| OSVDB ID | Disclosure Date | Title |
|
39846
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
|
2007-04-30
|
Imager bmp.c read_4bit_bmp Function 4-bit/pixel BMP File Parsing Overflow
|
|
37640
Description:
Wireshark contains a flaw in the way it handles SSL and MMS packets that may allow a remote denial of service. The issue is triggered by a specially crafted packet, and will result in loss of availability for the application.
|
2007-04-30
|
Wireshark Malformed SSL / MMS Packet Handling DoS
|
|
36231
Description:
(Description Provided by CVE) : SQL injection vulnerability in down_indir.asp in Gazi Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-04-30
|
Gazi Download Portal down_indir.asp id Parameter SQL Injection
|
|
35475
Description:
(Description Provided by CVE) : Directory traversal vulnerability in top.php3 in SWsoft Plesk for Windows 8.1 and 8.1.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the locale_id parameter.
|
2007-04-30
|
Plesk top.php locale_id Parameter Traversal Arbitrary File Access
|
|
35504
Description:
(Description Provided by CVE) : Unspecified vulnerability in HP OpenVMS for Integrity Servers 8.2-1 and 8.3 allows local users to cause a denial of service (crash) via "Program actions relating to exceptions."
|
2007-04-30
|
OpenVMS for Integrity Servers Unspecified Local DoS
|
|
34433
Description:
(Description Provided by CVE) : libmp4v2.dll in Winamp 5.02 through 5.34 allows user-assisted remote attackers to execute arbitrary code via a certain .MP4 file. NOTE: some of these details are obtained from third party information.
|
2007-04-30
|
Winamp MP4 File Handling Memory Corruption
|
|
34748
Description:
(Description Provided by CVE) : Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function.
|
2007-04-30
|
ISC BIND query.c query_addsoa Function Unspecified Recursive Query DoS
|
|
35671
Description:
(Description Provided by CVE) : Buffer overflow in asnsp.dll in Aventail Connect 4.1.2.13 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a malformed DNS query.
|
2007-04-30
|
Aventail Connect VPN Client asnsp.dll Malformed DNS Query Overflow
|
|
41730
Description:
(Description Provided by CVE) : RealNetworks RealPlayer 10 Gold allows remote attackers to cause a denial of service (memory consumption) via a certain .ra file. NOTE: this issue was referred to as a "memory leak," but it is not clear if this is correct.
|
2007-04-30
|
RealPlayer RA File Handling Memory Consumption DoS
|
|
35510
Description:
appweb contains a flaw that may allow a remote denial of service. The issue is triggered when using format strings (%s %d %d ...) directly into the URL requested, and will result in loss of availability for the appweb server.
|
2007-04-29
|
Mbedthis AppWeb URL Protocol Format String
|
|
34356
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in myfunctions/mygallerybrowser.php in the myGallery 1.4b4 and earlier plugin for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the myPath parameter.
|
2007-04-29
|
myGallery Plugin for WordPress mygallerybrowser.php myPath Parameter Remote File Inclusion
|
|
35476
Description:
(Description Provided by CVE) : Directory traversal vulnerability in fileview.php in Imageview 5.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the album parameter.
|
2007-04-29
|
Imageview fileview.php album Parameter Traversal Local File Inclusion
|
|
35503
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in help/index.php in The Merchant (themerchant) 2.2 allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.
|
2007-04-29
|
The Merchant help/index.php show Parameter Remote File Inclusion
|
|
35501
Description:
(Description Provided by CVE) : shared/code/tce_tmx.php in TCExam 4.0.011 and earlier allows remote attackers to create arbitrary PHP files in cache/ by placing file contents and directory traversal manipulations into a SessionUserLang cookie to public/code/index.php.
|
2007-04-29
|
TCExam shared/code/tce_tmx.php SessionUserLang Cookie Arbitrary File Creation
|
|
35502
Description:
(Description Provided by CVE) : Dynamic variable evaluation vulnerability in shared/config/tce_config.php in TCExam 4.0.011 and earlier allows remote attackers to conduct cross-site scripting (XSS) and possibly other attacks by modifying critical variables such as $_SERVER, as demonstrated by injecting web script via the _SERVER[SCRIPT_NAME] parameter.
|
2007-04-29
|
TCExam shared/config/tce_config.php _SERVER[SCRIPT_NAME] Parameter XSS
|
|
35469
Description:
(Description Provided by CVE) : MyServer before 0.8.8 allows remote attackers to cause a denial of service via unspecified vectors.
|
2007-04-29
|
MyServer Unspecified Data Processing DoS
|
|
35466
Description:
(Description Provided by CVE) : Pi3Web Web Server 2.0.3 PL1 allows remote attackers to cause a denial of service (application exit) via a long URI. NOTE: this issue was originally reported as a crash, but the vendor states that the impact is a "clean" exit in which "the server I/O loop finishes and the process exits normally."
|
2007-04-29
|
Pi3Web Long URI Request Processing DoS
|
|
35490
Description:
(Description Provided by CVE) : Progress Webspeed Messenger allows remote attackers to obtain sensitive information via a WService parameter containing "wsbroker1/webutil/about.r", which reveals the operating system and product information.
|
2007-04-29
|
Progress WebSpeed Messenger WService Parameter Information Disclosure
|
|
67627
Description:
By default, 2Wire routers install with a default HTTP administrative password. The device has a password of '2wire' or 'Wireless' which is publicly known and documented. This allows attackers to trivially access the program or system.
|
2007-04-29
|
2Wire Router HTTP Admin Interface Default Password
|
|
35620
Description:
(Description Provided by CVE) : ** DISPUTED ** Directory traversal vulnerability in modules/file.php in Seir Anphin allows remote attackers to obtain sensitive information via a .. (dot dot) in the a[filepath] parameter. NOTE: a third party has disputed this issue because the a array is populated by a database query before use.
|
2007-04-28
|
Seir Anphin modules/file.php a[filepath] Traversal Arbitrary File Access
|
|
34454
Description:
Unknown / Incomplete
|
2007-04-28
|
Ovidentia Multiple Unspecified Issues
|
|
34174
Description:
Sphider contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input supplied to the 'include_dir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2007-04-28
|
Sphider index.php include_dir Parameter Remote File Inclusion
|
|
35474
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php in the pnFlashGames 1.5 module for PostNuke allows remote attackers to execute arbitrary SQL commands via the cid parameter.
|
2007-04-28
|
pnFlashGames Module for PostNuke index.php cid Parameter SQL Injection
|
|
35616
Description:
(Description Provided by CVE) : ** REJECT ** The getlock function in aimage/aimage.cpp in AFFLIB 2.2.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary lock files (aka "time-of-check-time-of-use file race"). NOTE: the researcher has retracted the original advisory, stating that "the portion of vulnerable code is not called in any current version of AFFLIB and is therefore not exploitable."
|
2007-04-27
|
AFFLIB aimage/aimage.cpp Symlink Arbitrary File Overwrite
|
|
35613
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB lib/s3.cpp S3 XML Response LastModified Value Overflow
|
|
35614
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB lib/vnode_s3.cpp S3 URL Handling Multiple Overflows
|
|
35615
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in AFFLIB before 2.2.6 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a long LastModified value in an S3 XML response in lib/s3.cpp; (2) a long (a) path or (b) bucket in an S3 URL in lib/vnode_s3.cpp; or (3) a long (c) EFW, (d) AFD, or (c) aimage file path. NOTE: the aimage vector (3c) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB Multiple File Path Handling Overflows
|
|
35608
Description:
(Description Provided by CVE) : AFFLIB 2.2.8 and earlier allows attackers to execute arbitrary commands via shell metacharacters involving (1) certain command line parameters in tools/afconvert.cpp and (2) arguments to the get_parameter function in aimage/ident.cpp. NOTE: it is unknown if the get_parameter vector (2) is ever called.
|
2007-04-27
|
AFFLIB tools/afconvert.cpp Arbitrary Local Command Execution
|
|
35640
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS magpie_debug.php url Parameter XSS
|
|
35641
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS magpie_simple.php url Parameter XSS
|
|
35642
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS magpie_slashbox.php rss_url Parameter XSS
|
|
35643
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Exponent CMS 0.96.6 Alpha and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter to (a) magpie_debug.php and (b) magpie_simple.php in external/magpierss/scripts/, the (2) rss_url parameter to (c) magpie_slashbox.php in external/magpierss/scripts/, and the (3) body parameter to the (d) weblogmodule (aka Weblog Comments) module.
|
2007-04-27
|
Exponent CMS weblogmodule Module body Parameter XSS
|
|
35607
Description:
(Description Provided by CVE) : Multiple format string vulnerabilities in AFFLIB before 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls in (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/aimage.cpp, (f) aimage/imager.cpp, and (g) tools/afxml.cpp. NOTE: the aimage.cpp vector (e) has since been recalled from the researcher's original advisory, since the code is not called in any version of AFFLIB.
|
2007-04-27
|
AFFLIB Multiple Command Line Format Strings
|
|
38063
Description:
(Description Provided by CVE) : Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
|
2007-04-27
|
Adobe Multiple Products PNG File Handling Arbitrary Code Execution
|
|
35609
Description:
(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) default.php, (f) index.php, and (g) multiblogs.php in blogs/; the (2) view_path and (3) control_path parameters to blogs/admin.php; and the (4) skins_path parameter to (h) blogs/contact.php and (i) blogs/multiblogs.php. NOTE: this issue is disputed by CVE, since the inc_path, view_path, control_path, and skins_path variables are all initialized in conf/_advanced.php before they are used.
|
2007-04-27
|
b2evolution Multiple Script Remote File Inclusion
|
|
35438
Description:
(Description Provided by CVE) : Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
|
2007-04-27
|
MyDNS DNS Update update.c Remote Overflow
|
|
35439
Description:
(Description Provided by CVE) : Multiple buffer overflows in MyDNS 1.1.0 allow remote attackers to (1) cause a denial of service (daemon crash) and possibly execute arbitrary code via a certain update, which triggers a heap-based buffer overflow in update.c; and (2) cause a denial of service (daemon crash) via unspecified vectors that trigger an off-by-one stack-based buffer overflow in update.c.
|
2007-04-27
|
MyDNS DNS Update update.c Off-by-one Remote DoS
|
|
35437
Description:
(Description Provided by CVE) : Buffer overflow in Hitachi Groupmax Mobile Option for Mobile-Phone 07-00 through 07-30, 5 for i-mode 05-11 through 05-23, and 6 for EZweb 06-00 through 06-04 allows remote attackers to execute arbitrary code via unspecified vectors.
|
2007-04-27
|
Hitachi Groupmax Mobile Option Unspecified Remote Overflow
|
|
35467
Description:
(Description Provided by CVE) : Buffer overflow in Corel Paint Shop Pro 11.20 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
|
2007-04-27
|
Corel Paint Shop Pro PNG File Handling Overflow
|
|
35465
Description:
(Description Provided by CVE) : Buffer overflow in Adobe Photoshop CS2 and CS3, Photoshop Elements 5.0, Illustrator CS3, and GoLive 9 allows user-assisted remote attackers to execute arbitrary code via a crafted .PNG file.
|
2007-04-27
|
Adobe Multiple Products PNG File Handling Overflow
|