[CLOSE] OSVDB ID : 37853 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in Hitachi JP1/Cm2/Hierarchical Viewer (HV) 06-00 through 06-71-/B allows remote attackers to cause a denial of service (application stop and web interface outage) via certain "unexpected data."

[CLOSE] OSVDB ID : 37852 - Disclosed: 2007-07-31

Description:

uCosminexus Application Server contains an unspecified flaw that may allow a user to use the session data of another user. It is possible that the flaw may allow remote authenticated users to access or modify another user's data resulting in a loss of integrity.

[CLOSE] OSVDB ID : 46972 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : The Groupmax Scheduler_Facilities management tool in Hitachi Groupmax Groupware Server 07-00-/F through 07-32-/A before 20070731 does not properly manage schedule server configuration data, which might allow attackers to obtain sensitive information via unspecified vectors.

[CLOSE] OSVDB ID : 36963 - Disclosed: 2007-07-31

Description:

A buffer overflow exists in Mac OS X. iChat fails to validate UPnP IGD packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36964 - Disclosed: 2007-07-31

Description:

A heap overflow exists in Mac OS X. The CoreAudio Java interface fails to validate applets resulting in a heap overflow. With a specially crafted applet, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36965 - Disclosed: 2007-07-31

Description:

A heap overflow exists in Mac OS X. The CoreAudio Java interface fails to validate applets resulting in a heap overflow. With a specially crafted applet, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36966 - Disclosed: 2007-07-31

Description:

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when by a design flaw in the CoreAudio Java interface, which may allow an attacker to free arbitrary memory. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36967 - Disclosed: 2007-07-31

Description:

A buffer overflow exists in Mac OS X. The mDNS Responder fails to validate UPnP IGD packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36968 - Disclosed: 2007-07-31

Description:

Mac OS X contains a flaw related to the handling of global objects in Safari that may allow an attacker to perform a cross-site scripting attack with a maliciously crafted web page. No further details have been provided.

[CLOSE] OSVDB ID : 36969 - Disclosed: 2007-07-31

Description:

Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user is enticed to visit a maliciously crafted web page which uses a pop-up window to read the contents of another window, which will disclose the contents of other web pages resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 36970 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : WebKit in Apple Safari 3 Beta before Update 3.0.3 does not properly recognize an unchecked "Enable Java" setting, which allows remote attackers to execute Java applets via a crafted web page.

[CLOSE] OSVDB ID : 36971 - Disclosed: 2007-07-31

Description:

Mac OS X contains a flaw that may allow a user to exceed disk quota levels. The issue is triggered when the Samba process improperly drops privileges. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 36972 - Disclosed: 2007-07-31

Description:

A memory corruption flaw exists in Mac OS X. Quartz Composer fails to validate files resulting in a access to an uninitialized object pointer. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36973 - Disclosed: 2007-07-31

Description:

An overflow exists in Mac OS X. Preview fails to validate PDF files resulting in an integer overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36974 - Disclosed: 2007-07-31

Description:

Mac OS X contains a flaw related to the the parsing of HTTP responses in CFNetwork that may allow a remote attacker to perform a cross-site scripting attack. No further details have been provided.

[CLOSE] OSVDB ID : 36975 - Disclosed: 2007-07-31

Description:

Mac OS X contains a flaw that may allow a context-dependent attacker to execute arbitrary ftp commands as the logged-in user. The issue is triggered when a user clicks on a maliciously crafted FTP URI. It is possible that the flaw may allow execution of commands on servers available to the logged-in user resulting in a loss of integrity.

[CLOSE] OSVDB ID : 37560 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11 and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors. NOTE: this is probably different from CVE-2007-0916, but this is not certain due to lack of vendor details.

[CLOSE] OSVDB ID : 37561 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport functionality in HP-UX B.11.11, B.11.23, and B.11.31 allows remote attackers to cause an unspecified denial of service via unknown vectors.

[CLOSE] OSVDB ID : 46994 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

[CLOSE] OSVDB ID : 46995 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in WordPress 2.2.1 allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the Options Database Table in the Admin Panel, accessed through options.php; or (2) the opml_url parameter to link-import.php. NOTE: this might not cross privilege boundaries in some configurations, since the Administrator role has the unfiltered_html capability.

[CLOSE] OSVDB ID : 38298 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 38299 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 38987 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

[CLOSE] OSVDB ID : 39048 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.

[CLOSE] OSVDB ID : 39192 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.

[CLOSE] OSVDB ID : 39216 - Disclosed: 2007-07-31

Description:

WebEvent contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cmd' variable upon submission to the 'webevent.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39295 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.

[CLOSE] OSVDB ID : 39371 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-general.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 39372 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-writing.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 39373 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-reading.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 39374 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-discussion.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 39375 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-privacy.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 39376 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-permalink.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 39377 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-misc.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 48466 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : fs/direct-io.c in the dio subsystem in the Linux kernel before 2.6.23 does not properly zero out the dio struct, which allows local users to cause a denial of service (OOPS), as demonstrated by a certain fio test.

[CLOSE] OSVDB ID : 39029 - Disclosed: 2007-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39030 - Disclosed: 2007-07-30

Description:

phpVoter contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'functions.inc.php' script not properly sanitizing user input supplied to the 'sitepath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 39033 - Disclosed: 2007-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39369 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.

[CLOSE] OSVDB ID : 51434 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, related to the helptags command.