| OSVDB ID | Disclosure Date | Title |
|---|
|
45853
Description:
Unknown / Incomplete
|
2008-05-31
|
PassWiki passwiki.php site_id Variable Traversal Local File Inclusion
|
|
45856
Description:
PrayerCenter Component for Joomla contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index2.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-05-31
|
PrayerCenter Component for Joomla index2.php id Variale SQL Injection
|
|
45867
Description:
(Description Provided by CVE) : Stack-based buffer overflow in SFTP in freeSSHd 1.2.1 allows remote authenticated users to execute arbitrary code via a long directory name in an SSH_FXP_OPENDIR (aka opendir) command.
|
2008-05-31
|
freeSSHd SFTP Command Name Handling Overflow
|
|
45859
Description:
Social Site Generator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'display_blog.php' script not properly sanitizing user-supplied input to the 'sgc_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-05-31
|
Social Site Generator display_blog.php sgc_id Variable SQL Injection
|
|
45860
Description:
Unknown / Incomplete
|
2008-05-31
|
Social Site Generator social_my_profile_download.php scm_mem_id Variable SQL Injection
|
|
45861
Description:
Unknown / Incomplete
|
2008-05-31
|
Social Site Generator social_forum_subcategories.php catid Variable SQL Injection
|
|
45862
Description:
Unknown / Incomplete
|
2008-05-31
|
Social Site Generator filedload.php file Variable Arbitrary File Download
|
|
45863
Description:
Unknown / Incomplete
|
2008-05-31
|
Social Site Generator webadmin/download.php file Variable Arbitrary File Download
|
|
45864
Description:
Unknown / Incomplete
|
2008-05-31
|
Social Site Generator webadmin/download_file.php file Variable Arbitrary File Download
|
|
45865
Description:
Unknown / Incomplete
|
2008-05-31
|
Social Site Generator social_game_play.php path Variable Remote File Inclusion
|
|
45868
Description:
Unknown / Incomplete
|
2008-05-31
|
PsychoStats weapon.php id Variable SQL Injection
|
|
45869
Description:
Unknown / Incomplete
|
2008-05-31
|
PsychoStats map.php id Variable SQL Injection
|
|
45910
Description:
(Description Provided by CVE) : SQL injection vulnerability in the Bible Study (com_biblestudy) component before 6.0.7c for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a mediaplayer action to index.php.
|
2008-05-31
|
Bible Study Component for Joomla! index.php id Variable SQL Injection
|
|
45911
Description:
OtomiGenX contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'userAccount' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-05-31
|
OtomiGenX index.php userAccount Variable SQL Injection
|
|
45980
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
|
2008-05-31
|
BP Blog template_permalink.asp id Variable SQL Injection
|
|
45981
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BP Blog 6.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp and (2) cat parameter to template_archives_cat.asp.
|
2008-05-31
|
BP Blog template_archives_cat.asp cat Variable SQL Injection
|
|
45892
Description:
(Description Provided by CVE) : Apple Safari on Mac OS X, and before 3.1.2 on Windows, does not prompt the user before downloading an object that has an unrecognized content type, which allows remote attackers to place malware into the (1) Desktop directory on Windows or (2) Downloads directory on Mac OS X, aka a "Carpet Bomb," a different issue than CVE-2008-1032. NOTE: Apple considers this a vulnerability only because of certain behavior of the Windows desktop and, as of 20080619, has not covered the issue in an advisory for Mac OS X. NOTE: Microsoft describes the issue on the Windows platform as "a blended threat that allows remote code execution."
|
2008-05-30
|
Apple Safari on Windows Default Download Location Unspecified Arbitrary Code Execution
|
|
45890
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
|
2008-05-30
|
VMware Multiple Products Host Guest File System (HGFS) Shared Folders Feature Overflow
|
|
45891
Description:
(Description Provided by CVE) : Unspecified vulnerability in VMCI in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, and VMware ACE 2 before 2.0.2 build 93057 on Windows allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.
|
2008-05-30
|
VMware Multiple Products VMCI Arbitrary Local Code Execution
|
|
45893
Description:
(Description Provided by CVE) : Plugin/passwordauth.pm (aka the passwordauth plugin) in ikiwiki 1.34 through 2.47 allows remote attackers to bypass authentication, and login to any account for which an OpenID identity is configured and a password is not configured, by specifying an empty password during the login sequence.
|
2008-05-30
|
ikiwiki Account Password Null Value Weakness
|
|
45883
Description:
(Description Provided by CVE) : The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.
|
2008-05-30
|
Sun Cluster Global File System Arbitrary Deleted File Access
|
|
45884
Description:
(Description Provided by CVE) : The Sun Cluster Global File System in Sun Cluster 3.1 on Sun Solaris 8 through 10, when an underlying ufs filesystem is used, might allow local users to read data from arbitrary deleted files, or corrupt files in global filesystems, via unspecified vectors.
|
2008-05-30
|
Sun Cluster Global File System Unspecified Applications Data Integrity Issue
|
|
45729
Description:
Unknown / Incomplete
|
2008-05-30
|
Kent Web Mart Unspecified XSS
|
|
45734
Description:
DVBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.asp' script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-05-30
|
DVBBS login.asp username Variable SQL Injection
|
|
45916
Description:
Unknown / Incomplete
|
2008-05-30
|
HiveMaker Professional index.php cid Variable SQL Injection
|
|
45955
Description:
Unknown / Incomplete
|
2008-05-30
|
CMS Easyway index.php mid Variable SQL Injection
|
|
45978
Description:
(Description Provided by CVE) : SQL injection vulnerability in read.php in PHP Visit Counter 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the datespan parameter in a read action.
|
2008-05-30
|
PHP Visit Counter read.php datespan Variable SQL Injection
|
|
45979
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php in EasyWay CMS allows remote attackers to execute arbitrary SQL commands via the mid parameter.
|
2008-05-30
|
EasyWay CMS index.php mid Variable SQL Injection
|
|
45723
Description:
(Description Provided by CVE) : The default configuration of consolehelper in system-config-network before 1.5.10-1 on Fedora 8 lacks the USER=root directive, which allows local users of the workstation console to gain privileges and change the network configuration.
|
2008-05-29
|
system-config-network on Fedora Red Hat Linux Console User Unauthorized Network Setting Manipulation
|
|
45747
Description:
Unknown / Incomplete
|
2008-05-29
|
Xerox DocuShare dsdn/dsweb/SearchResults XSS
|
|
45748
Description:
Unknown / Incomplete
|
2008-05-29
|
Xerox DocuShare dsdn/dsweb/Services/User XSS
|
|
45749
Description:
Unknown / Incomplete
|
2008-05-29
|
Xerox DocuShare docushare/dsweb/ServicesLib/Group XSS
|
|
45750
Description:
Unknown / Incomplete
|
2008-05-29
|
CMS from Scratch cms/images.php dir Variable Arbitrary Directory Listing
|
|
45751
Description:
Unknown / Incomplete
|
2008-05-29
|
CMS from Scratch cms/files.php dir Variable Arbitrary Directory Listing
|
|
45752
Description:
Unknown / Incomplete
|
2008-05-29
|
CMS from Scratch cms/images.php Unrestricted File Upload Arbitrary PHP Code Execution
|
|
45753
Description:
Unknown / Incomplete
|
2008-05-29
|
CMS from Scratch cms/files.php Unrestricted File Upload Arbitrary PHP Code Execution
|
|
45692
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.
|
2008-05-29
|
imlib2 loader_pnm.c load() Function PNM File Handling Overflow
|
|
45693
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.
|
2008-05-29
|
imlib2 loader_xpm.c load() Function XPM File Handling Overflow
|
|
45733
Description:
Unknown / Incomplete
|
2008-05-29
|
Airvae Commerce index.php pid Variable SQL Injection
|
|
45944
Description:
(Description Provided by CVE) : The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
|
2008-05-29
|
Pan PartsBatch Class Crafted NZB File Handling Overflow
|
