[CLOSE] OSVDB ID : 40567 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : The TSrvOptIA_NA::rebind method in SrvOptions/SrvOptIA_NA.cpp in Dibbler 0.6.0 allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via an invalid IA_NA option in a REBIND message.

[CLOSE] OSVDB ID : 40568 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.

[CLOSE] OSVDB ID : 40569 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.

[CLOSE] OSVDB ID : 40570 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Dibbler 0.6.0 on Linux uses weak world-writable permissions for unspecified files in /var/lib/dibbler, which has unknown impact and local attack vectors.

[CLOSE] OSVDB ID : 38259 - Disclosed: 2007-09-18

Description:

Automated Solutions Modbus TCP Slave ActiveX contains an overflow condition in MiniHMI.exe. The issue is triggered as user-supplied input is not properly sanitized by the Modbus/TCP Diagnostic function (FC8). With a specially crafted ModBus request to TCP port 502, a remote attacker can cause a heap-based buffer overflow to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 37989 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Kaspersky Internet Security 7.0.0.125 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to (1) cause a denial of service (crash) and possibly gain privileges via the NtCreateSection kernel SSDT hook or (2) cause a denial of service (avp.exe service outage) via the NtLoadDriver kernel SSDT hook. NOTE: this issue may partially overlap CVE-2006-3074.

[CLOSE] OSVDB ID : 37564 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : The logins command in HP-UX B.11.31, B.11.23, and B.11.11 does not correctly report password status, which allows remote attackers to obtain privileges when certain "password issues" are not detected.

[CLOSE] OSVDB ID : 40544 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in RemoteDocs R-Viewer before 1.6.3768 allows user-assisted remote attackers to execute arbitrary code via a crafted RDZ archive in which the first file has an executable extension.

[CLOSE] OSVDB ID : 40100 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in a certain ActiveX control in vielib.dll in EMC VMware 6.0.0 allows remote attackers to execute arbitrary local programs via a full pathname in the first two arguments to the (1) CreateProcess or (2) CreateProcessEx method.

[CLOSE] OSVDB ID : 40099 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in a certain ActiveX control in IntraProcessLogging.dll 5.5.3.42958 in EMC VMware allows remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the SetLogFileName method.

[CLOSE] OSVDB ID : 37099 - Disclosed: 2007-09-18

Description:

RSA EnVision 3.3.6 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "username" variable upon submission to the login page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 37100 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in mode.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the referer parameter.

[CLOSE] OSVDB ID : 37101 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Directory traversal vulnerability in viewlog.php in Coppermine Photo Gallery (CPG) 1.4.12 and earlier allows remote authenticated administrators to include and execute arbitrary local files via a .. (dot dot) in the log parameter.

[CLOSE] OSVDB ID : 40149 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : admin.php in Shop-Script FREE 2.0 and earlier sends a redirect to the web browser but does not exit when administrative credentials are missing, which allows remote attackers to access the admin panel.

[CLOSE] OSVDB ID : 40150 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Direct static code injection vulnerability in includes/admin/sub/conf_appearence.php in Shop-Script FREE 2.0 and earlier allows remote attackers to inject arbitrary PHP code into cfg/appearence.inc.php via a save_appearence action in admin.php, as demonstrated with the (1) productscount, (2) colscount, and (3) darkcolor parameters.

[CLOSE] OSVDB ID : 40089 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in VMware Server before 1.0.4 causes user passwords to be recorded in cleartext in server logs, which might allow local users to gain privileges.

[CLOSE] OSVDB ID : 40091 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unquoted Windows search path vulnerability in the Authorization and other services in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, VMware Server before 1.0.4, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1 might allow local users to gain privileges via malicious programs.

[CLOSE] OSVDB ID : 40092 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in VMware Player 1.0.x before 1.0.5 and 2.0 before 2.0.1, and Workstation 5.x before 5.5.5 and 6.x before 6.0.1, prevents it from launching, which has unspecified impact, related to untrusted virtual machine images.

[CLOSE] OSVDB ID : 40095 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows authenticated users with administrative privileges on a guest operating system to corrupt memory and possibly execute arbitrary code on the host operating system via unspecified vectors.

[CLOSE] OSVDB ID : 40096 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server before 1.0.4 Build 56528 allows users with login access to a guest operating system to cause a denial of service (guest outage and host process crash or hang) via unspecified vectors.

[CLOSE] OSVDB ID : 40097 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unquoted Windows search path vulnerability in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075, and Server before 1.0.4 Build 56528 allows local users to gain privileges via unspecified vectors, possibly involving a malicious "program.exe" file in the C: folder.

[CLOSE] OSVDB ID : 40098 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in EMC VMware ACE before 1.0.3 Build 54075 allows attackers to have an unknown impact via an unspecified manipulation of "images stored in virtual machines downloaded by the user."

[CLOSE] OSVDB ID : 45896 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : G DATA InternetSecurity 2007 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey and (2) NtOpenProcess kernel SSDT hooks.

[CLOSE] OSVDB ID : 37428 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Webmail interface for IceWarp Merak Mail Server before 9.0.0 allows remote attackers to inject arbitrary JavaScript via a javascript: URI in an attribute of an element in an email message body, as demonstrated by the onload attribute in a BODY element.

[CLOSE] OSVDB ID : 45897 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Norton Internet Security 2008 15.0.0.60 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the NtOpenSection kernel SSDT hook. NOTE: the NtCreateMutant and NtOpenEvent function hooks are already covered by CVE-2007-1793.

[CLOSE] OSVDB ID : 45898 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : ZoneAlarm Pro 7.0.362.000 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreatePort and (2) NtDeleteFile kernel SSDT hooks, a partial regression of CVE-2007-2083.

[CLOSE] OSVDB ID : 45899 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Outpost Firewall Pro 4.0.1025.7828 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteFile, (3) NtLoadDriver, (4) NtOpenProcess, (5) NtOpenSection, (6) NtOpenThread, and (7) NtUnloadDriver kernel SSDT hooks, a partial regression of CVE-2006-7160.

[CLOSE] OSVDB ID : 45895 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Ghost Security Suite beta 1.110 does not properly validate certain parameters to System Service Descriptor Table (SSDT) function handlers, which allows local users to cause a denial of service (crash) and possibly gain privileges via the (1) NtCreateKey, (2) NtDeleteValueKey, (3) NtQueryValueKey, (4) NtSetSystemInformation, and (5) NtSetValueKey kernel SSDT hooks.

[CLOSE] OSVDB ID : 37145 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.

[CLOSE] OSVDB ID : 37146 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.

[CLOSE] OSVDB ID : 37914 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 37915 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple absolute path traversal vulnerabilities in the MW6QRCode.QRCode.1 ActiveX control in MW6QRCode.dll in MW6 Technologies QRCode ActiveX 3.0.0.1 and earlier allow remote attackers to create or overwrite arbitrary files via a full pathname in the argument to the (1) SaveAsBMP or (2) SaveAsWMF method. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 38260 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.

[CLOSE] OSVDB ID : 38261 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in phpSyncML 0.1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) Decoder.php and (2) Encoder.php in WBXML/.

[CLOSE] OSVDB ID : 38262 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the sondages module in KwsPHP 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in a results action, a different module than CVE-2007-4956.2.

[CLOSE] OSVDB ID : 38263 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document. NOTE: because the details of the attack are uncertain, it is unclear whether this crosses privilege boundaries.

[CLOSE] OSVDB ID : 38264 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Ktauber.com StylesDemo mod for phpBB 2.0.xx allows remote attackers to execute arbitrary SQL commands via the s parameter.

[CLOSE] OSVDB ID : 40922 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : The readRequest method in org/gcaldaemon/core/http/HTTPListener.java in GCALDaemon 1.0-beta13 allows remote attackers to cause a denial of service via a large integer value in the Content-Length HTTP header, which triggers a fatal Java OutOfMemoryError.

[CLOSE] OSVDB ID : 42477 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in index.cgi in Site-Up 2.64 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) search or (2) search mask field.

[CLOSE] OSVDB ID : 58619 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Multiple buffer overflows in a certain ActiveX control in sparser.dll in Baofeng Storm 2.8 and earlier allow remote attackers to execute arbitrary code via malformed input in an unknown set of arguments or property values, a different DLL than CVE-2007-4816. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.