| OSVDB ID | Disclosure Date | Title |
|
46650
Description:
(Description Provided by CVE) : Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
|
2008-06-30
|
Wireshark RMI Dissector Unspecified System Memory Disclosure
|
|
46663
Description:
(Description Provided by CVE) : Unspecified vulnerability in Alias Manager in Apple Mac OS X 10.5.1 and earlier on Intel platforms allows local users to gain privileges or cause a denial of service (memory corruption and application crash) by resolving an alias that contains crafted AFP volume mount information.
|
2008-06-30
|
Apple Mac OS X Alias Manager Volume Mount Information Handling Arbitrary Code Execution
|
|
46664
Description:
(Description Provided by CVE) : Incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X before 10.5.4 allows user-assisted remote attackers to execute arbitrary code via a (1) .xht or (2) .xhtm file, which does not trigger a "potentially unsafe" warning message in (a) the Download Validation feature in Mac OS X 10.4 or (b) the Quarantine feature in Mac OS X 10.5.
|
2008-06-30
|
Apple Mac OS X CoreTypes .xht* Handling Warning Weakness
|
|
46665
Description:
(Description Provided by CVE) : Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
|
2008-06-30
|
Apple Mac OS X c++filt Format String Arbitrary Code Execution
|
|
46666
Description:
(Description Provided by CVE) : Launch Services in Apple Mac OS X before 10.5, when Open Safe Files is enabled, allows remote attackers to execute arbitrary code via a symlink attack, probably related to a race condition and automatic execution of a downloaded file.
|
2008-06-30
|
Apple Mac OS X Launch Services Symlink Download Validation Race Condition Arbitrary Code Execution
|
|
46667
Description:
(Description Provided by CVE) : Apple Mac OS X before 10.5 uses weak permissions for the User Template directory, which allows local users to gain privileges by inserting a Trojan horse file into this directory.
|
2008-06-30
|
Apple Mac OS X System Configuration User Template Directory Permission Weakness Local Privilege Escalation
|
|
46668
Description:
(Description Provided by CVE) : Dock in Apple Mac OS X 10.5 before 10.5.4, when Exposé hot corners is enabled, allows physically proximate attackers to gain access to a locked session in (1) sleep mode or (2) screen saver mode via unspecified vectors.
|
2008-06-30
|
Apple Mac OS X Dock Exposé Hot Corners Unspecified Screen Lock Bypass
|
|
46669
Description:
(Description Provided by CVE) : SNMPv3 HMAC verification in (1) Net-SNMP 5.2.x before 5.2.4.1, 5.3.x before 5.3.2.1, and 5.4.x before 5.4.1.1; (2) UCD-SNMP; (3) eCos; (4) Juniper Session and Resource Control (SRC) C-series 1.0.0 through 2.0.0; (5) NetApp (aka Network Appliance) Data ONTAP 7.3RC1 and 7.3RC2; (6) SNMP Research before 16.2; (7) multiple Cisco IOS, CatOS, ACE, and Nexus products; (8) Ingate Firewall 3.1.0 and later and SIParator 3.1.0 and later; (9) HP OpenView SNMP Emanate Master Agent 15.x; and possibly other products relies on the client to specify the HMAC length, which makes it easier for remote attackers to bypass SNMP authentication via a length value of 1, which only checks the first byte.
|
2008-06-30
|
Apple Mac OS X HMAC Authentication SNMPv3 Authentication Packet Spoofing
|
|
46930
Description:
(Description Provided by CVE) : Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
|
2008-06-30
|
Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS
|
|
46634
Description:
myBloggie contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'user_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-06-30
|
myBloggie index.php user_id Parameter SQL Injection
|
|
46635
Description:
myBloggie contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'post_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-06-30
|
myBloggie admin.php post_id Parameter SQL Injection
|
|
46691
Description:
(Description Provided by CVE) : Integer overflow in the rb_ary_fill function in array.c in Ruby before revision 17756 allows context-dependent attackers to cause a denial of service (crash) or possibly have unspecified other impact via a call to the Array#fill method with a start (aka beg) argument greater than ARY_MAX_SIZE. NOTE: this issue exists because of an incomplete fix for other closely related integer overflows.
|
2008-06-30
|
Ruby rb_ary_fill() Function Overflow
|
|
46652
Description:
(Description Provided by CVE) : Stack-based buffer overflow in phgrafx in QNX Momentics (aka RTOS) 6.3.2 and earlier allows local users to gain privileges via a long .pal filename in palette/.
|
2008-06-30
|
QNX Momentics /usr/photon/bin/phgrafx .pal File Handling Local Overflow
|
|
46690
Description:
Perl-Compatible Regular Expression (PCRE) contains an overflow condition in the handling of regular expressions. The issue is due to the library not validating user-supplied input when handling regular expressions that begin with an option and contain multiple branches. With a specially crafted request, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.
|
2008-06-30
|
Perl-Compatible Regular Expression (PCRE) pcre_compile.c Crafted Pattern Handling Overflow
|
|
47006
Description:
(Description Provided by CVE) : RSS-aggregator 1.0 does not require administrative authentication for the admin/fonctions/ directory, which allows remote attackers to access admin functions and have unspecified other impact, as demonstrated by (1) an IdFlux request to supprimer_flux.php and (2) a TpsRafraich request to modifier_tps_rafraich.php.
|
2008-06-30
|
RSS-aggregator admin/fonctions/ Direct Request Administrator Authentication Bypass
|
|
53494
Description:
Unknown / Incomplete
|
2008-06-30
|
Wordtrans exec_wordtrans Function Arbitrary Command Execution
|
|
46574
Description:
eSHOP100 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'SUB' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-06-30
|
eSHOP100 index.php SUB Parameter SQL Injection
|
|
46580
Description:
BareNuked CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/index.php' script not properly sanitizing user-supplied input to the 'password' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-06-30
|
BareNuked CMS admin/index.php password Parameter SQL Injection
|
|
46692
Description:
(Description Provided by CVE) : Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.
|
2008-06-30
|
Soldner Secret Wars Crafted UDP Packet Handling Remote DoS
|
|
46637
Description:
(Description Provided by CVE) : Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.
|
2008-06-30
|
Pivot search.php t Parameter Traversal Arbitrary File Access
|
|
46636
Description:
HIOX Banner Rotator (HBR) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'hioxBannerRotate.php' script not properly sanitizing user input supplied to the 'hm' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2008-06-30
|
HIOX Banner Rotator (HBR) hioxBannerRotate.php hm Parameter Remote File Inclusion
|
|
46881
Description:
(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.
|
2008-06-30
|
myBloggie admin.php Edit Actions CSRF
|
|
46884
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
|
2008-06-30
|
FaName index.php Multiple Parameter XSS
|
|
46885
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.
|
2008-06-30
|
FaName page.php name Parameter XSS
|
|
46886
Description:
FaName contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'class/page.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2008-06-30
|
FaName class/page.php id Parameter SQL Injection
|
|
46887
Description:
(Description Provided by CVE) : class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
|
2008-06-30
|
FaName class/page.php id Variable Error Message Path Disclosure
|
|
46888
Description:
RSS-aggregator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/fonctions/supprimer_flux.php' script not properly sanitizing user-supplied input to the 'IdFlux' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2008-06-30
|
RSS-aggregator admin/fonctions/supprimer_flux.php IdFlux Parameter SQL Injection
|
|
46889
Description:
RSS-aggregator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/fonctions/supprimer_tag.php' script not properly sanitizing user-supplied input to the 'IdTag' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2008-06-30
|
RSS-aggregator admin/fonctions/supprimer_tag.php IdTag Parameter SQL Injection
|
|
46986
Description:
(Description Provided by CVE) : Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
|
2008-06-30
|
Mercurial patch.py Patch File Traversal Arbitrary File Access
|
|
47052
Description:
pSys contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'chatbox.php' script not properly sanitizing user-supplied input to the 'showid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2008-06-30
|
pSys chatbox.php showid Parameter SQL Injection
|
|
47467
Description:
(Description Provided by CVE) : Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.
|
2008-06-30
|
GnuTLS lib/gnutls_handshake.c _gnutls_handshake_hash_buffers_clear Function Remote DoS
|
|
47849
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value paramter in the news page and (2) webpage parameter in the webpage_multi_edit form.
|
2008-06-30
|
Catviz index.php Multiple Parameter SQL Injection
|
|
48850
Description:
Unknown / Incomplete
|
2008-06-30
|
Schoorbs Unspecified SQL Injection
|
|
50129
Description:
Acmlmboard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'memberlist.php' script not properly sanitizing user-supplied input to the 'pow' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2008-06-30
|
Acmlmboard memberlist.php pow Parameter SQL Injection
|
|
46632
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
|
2008-06-29
|
GraphicsMagick GetImageCharacteristics() Function File Comment Handling DoS
|
|
46633
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.
|
2008-06-29
|
GraphicsMagick Multiple Decoders Unspecified DoS
|
|
46709
Description:
Unknown / Incomplete
|
2008-06-29
|
Direct Web Remoting (DWR) Multiple Unspecified XSS
|
|
48871
Description:
Unknown / Incomplete
|
2008-06-28
|
LimeSurvey Multiple Unspecified Major Issues
|
|
46626
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the IPureServer::_Recieve function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to execute arbitrary code via a compressed 0x39 packet, which is decompressed by the NET_Compressor::Decompress function.
|
2008-06-28
|
S.T.A.L.K.E.R.: Shadow of Chernobyl IPureServer::_Recieve Function Remote Overflow
|
|
46627
Description:
(Description Provided by CVE) : Integer overflow in the NET_Compressor::Decompress function in S.T.A.L.K.E.R.: Shadow of Chernobyl 1.0006 and earlier allows remote attackers to cause a denial of service (server crash) via a crafted packet with a 0xc1 value that contains no compressed data, which triggers a copy of a large amount of memory.
|
2008-06-28
|
S.T.A.L.K.E.R.: Shadow of Chernobyl NET_Compressor::Decompress Function Remote Overflow DoS
|