| OSVDB ID | Disclosure Date | Title |
|
36337
Description:
(Description Provided by CVE) : SQL injection vulnerability in view_event.php in TotalCalendar 2.402 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
2007-06-30
|
TotalCalendar view_event.php id Variable SQL Injection
|
|
38960
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
|
2007-06-30
|
Buddy Zone view_news.php news_id Variable SQL Injection
|
|
38961
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
|
2007-06-30
|
Buddy Zone view_events.php cat_id Variable SQL Injection
|
|
38962
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Buddy Zone 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the news_id parameter to view_news.php, (2) the cat_id parameter to view_events.php, or (3) the member_id parameter to video_gallery.php.
|
2007-06-30
|
Buddy Zone video_gallery.php member_id Variable SQL Injection
|
|
38963
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Module/Galerie.php in XCMS 1.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) Ent or (2) Lang parameter.
|
2007-06-30
|
XCMS Module/Galerie.php Multiple Variable Traversal Arbitrary File Access
|
|
38964
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
|
2007-06-30
|
sPHPell spellcheckpageinc.php SpellIncPath Variable Remote File Inclusion
|
|
38965
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
|
2007-06-30
|
sPHPell spellchecktext.php SpellIncPath Variable Remote File Inclusion
|
|
38966
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
|
2007-06-30
|
sPHPell spellcheckwindow.php SpellIncPath Variable Remote File Inclusion
|
|
38967
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in sPHPell 1.01 allow remote attackers to execute arbitrary PHP code via a URL in the SpellIncPath parameter to (1) spellcheckpageinc.php, (2) spellchecktext.php, (3) spellcheckwindow.php, or (4) spellcheckwindowframeset.php.
|
2007-06-30
|
sPHPell spellcheckwindowframeset.php SpellIncPath Variable Remote File Inclusion
|
|
45745
Description:
(Description Provided by CVE) : Stack-based buffer overflow in W3Filer 2.1.3 allows remote FTP servers to cause a denial of service (application hang or crash) and possibly execute arbitrary code by sending a large banner to a client that is sending a file.
|
2007-06-29
|
W3Filer File Sending Banner Reply Handling Overflow
|
|
38955
Description:
(Description Provided by CVE) : Microsoft Internet Explorer 7 allows remote attackers to determine the existence of page history via the history.length JavaScript variable.
|
2007-06-29
|
Microsoft IE history.length Variable History Disclosure
|
|
37791
Description:
(Description Provided by CVE) : The 3Com IntelliJack Switch NJ220 before 2.0.23 allows remote attackers to cause a denial of service (reboot and reporting outage) via a loopback packet with zero in the length field.
|
2007-06-29
|
3Com IntelliJack Switch NJ220 Crafted Loopback Packet Remote DoS
|
|
40524
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the local__vcentry_parse_value function in vorbiscomment.c in flac123 (aka flac-tools or flac) before 0.0.10 allows user-assisted remote attackers to execute arbitrary code via a large comment value_length.
|
2007-06-29
|
flac123 vorbiscomment.c local__vcentry_parse_value Function Comment Parsing Overflow
|
|
37064
Description:
(Description Provided by CVE) : SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
|
2007-06-29
|
Coppermine Photo Gallery album Password Cookie SQL Injection
|
|
37065
Description:
(Description Provided by CVE) : SQL injection vulnerability in Coppermine Photo Gallery (CPG) before 1.4.11 allows remote attackers to execute arbitrary SQL commands via an album password cookie to an unspecified component.
|
2007-06-29
|
Coppermine Photo Gallery albmgr.php cat Variable SQL Injection
|
|
42434
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket user_login.php XSS
|
|
42435
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket admin_login.php XSS
|
|
42436
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket user_group.php XSS
|
|
42437
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket rep.php XSS
|
|
42438
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket pref.php XSS
|
|
42439
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket my.php XSS
|
|
42440
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket main.php XSS
|
|
42441
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket mail.php XSS
|
|
42442
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket cat.php XSS
|
|
42443
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket banlist_delete.php XSS
|
|
42444
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket banlist_addedit.php XSS
|
|
42445
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket banlist.php XSS
|
|
42446
Description:
Unknown / Incomplete
|
2007-06-29
|
eTicket searc_form.php XSS
|
|
38914
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in akocomment allow remote attackers to execute arbitrary SQL commands via the (1) acparentid or (2) acitemid parameter to an unspecified component, different vectors than CVE-2006-1421.
|
2007-06-29
|
AkoComment Unspecified Component Multiple Variable SQL Injection
|
|
38936
Description:
(Description Provided by CVE) : SQL injection vulnerability in view_sub_cat.php in Buddy Zone 1.5 allows remote attackers to execute arbitrary SQL commands via the cat_id parameter.
|
2007-06-29
|
Buddy Zone view_sub_cat.php cat_id Variable SQL Injection
|
|
38860
Description:
(Description Provided by CVE) : Cross-domain vulnerability in Apple Safari for Windows 3.0.1 allows remote attackers to bypass the "same origin policy" and access restricted information from other domains via JavaScript that overwrites the document variable and statically sets the document.domain attribute.
|
2007-06-28
|
Apple Safari document.domain Attribute Cross Domain Information Disclosure
|
|
37792
Description:
(Description Provided by CVE) : IBM OS/400 (aka i5/OS) V4R2M0 through V5R3M0 on iSeries machines sends responses to TCP SYN-FIN packets, which allows remote attackers to obtain system information and possibly bypass firewall rules.
|
2007-06-28
|
IBM OS/400 on iSeries TCP SYN-FIN Packet Handling Security Bypass
|
|
37755
Description:
(Description Provided by CVE) : Directory traversal vulnerability in the PersistenceService in Sun Java Web Start in JDK and JRE 5.0 Update 11 and earlier, and Java Web Start in SDK and JRE 1.4.2_13 and earlier, for Windows allows remote attackers to perform unauthorized actions via an application that grants file overwrite privileges to itself. NOTE: this can be leveraged to execute arbitrary code by overwriting a .java.policy file.
|
2007-06-28
|
Sun Java Web Start PersistenceService Application Traversal Arbitrary File Overwrite
|
|
39847
Description:
(Description Provided by CVE) : Xeweb XEForum allows remote attackers to gain privileges via a modified xeforum cookie.
|
2007-06-28
|
XEForum xeforum Cookie Manipulation Remote Privilege Escalation
|
|
37672
Description:
(Description Provided by CVE) : Multiple buffer overflows in the AMX NetLinx VNC (AmxVnc) ActiveX control in AmxVnc.dll 1.0.13.0 allow remote attackers to execute arbitrary code via long (1) Host, (2) Password, or (3) LogFile property values.
|
2007-06-28
|
AMX NetLinx VNC (AmxVnc) ActiveX (AmxVnc.dll) Multiple Property Overflows
|
|
40177
Description:
(Description Provided by CVE) : NVIDIA drivers (nvidia-drivers) before 1.0.7185, 1.0.9639, and 100.14.11, as used in Gentoo Linux and possibly other distributions, creates /dev/nvidia* device files with insecure permissions, which allows local users to modify video card settings, cause a denial of service (crash or physical video card damage), and obtain sensitive information.
|
2007-06-28
|
Gentoo Linux NVIDIA Drivers (nvidia-drivers) /dev/nvidia* Device Permission Weakness
|
|
38909
Description:
(Description Provided by CVE) : PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to cause a denial of service (infinite loop and resource consumption) via a malformed WDP project file.
|
2007-06-28
|
WinDEV Malformed WDP Project File Remote DoS
|
|
38910
Description:
(Description Provided by CVE) : Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file.
|
2007-06-28
|
WinDEV WDP File used DLL Field Overflow
|
|
37217
Description:
(Description Provided by CVE) : Unspecified vulnerability in the web-based product configuration system in Kaspersky Anti-Spam before 3.0 MP1 allows remote attackers to obtain access to certain directories.
|
2007-06-28
|
Kaspersky Anti-Spam Web Config Unspecified Directory Listing
|
|
44097
Description:
Unknown / Incomplete
|
2007-06-28
|
Phorum Unspecified XSS
|