[CLOSE] OSVDB ID : 43992 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Stack-based buffer overflow in ovwparser.dll in HP OpenView Network Node Manager (OV NNM) 7.53, 7.51, and earlier allows remote attackers to execute arbitrary code via a long URI in an HTTP request processed by ovas.exe, as demonstrated by a certain topology/homeBaseView request. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43996 - Disclosed: 2008-04-02

Description:

Writer's Block CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'permalink.php' script not properly sanitizing user-supplied input to the 'PostID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 43998 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in makepost.php in DaZPHPNews 0.1-1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the prefixdir parameter.

[CLOSE] OSVDB ID : 43999 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the insertion filter in the Flickr Drupal module 5.x before 5.x-1.3 and 6.x before 6.x-1.0-alpha allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 44245 - Disclosed: 2008-04-02

Description:

Online FlashQuiz Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'quiz/common/db_config.inc.php' script not properly sanitizing user input supplied to the 'base_dir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 44382 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in modules/basicfog/basicfogfactory.class.php in PhpBlock A8.4 allows remote attackers to execute arbitrary PHP code via a URL in the PATH_TO_CODE parameter.

[CLOSE] OSVDB ID : 44715 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the Ubercart 5.x before 5.x-1.0-rc1 module for Drupal allow remote attackers to inject arbitrary web script or HTML via text fields intended for the (1) address and (2) order information, which are later displayed on the order view page and unspecified other administrative pages, a different vulnerability than CVE-2008-1428.

[CLOSE] OSVDB ID : 49448 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Showroom Joomlearn LMS (com_lms) component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the cat parameter in a showTests task.

[CLOSE] OSVDB ID : 52119 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 52120 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 52121 - Disclosed: 2008-04-02

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Philippe CROCHAT EasySite 2.0 allow remote attackers to execute arbitrary PHP code via a URL in the EASYSITE_BASE parameter to (1) browser.php, (2) image_editor.php and (3) skin_chooser.php in configuration/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 44017 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : The Replace function in the capp-lspp-config script in the (1) lspp-eal4-config-ibm and (2) capp-lspp-eal4-config-hp packages before 0.65-2 in Red Hat Enterprise Linux (RHEL) 5 uses lstat instead of stat to determine the /etc/pam.d/system-auth file permissions, leading to a change to world-writable permissions for the /etc/pam.d/system-auth-ac file, which allows local users to gain privileges by modifying this file.

[CLOSE] OSVDB ID : 49006 - Disclosed: 2008-04-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66111 - Disclosed: 2008-04-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44286 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

[CLOSE] OSVDB ID : 44287 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in the SIP server in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote authenticated users to cause a denial of service (resource consumption) via unknown vectors.

[CLOSE] OSVDB ID : 44288 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in SIP Enablement Services (SES) in Avaya Communication Manager 3.1.x and 4.x allows remote attackers to gain privileges and cause a denial of service via unknown vectors related to reuse of valid credentials.

[CLOSE] OSVDB ID : 43935 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : The ChilkatHttp.ChilkatHttp.1 and ChilkatHttp.ChilkatHttpRequest.1 ActiveX controls in ChilkatHttp.dll 2.4.0.0, 2.3.0.0, and earlier in ChilkatHttp ActiveX expose the unsafe SaveLastError method, which allows remote attackers to overwrite arbitrary files. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43987 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in IBM DB2 Content Manager before 8.3 FP8 has unknown impact and attack vectors related to the AllowedTrustedLogin privilege.

[CLOSE] OSVDB ID : 53213 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : index.php in Terracotta (aka OpenTerracotta) 0.6.1 allows remote attackers to obtain sensitive information via an invalid File parameter, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 53214 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in the RenderFile function in ContentRender.class.php in Terracotta (aka OpenTerracotta) 0.6.1, and possibly other versions, allow remote attackers to list arbitrary directories and read arbitrary files via a .. (dot dot) in the (1) CurrentDirectory and (2) File parameters to index.php.

[CLOSE] OSVDB ID : 43995 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : MailServer.exe in NoticeWare Email Server 4.6.1.0 allows remote attackers to cause a denial of service (application crash) via a long string to IMAP port (143/tcp).

[CLOSE] OSVDB ID : 43933 - Disclosed: 2008-04-01

Description:

Sava's Link Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'viewlinks.php' script not properly sanitizing user-supplied input to the 'category' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 43934 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in Sava's Link Manager 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the q parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 44329 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : cgi-data/FastJSData.cgi in OmniPCX Office with Internet Access services OXO210 before 210/091.001, OXO600 before 610/014.001, and other versions, allows remote attackers to execute arbitrary commands and "obtain OXO resources" via shell metacharacters in the id2 parameter.

[CLOSE] OSVDB ID : 44330 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Integer overflow in pdftops filter in CUPS in Red Hat Enterprise Linux 3 and 4, when running on 64-bit platforms, allows remote attackers to execute arbitrary code via a crafted PDF file. NOTE: this issue is due to an incomplete fix for CVE-2004-0888.

[CLOSE] OSVDB ID : 47004 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Microsoft Crypto API 5.131.2600.2180 through 6.0, as used in Outlook, Windows Live Mail, and Office 2007, performs Certificate Revocation List (CRL) checks by using an arbitrary URL from a certificate embedded in a (1) S/MIME e-mail message or (2) signed document, which allows remote attackers to obtain reading times and IP addresses of recipients, and port-scan results, via a crafted certificate with an Authority Information Access (AIA) extension.

[CLOSE] OSVDB ID : 43931 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in Sava's GuestBook 2.0 allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the action parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 43959 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Novell NetWare 6.5 allows attackers to cause a denial of service (ABEND) via a crafted Macintosh iPrint client request.

[CLOSE] OSVDB ID : 43964 - Disclosed: 2008-04-01

Description:

FaPhoto contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'show.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 43990 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in HP Select Identity 4.00, 4.01, 4.11, 4.12, 4.13, and 4.20 allow remote authenticated users to access other user accounts via unknown vectors, a different issue than CVE-2008-0214.

[CLOSE] OSVDB ID : 44290 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in blog/search.aspx in BlogEngine.NET allows remote attackers to inject arbitrary web script or HTML via the q parameter.

[CLOSE] OSVDB ID : 44416 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 49218 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : SQL injection vulnerability in the actualite module 1.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 51107 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in engine/modules/imagepreview.php in Datalife Engine 6.7 allows remote attackers to hijack the authentication of arbitrary users for requests that use a modified image parameter.

[CLOSE] OSVDB ID : 54671 - Disclosed: 2008-04-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the PXE TFTP Service (PXEMTFTP.exe) in LANDesk Management Suite (LDMS) 8.80.1.1 and earlier allows remote attackers to read arbitrary files via a subdirectory name followed by ".." sequences, a different vulnerability than CVE-2008-1643.

[CLOSE] OSVDB ID : 58806 - Disclosed: 2008-04-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48699 - Disclosed: 2008-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43911 - Disclosed: 2008-03-31

Description:

(Description Provided by CVE) : OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.