| OSVDB ID | Disclosure Date | Title |
|---|
|
40940
Description:
(Description Provided by CVE) : Multiple integer overflows in X.Org Xserver before 1.4.1 allow context-dependent attackers to execute arbitrary code via (1) a GetVisualInfo request containing a 32-bit value that is improperly used to calculate an amount of memory for allocation by the EVI extension, or (2) a request containing values related to pixmap size that are improperly used in management of shared memory by the MIT-SHM extension.
|
2008-01-17
|
X.Org X Window System (X11) MIT-SHM Extension Crafted Request Arbitrary Code Execution
|
|
52465
Description:
(Description Provided by CVE) : Unspecified vulnerability in the user editing interface in Moodle 1.5.x, 1.6 before 1.6.6, and 1.7 before 1.7.3 allows remote authenticated users to gain privileges via unknown vectors.
|
2008-01-17
|
Moodle User Editing Interface Unspecified Remote Privilege Escalation
|
|
53686
Description:
Unknown / Incomplete
|
2008-01-17
|
PHPEcho CMS kernel/init.php Path Disclosure
|
|
53687
Description:
Unknown / Incomplete
|
2008-01-17
|
PHPEcho CMS modules/admin/index.php Path Disclosure
|
|
41404
Description:
Unknown / Incomplete
|
2008-01-17
|
LimeSurvey Import Survey/Group/Question MANAGE_LABEL Privilege Bypass
|
|
41405
Description:
Unknown / Incomplete
|
2008-01-17
|
LimeSurvey Inactive Survey Permission Weakness
|
|
41402
Description:
Unknown / Incomplete
|
2008-01-17
|
LimeSurvey Preview Survey Information Disclosure
|
|
41403
Description:
Unknown / Incomplete
|
2008-01-17
|
LimeSurvey Token Code Unspecified Brute Force Weakness
|
|
40860
Description:
A remote overflow exists in Citrix Presentation Server Independent Management Architecture Service. The service fails to validate a parameter used for memory allocation, which may result in a heap overflow if an attacker sends an overly large packet. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, or availability.
|
2008-01-17
|
Citrix Presentation Server Independent Management Architecture (IMA) Service TCP Packet Handling Remote Overflow
|
|
40944
Description:
(Description Provided by CVE) : Array index error in the XFree86-Misc extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to execute arbitrary code via a PassMessage request containing a large array index.
|
2008-01-17
|
X.Org X Window System (X11) XFree86-Misc Extension Crafted PassMessage Request Arbitrary Code Execution
|
|
40327
Description:
Clever Copy contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'album' variable upon submission to the 'gallery.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2008-01-17
|
Clever Copy gallery.php album Parameter XSS
|
|
40328
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.
|
2008-01-17
|
Clever Copy gallery.php album Parameter SQL Injection
|
|
40329
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Clever Copy 3.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to postcomment.php and the (2) album parameter to gallery.php.
|
2008-01-17
|
Clever Copy postcomment.php ID Parameter SQL Injection
|
|
40892
Description:
(Description Provided by CVE) : Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
|
2008-01-17
|
RTSP MPEG4 SP Control RtspVaPgDecoder.RtspVaPgCtrl ActiveX (RtspVapgDecoder.dll) MP4Prefix Property Overflow Arbitrary Code Execution
|
|
40356
Description:
(Description Provided by CVE) : Directory traversal vulnerability in pages/upload.php in Galaxyscripts Mini File Host 1.2.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the language parameter.
|
2008-01-17
|
Mini File Host pages/upload.php language Parameter Local File Inclusion
|
|
40514
Description:
(Description Provided by CVE) : OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 sends the configuration of the printer in cleartext, which allows remote attackers to obtain the administrative password by connecting to TCP port 5548 or 7777.
|
2008-01-17
|
OKI C5510MFP Printer Configuration Interface Password Disclosure
|
|
40541
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php in the forum module in PHPEcho CMS, probably 2.0-rc3 and earlier, allows remote attackers to execute arbitrary SQL commands via the id parameter in a section action, a different vector than CVE-2007-2866.
|
2008-01-17
|
Forum Module for PHPEcho CMS index.php id Parameter SQL Injection
|
|
40558
Description:
(Description Provided by CVE) : Buffer overflow in the Digital Data Communications RtspVaPgCtrl ActiveX control (RtspVapgDecoder.dll 1.1.0.29) allows remote attackers to execute arbitrary code via a long MP4Prefix property.
|
2008-01-17
|
Digital Data Communications RtspVaPgCtrl ActiveX (RtspVapgDecoder.dll) MP4Prefix Property Arbitrary Code Execution
|
|
40943
Description:
(Description Provided by CVE) : X.Org Xserver before 1.4.1 allows local users to determine the existence of arbitrary files via a filename argument in the -sp option to the X program, which produces different error messages depending on whether the filename exists.
|
2008-01-17
|
X.Org X Window System (X11) X Program -sp Parameter Local File Enumeration
|
|
40941
Description:
(Description Provided by CVE) : The ProcGetReservedColormapEntries function in the TOG-CUP extension in X.Org Xserver before 1.4.1 allows context-dependent attackers to read the contents of arbitrary memory locations via a request containing a 32-bit value that is improperly used as an array index.
|
2008-01-17
|
X.Org X Window System (X11) TOG-CUP Extension ProcGetReservedColormapEntries Function Arbitrary Memory Disclosure
|
|
40938
Description:
(Description Provided by CVE) : Buffer overflow in (1) X.Org Xserver before 1.4.1, and (2) the libfont and libXfont libraries on some platforms including Sun Solaris, allows context-dependent attackers to execute arbitrary code via a PCF font with a large difference between the last col and first col values in the PCF_BDF_ENCODINGS table.
|
2008-01-17
|
X.Org X Window System (X11) PCF Font Handling Arbitrary Code Execution
|
|
43256
Description:
(Description Provided by CVE) : Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.
|
2008-01-17
|
CORE FORCE Firewall Module IOCTL Functions Multiple Local Overflows
|
|
43257
Description:
(Description Provided by CVE) : Multiple buffer overflows in CORE FORCE before 0.95.172 allow local users to cause a denial of service (system crash) and possibly execute arbitrary code in the kernel context via crafted arguments to (1) IOCTL functions in the Firewall module or (2) SSDT hook handler functions in the Registry module.
|
2008-01-17
|
CORE FORCE Registry Module SSDT Hook Handler Functions Multiple Local Overflows
|
|
87467
Description:
Tor contains a weakness that is due to exit policies not properly rejecting connects that are addressed to the internal IP address. This may allow a remote attacker to more easily map a user's internal IP space.
|
2008-01-17
|
Tor Exit Policy Relay External IP Address Mapping Weakness
|
|
40300
Description:
(Description Provided by CVE) : Unspecified vulnerability in the XML DB component in Oracle Database 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and remote attack vectors, aka DB01.
|
2008-01-16
|
Oracle Database XML DB XDB.XDB_PITRIG_PKG Package PITRIG_TRUNCATE Function Overflow
|
|
40367
Description:
uTorrent contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted packet is presented to the client "Detailed Info" screen, and will result in loss of availability for the application.
|
2008-01-16
|
uTorrent Peer Window Client DoS
|
|
61131
Description:
By default, WebLogic installs with a default password. The 'weblogic' account has a password of 'weblogic' which is publicly known and documented. This allows attackers to trivially access the program or system.
|
2008-01-16
|
Oracle WebLogic Admin Console Default Credentials
|
|
40616
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the PTZCamPanelCtrl ActiveX control (CamPanel.dll) in RTS Sentry 2.1.0.2 allows remote attackers to execute arbitrary code via a long second argument to the ConnectServer method.
|
2008-01-16
|
RTS Sentry PTZCamPanelCtrl ActiveX (CamPanel.dll) ConnectServer() Method Overflow
|
|
40366
Description:
(Description Provided by CVE) : Buffer overflow in (1) BitTorrent 6.0 and earlier; and (2) uTorrent 1.7.5 and earlier, and 1.8-alpha-7834 and earlier in the 1.8.x series; on Windows allows remote attackers to cause a denial of service (application crash) via a long Unicode string representing a client version identifier.
|
2008-01-16
|
BitTorrent Peer Window Client DoS
|
|
40279
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Oracle Ultra Search component in Oracle Collaboration Suite 10.1.2; Database 9.2.0.8, 10.1.0.5, and 10.2.0.3; and Application Server 9.0.4.3 and 10.1.2.0.2; has unknown impact and local attack vectors, aka OCS01. NOTE: Oracle has not disputed a reliable claim that this issue is related to WKSYS schema privileges.
|
2008-01-16
|
Oracle Collaboration Suite Ultra Search Unspecified Remote Issue
|
|
40280
Description:
PeopleSoft PeopleTools contains a flaw that allows a remote unauthenticated cross site scripting attack. The flaw exists in the PeopleSoft Internet Architecture (PIA). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.
|
2008-01-16
|
Oracle PeopleSoft PeopleTools PIA Unauthenticated XSS
|
|
40281
Description:
PeopleSoft PeopleTools contains a flaw that allows a remote cross site scripting attack. This flaw exists in the CRM component. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.
|
2008-01-16
|
Oracle PeopleSoft PeopleTools Unspecified Remote XSS (PSE02)
|
|
40282
Description:
PeopleSoft PeopleTools contains a flaw that allows a remote cross site scripting attack. The flaw exists in the PeopleSoft Internet Architecture (PIA). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.
|
2008-01-16
|
Oracle PeopleSoft PeopleTools PIA Unspecified XSS (PSE03)
|
|
40283
Description:
PeopleSoft PeopleTools contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered via the logging of sensitive information in PeopleCode occurs, which could disclose said sensitive information resulting in a loss of confidentiality.
|
2008-01-16
|
Oracle PeopleSoft PeopleTools PeopleCode Unspecified Logging Remote Information Disclosure
|
|
40284
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07).
|
2008-01-16
|
Oracle E-Business Suite Mobile Application Server Unspecified Remote Issue
|
|
40285
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04).
|
2008-01-16
|
Oracle E-Business Suite Application Object Library Unspecified Remote Issue (APP02)
|
|
40286
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07).
|
2008-01-16
|
Oracle E-Business Suite Applications Framework Unspecified Remote Information Disclosure
|
|
40287
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Oracle E-Business Suite 11.5.10.2 allow remote attackers to affect confidentiality via unknown vectors related to the (1) Oracle Application Object Library (APP02) and (2) Oracle Applications Manager (APP04).
|
2008-01-16
|
Oracle E-Business Suite Applications Manager Unspecified Remote Information Disclosure
|
|
40288
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07).
|
2008-01-16
|
Oracle E-Business Suite CRM Technical Foundation Unspecified Remote Issue
|
|
40289
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Oracle E-Business Suite 12.0.3 allow (1) local users to affect confidentiality and integrity via unknown vectors related to the Mobile Application Server component (APP01); (2) remote attackers to affect confidentiality via unknown vectors related to the Oracle Applications Framework (APP03); remote authenticated users to affect confidentiality and integrity via unknown vectors related to the (3) CRM Technical Foundation (APP05) and (4) Oracle Application Object Library (APP06); and remote authenticated users to affect integrity and availability via unknown vectors related to (5) Oracle Applications Technology Stack (APP07).
|
2008-01-16
|
Oracle E-Business Suite Application Object Library Unspecified Remote Issue (APP06)
|
