OSVDB: The Open Source Vulnerability Database

Browse Database

Browsing Vulnerabilities Disclosed in April of 2008

<< Back to Browse

« Previous 1 2 3 4 5 6 7 8 9 … 16 17 Next »

OSVDB ID	Disclosure Date	Title
44978 [CLOSE] OSVDB ID : 44978 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Buffer overflow in the regular expression handler in Red Hat Directory Server 8.0 and 7.1 before SP6 allows remote attackers to cause a denial of service (slapd crash) and possibly execute arbitrary code via a crafted LDAP query that triggers the overflow during translation to a regular expression.	2008-04-30	Red Hat Linux / Fedora Directory Server slapd LDAP Search Regular Expression Handler Overflow
45391 [CLOSE] OSVDB ID : 45391 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Unrestricted file upload vulnerability in src/yopy_upload.php in Project-Based Calendaring System (PBCS) 0.7.1 allows remote authenticated users to upload arbitrary files to tmp/uploads.	2008-04-30	Project-Based Calendaring System (PBCS) src/yopy_upload.php Unrestricted File Upload
45388 [CLOSE] OSVDB ID : 45388 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.	2008-04-30	Interact modules/forum/embedforum.php CONFIG[LANGUAGE_CPATH] Parameter Remote File Inclusion
45389 [CLOSE] OSVDB ID : 45389 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Interact Learning Community Environment Interact 2.4.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) CONFIG[LANGUAGE_CPATH] parameter to modules/forum/embedforum.php and the (2) CONFIG[BASE_PATH] parameter to modules/scorm/lib.inc.php, different vectors than CVE-2006-4448.	2008-04-30	Interact modules/scorm/lib.inc.php CONFIG[BASE_PATH] Parameter Remote File Inclusion
47003 [CLOSE] OSVDB ID : 47003 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13, when running in PHP before 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.	2008-04-30	Simple Machines Forum (SMF) RNG Weakness Unspecified Issue
47002 [CLOSE] OSVDB ID : 47002 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.x before 1.1.5 and 1.0.x before 1.0.13 has unknown impact and attack vectors, probably cross-site scripting (XSS), related to "use of the html-tag."	2008-04-30	Simple Machines Forum (SMF) Unspecified XSS
44855 [CLOSE] OSVDB ID : 44855 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.writeMsg.php sysFileDir Parameter Remote File Inclusion
44881 [CLOSE] OSVDB ID : 44881 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Buffer overflow in the Multimedia PC Client in Nortel Multimedia Communication Server (MCS) before Maintenance Release 3.5.8.3 and 4.0.25.3 allows remote attackers to cause a denial of service (crash) via a flood of "extraneous" messages, as demonstrated by the Nessus "Generic flood" denial of service plugin.	2008-04-30	Nortel Multimedia Communication Server PC Client Overflow Remote DoS
44885 [CLOSE] OSVDB ID : 44885 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.	2008-04-30	SNMPc Network Manager SNMP TRAP Crafted UDP Packet Handling Overflow
44886 [CLOSE] OSVDB ID : 44886 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php.	2008-04-30	Project-Based Calendaring System (PBCS) src/yopy_sync.php filename Variable Traversal Local File Access
44882 [CLOSE] OSVDB ID : 44882 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : The Akamai Download Manager (aka DLM or dlmanager) ActiveX control (DownloadManagerV2.ocx) before 2.2.3.5 allows remote attackers to force the download and execution of arbitrary code via unspecified "undocumented object parameters."	2008-04-30	Akamai Download Manager ActiveX (DownloadManagerV2.ocx) Undocumented Object Parameters Arbitrary Code Execution
44856 [CLOSE] OSVDB ID : 44856 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.adCreate.php sysFileDir Parameter Remote File Inclusion
44857 [CLOSE] OSVDB ID : 44857 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.adCreateSave.php sysFileDir Parameter Remote File Inclusion
44858 [CLOSE] OSVDB ID : 44858 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.adDispByTypeOptions.php sysFileDir Parameter Remote File Inclusion
44859 [CLOSE] OSVDB ID : 44859 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.createRoom.php sysFileDir Parameter Remote File Inclusion
44860 [CLOSE] OSVDB ID : 44860 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.forward.php sysFileDir Parameter Remote File Inclusion
44861 [CLOSE] OSVDB ID : 44861 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.pageLogout.php sysFileDir Parameter Remote File Inclusion
44862 [CLOSE] OSVDB ID : 44862 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.resultMember.php sysFileDir Parameter Remote File Inclusion
44863 [CLOSE] OSVDB ID : 44863 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.roomDeleteConfirm.php sysFileDir Parameter Remote File Inclusion
44864 [CLOSE] OSVDB ID : 44864 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.saveNewRoom.php sysFileDir Parameter Remote File Inclusion
44865 [CLOSE] OSVDB ID : 44865 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities Harris Yusuf Arifin Harris Wap Chat 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the sysFileDir parameter to (1) eng.writeMsg.php, (2) eng.adCreate.php, (3) eng.adCreateSave.php, (4) eng.adDispByTypeOptions.php, (5) eng.createRoom.php, (6) eng.forward.php, (7) eng.pageLogout.php, (8) eng.resultMember.php, (9) eng.roomDeleteConfirm.php, (10) eng.saveNewRoom.php, and (11) eng.searchMember.php in src/.	2008-04-30	Harris Wap Chat eng.searchMember.php sysFileDir Parameter Remote File Inclusion
44887 [CLOSE] OSVDB ID : 44887 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Multiple directory traversal vulnerabilities in Project-Based Calendaring System (PBCS) 0.7.1-1 allow remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter to (1) src/yopy_sync.php and (2) system-logger/print_logs.php.	2008-04-30	Project-Based Calendaring System (PBCS) plugins/system-logger/print_logs.php filename Variable Traversal Local File Access
53368 [CLOSE] OSVDB ID : 53368 - Disclosed: 2008-04-30 Description: (Description Provided by CVE) : Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP code into oxyhistory.php via the oxymsg parameter.	2008-04-30	OxYBox edithistory.php oxymsg Parameter Arbitrary PHP Code Injection
45082 [CLOSE] OSVDB ID : 45082 - Disclosed: 2008-04-29 Description: Unknown / Incomplete	2008-04-29	mrxvt X11 :0 Default Display Local Privilege Escalation
44927 [CLOSE] OSVDB ID : 44927 - Disclosed: 2008-04-29 Description: (Description Provided by CVE) : The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory.	2008-04-29	Linux Kernel Tehuti Driver (tehuti.c) bdx_ioctl_priv Function Unspecified Local Issue
45084 [CLOSE] OSVDB ID : 45084 - Disclosed: 2008-04-29 Description: Unknown / Incomplete	2008-04-29	wterm X11 :0 Default Display Local Privilege Escalation
45083 [CLOSE] OSVDB ID : 45083 - Disclosed: 2008-04-29 Description: Unknown / Incomplete	2008-04-29	rxvt-unicode X11 :0 Default Display Local Privilege Escalation
45081 [CLOSE] OSVDB ID : 45081 - Disclosed: 2008-04-29 Description: Unknown / Incomplete	2008-04-29	aterm X11 :0 Default Display Local Privilege Escalation
50229 [CLOSE] OSVDB ID : 50229 - Disclosed: 2008-04-29 Description: Unknown / Incomplete	2008-04-29	LinPHA Maps Plugin Unspecified Local File Inclusion
44830 [CLOSE] OSVDB ID : 44830 - Disclosed: 2008-04-29 Description: (Description Provided by CVE) : Unspecified vulnerability in Plain Black WebGUI 7.4.34 has unknown impact and attack vectors related to "data form list view."	2008-04-29	WebGUI Data Form List View Unspecified Security Issue
44924 [CLOSE] OSVDB ID : 44924 - Disclosed: 2008-04-29 Description: (Description Provided by CVE) : Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password.	2008-04-29	PeerCast HTTP::getAuthUserPass() Function Basic Authentication String Remote Overflow DoS
44844 [CLOSE] OSVDB ID : 44844 - Disclosed: 2008-04-29 Description: (Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Softpedia SiteXS CMS 0.1.1 Pre-Alpha allows remote attackers to inject arbitrary web script or HTML via the user parameter.	2008-04-29	SiteXS CMS index.php user Parameter XSS
49535 [CLOSE] OSVDB ID : 49535 - Disclosed: 2008-04-29 Description: (Description Provided by CVE) : Directory traversal vulnerability in admin.php in LokiCMS 0.3.3 and earlier allows remote attackers to delete arbitrary files via a .. (dot dot) in the delete parameter.	2008-04-29	LokiCMS admin.php delete Variable Traversal Arbitrary File Deletion
44942 [CLOSE] OSVDB ID : 44942 - Disclosed: 2008-04-28 Description: (Description Provided by CVE) : Unspecified vulnerability in Juniper JUNOS 7.3 through 8.4 allows remote attackers to cause a denial of service (crash) via malformed BGP packets, possibly BGP UPDATE packets that trigger session flapping.	2008-04-28	Hitachi GR Series Malformed BGP Update Message Remote DoS
44957 [CLOSE] OSVDB ID : 44957 - Disclosed: 2008-04-28 Description: (Description Provided by CVE) : Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors.	2008-04-28	IBM WebSphere Application Server (WAS) Java Plugin Untrusted Applet Privilege Escalation
44953 [CLOSE] OSVDB ID : 44953 - Disclosed: 2008-04-28 Description: Unknown / Incomplete	2008-04-28	GraphicsMagick Insecure File Extension Handling Program Invocation
44681 [CLOSE] OSVDB ID : 44681 - Disclosed: 2008-04-28 Description: (Description Provided by CVE) : ldm in Linux Terminal Server Project (LTSP) 0.99 and 2 passes the -ac option to the X server on each LTSP client, which allows remote attackers to connect to this server via TCP port 6006 (aka display :6).	2008-04-28	ldm X11 Forwarding LTSP Client Connection Restriction Bypass
50249 [CLOSE] OSVDB ID : 50249 - Disclosed: 2008-04-28 Description: Unknown / Incomplete	2008-04-28	HTTP Time Protocol (htp) Multiple Unspecified Overflows
44605 [CLOSE] OSVDB ID : 44605 - Disclosed: 2008-04-28 Description: (Description Provided by CVE) : ZoneMinder before 1.23.3 allows remote authenticated users, and possibly unauthenticated attackers in some installations, to execute arbitrary commands via shell metacharacters in a crafted URL.	2008-04-28	ZoneMinder Multiple Unspecified Arbitrary Remote Code Execution
44608 [CLOSE] OSVDB ID : 44608 - Disclosed: 2008-04-28 Description: VicFTPS contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed LIST command is received, and will result in loss of availability for the service.	2008-04-28	VicFTPS Crafted LIST Command NULL Dereference Remote DoS

« Previous 1 2 3 4 5 6 7 8 9 … 16 17 Next »

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.