Overflows
|
|
35615
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB Multiple File Path Handling Overflows
|
|
35608
Description:
(Description Provided by CVE) : AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.
|
2007-04-27
|
AFFLIB tools/afconvert.cpp Arbitrary Local Command Execution
|
|
35640
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS magpie_debug.php url Variable XSS
|
|
35641
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS magpie_simple.php url Variable XSS
|
|
35642
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS magpie_slashbox.php rss_url Variable XSS
|
|
35643
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS weblogmodule Module body Variable XSS
|
|
35607
Description:
(Description Provided by CVE) : Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB Multiple Command Line Format Strings
|
|
38063
Description:
(Description Provided by CVE) : Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
|
2007-04-27
|
Adobe Multiple Products PNG File Handling Arbitrary Code Execution
|
|
35609
Description:
(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.
|
2007-04-27
|
b2evolution Multiple Script Remote File Inclusion
|
|
35438
Description:
(Description Provided by CVE) : Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
|
2007-04-27
|
MyDNS DNS Update update.c Remote Overflow
|
|
35439
Description:
(Description Provided by CVE) : Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
|
2007-04-27
|
MyDNS DNS Update update.c Off-by-one Remote DoS
|
|
35437
Description:
(Description Provided by CVE) : Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.
|
2007-04-27
|
Hitachi Groupmax Mobile Option Unspecified Remote Overflow
|
|
35467
Description:
(Description Provided by CVE) : Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
|
2007-04-27
|
Corel Paint Shop Pro PNG File Handling Overflow
|
|
35465
Description:
(Description Provided by CVE) : Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
|
2007-04-27
|
Adobe Multiple Products PNG File Handling Overflow
|
|
35464
Description:
Unknown / Incomplete
|
2007-04-27
|
iputils rarpd Packet Reply Unspecified DoS
|
|
35463
Description:
(Description Provided by CVE) : Buffer overflow in IrfanView 4.00 and earlier allows user-assisted remote attackers to execute arbitrary code via a crafted .IFF file.
|
2007-04-27
|
IrfanView Formats Plug-in IFF File Handling Overflow
|
|
35485
Description:
(Description Provided by CVE) : The get_url function in DODS_Dispatch.pm for the CGI_server in OPeNDAP 3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
2007-04-27
|
OPeNDAP CGI_server DODS_Dispatch.pm get_url Function Arbitrary Command Execution
|
|
35505
Description:
(Description Provided by CVE) : Directory traversal vulnerability in the Shared Folders feature for VMware Workstation before 5.5.4, when a folder is shared, allows users on the guest system to write to arbitrary files on the host system via the "Backdoor I/O Port" interface.
|
2007-04-27
|
VMware Workstation Shared Folders Feature Host System Arbitrary File Write
|
|
40188
Description:
(Description Provided by CVE) : ManageEngine PasswordManager Pro (PMP) allows remote attackers to obtain administrative access to a database by injecting a certain command line for the mysql program, as demonstrated by the "-port 2345" and "-u root" arguments. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-04-27
|
PasswordManager Pro (PMP) mysql Unspecified Remote Command Injection
|
|
48423
Description:
Unknown / Incomplete
|
2007-04-26
|
Flip4Mac Crafted File Processing DoS
|
|
35701
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.
|
2007-04-26
|
FireFly localize.php doc_root Variable Remote File Inclusion
|
|
35702
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the doc_root parameter to (1) localize.php or (2) config.php in modules/admin/include/.
|
2007-04-26
|
FireFly modules/admin/include/config.php doc_root Variable Remote File Inclusion
|
|
34154
Description:
Apache Axis contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests a non-existant WSDL (Web Service Definition Language) file/resource, causing a fault in the java.io.FileNotFoundException function, which will disclose the software's physical path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2007-04-26
|
Apache Axis Non-Existent Java Web Service Path Disclosure
|