| OSVDB ID | Disclosure Date | Title |
|---|
|
47864
Description:
Web Directory Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'site' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-08-31
|
Web Directory Script index.php site Variable SQL Injection
|
|
47912
Description:
Words Tag contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'word' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-08-31
|
Words Tag index.php word Variable SQL Injection
|
|
48047
Description:
(Description Provided by CVE) : src/main-win.c in GPicView 0.1.9 in Lightweight X11 Desktop Environment (LXDE) allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
|
2008-08-31
|
LXDE GPicView src/main-win.c Shell Metacharacter Arbitrary Command Execution
|
|
48167
Description:
myPHPNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'sid' variables upon submission to the 'print.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2008-08-31
|
myPHPNuke print.php sid Variable XSS
|
|
48471
Description:
(Description Provided by CVE) : The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a crafted read system call for the /proc/sys/sunrpc/transports file.
|
2008-08-30
|
Linux Kernel net/sunrpc/sysctl.c proc_do_xprt Function Local Overflow
|
|
48254
Description:
(Description Provided by CVE) : The VMware Consolidated Backup (VCB) command-line utilities in VMware ESX 3.0.1 through 3.0.3 and ESX 3.5 place a password on the command line, which allows local users to obtain sensitive information by listing the process.
|
2008-08-30
|
VMware ESX / ESXi VMware Consolidated Backup (VCB) Multiple Utility Command Line Cleartext Password Disclosure
|
|
48158
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long XML entity name.
|
2008-08-30
|
libxml2 parser.c xmlParseAttValueComplex Function XML Entity Name Handling DoS
|
|
48247
Description:
(Description Provided by CVE) : Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
|
2008-08-30
|
VMware Multiple Products Unspecified ActiveX Unspecified Issue (1)
|
|
48248
Description:
(Description Provided by CVE) : Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
|
2008-08-30
|
VMware Multiple Products Unspecified ActiveX Unspecified Issue (2)
|
|
48249
Description:
(Description Provided by CVE) : Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3694, CVE-2008-3695, and CVE-2008-3696.
|
2008-08-30
|
VMware Multiple Products Unspecified ActiveX Unspecified Issue (3)
|
|
48250
Description:
(Description Provided by CVE) : Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3695, and CVE-2008-3696.
|
2008-08-30
|
VMware Multiple Products Unspecified ActiveX Unspecified Issue (4)
|
|
48251
Description:
(Description Provided by CVE) : Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3696.
|
2008-08-30
|
VMware Multiple Products Unspecified ActiveX Unspecified Issue (5)
|
|
48246
Description:
(Description Provided by CVE) : Unspecified vulnerability in a certain ActiveX control in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 has unknown impact and remote attack vectors, a different vulnerability than CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, and CVE-2008-3695.
|
2008-08-30
|
VMware Multiple Products Unspecified ActiveX Unspecified Issue (6)
|
|
48253
Description:
(Description Provided by CVE) : Unspecified vulnerability in the OpenProcess function in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 on Windows allows local host OS users to gain privileges on the host OS via unknown vectors.
|
2008-08-30
|
VMware Workstation OpenProcess Function Local Privilege Escalation
|
|
48252
Description:
(Description Provided by CVE) : An unspecified ISAPI extension in VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (IIS crash) via a malformed request.
|
2008-08-30
|
VMware Server Unspecified ISAPI Extension Malformed Request Remote DoS
|
|
48435
Description:
(Description Provided by CVE) : Buffer overflow in a certain ActiveX control in the COM API in VMware Workstation 5.5.x before 5.5.8 build 108000, VMware Workstation 6.0.x before 6.0.5 build 109488, VMware Player 1.x before 1.0.8 build 108000, VMware Player 2.x before 2.0.5 build 109488, VMware ACE 1.x before 1.0.7 build 108880, VMware ACE 2.x before 2.0.5 build 109488, and VMware Server before 1.0.7 build 108231 allows remote attackers to cause a denial of service (browser crash) or possibly execute arbitrary code via a call to the GuestInfo method in which there is a long string argument, and an assignment of a long string value to the result of this call. NOTE: this may overlap CVE-2008-3691, CVE-2008-3692, CVE-2008-3693, CVE-2008-3694, CVE-2008-3695, or CVE-2008-3696.
|
2008-08-30
|
VMware Multiple Products COM API ActiveX GuestInfo Method Overflow
|
|
47862
Description:
(Description Provided by CVE) : Stack-based buffer overflow in Acoustica Beatcraft 1.02 Build 19 allows user-assisted attackers to cause a denial of service or execute arbitrary code via a Beatcraft Project (aka bcproj) file with a long string in a certain instruments title field.
|
2008-08-30
|
Beatcraft Crafted BCPROJ File Handling Overflow
|
|
47860
Description:
Brim contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'value' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-08-30
|
Tasks Plugin for Brim index.php value Variable SQL Injection
|
|
47861
Description:
Brim contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2008-08-30
|
Bookmarks Plugin for Brim index.php name Variable XSS
|
|
47882
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php.
|
2008-08-30
|
@Mail parse.php Multiple Variable XSS
|
|
47883
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php.
|
2008-08-30
|
@Mail showmail.php start Variable XSS
|
|
47884
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in @Mail 5.42 allow remote attackers to inject arbitrary web script or HTML via the (1) file and (2) HelpFile parameters to parse.php, the (3) Folder and (4) start parameters to showmail.php, and the (5) abookview parameter to abook.php.
|
2008-08-30
|
@Mail abook.php abookview Variable XSS
|
|
48165
Description:
myPHPNuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'printfeature.php' script not properly sanitizing user-supplied input to the 'artid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2008-08-30
|
myPHPNuke printfeature.php artid Variable SQL Injection
|
|
48159
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell Identity Manager (IDM) ForgotPassword.jsf rtnaddr Attribute XSS
|
|
48160
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell Identity Manager (IDM) Detail Portlet Unspecified XSS
|
|
48161
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell Identity Manager (IDM) Request & Approval Forms Unspecified XSS
|
|
48162
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell Identity Manager (IDM) Portal Unspecified XSS
|
|
48212
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory SCRIPTS Ndsconfig Upgrade Unspecified Password Bypass
|
|
48209
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory HTTPSDK Unspecified XSS
|
|
48208
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory LDAP on Windows Unspecified Memory Corruption DoS
|
|
48207
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory LDAP Unspecified Overflow
|
|
48206
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory NDS on Windows Unspecified Remote Memory Corruption
|
|
48205
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory NDS Object Manipulation ACL Modification Weakness
|
|
48204
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory NDS Unspecified Heap Overflow
|
|
48211
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory HTTPSDK Length Header Handling Overflow
|
|
48210
Description:
Unknown / Incomplete
|
2008-08-29
|
Novell eDirectory HTTPSDK Language Header Handling Overflow
|
|
48350
Description:
(Description Provided by CVE) : SQL injection vulnerability in xmlout.php in Invision Power Board (IP.Board or IPB) 2.2.x and 2.3.x allows remote attackers to execute arbitrary SQL commands via the name parameter.
|
2008-08-29
|
Invision Power Board sources/action_public/xmlout.php name Variable SQL Injection
|
|
48351
Description:
Unknown / Incomplete
|
2008-08-29
|
Invision Power Board SQL Password Client Brute Force Weakness
|
|
48352
Description:
Unknown / Incomplete
|
2008-08-29
|
Invision Power Board Referer Header SID Disclosure Admin Session Hijacking
|
|
48353
Description:
Unknown / Incomplete
|
2008-08-29
|
Invision Power Board Deep Recursion Protection Bypass
|
