| OSVDB ID | Disclosure Date | Title |
|---|
|
48803
Description:
Unknown / Incomplete
|
2008-09-30
|
Xen XenStore DomU Domain Unauthorized Variable Overwrite
|
|
48726
Description:
BookMarks Favourites Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view_group.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-09-30
|
BookMarks Favourites Script view_group.php id Parameter SQL Injection
|
|
48743
Description:
Unknown / Incomplete
|
2008-09-30
|
Linux Kernel arch/x86/kernel/vmi_32.c vmi_write_ldt_entry() Function Local Privilege Escalation
|
|
54292
Description:
Unknown / Incomplete
|
2008-09-30
|
Microsoft ActiveSync RNDIS over USB System Lock Bypass
|
|
54291
Description:
(Description Provided by CVE) : Session fixation vulnerability in moziloWiki 1.0.1 and earlier allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.
|
2008-09-30
|
moziloWiki PHPSESSID Parameter Session Fixation
|
|
48661
Description:
Unknown / Incomplete
|
2008-09-30
|
Post Comments Script PostCommentsAdmin Cookie Admin Authentication Bypass
|
|
48634
Description:
(Description Provided by CVE) : Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.
|
2008-09-30
|
Autodesk Design Review DWF Viewer AdView.AdViewer.1 ActiveX (AdView.dll) SaveAs Method Arbitrary File Overwrite
|
|
48645
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
|
2008-09-30
|
moziloCMS index.php Multiple Parameter XSS
|
|
48646
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
|
2008-09-30
|
moziloCMS download.php Multiple Parameter XSS
|
|
48648
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in moziloCMS 1.10.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) page and (2) query parameters to (a) index.php, (3) cat and (4) file parameters to (b) download.php, (5) gal parameter to gallery.php, and the (6) URL to admin/login.php.
|
2008-09-30
|
moziloCMS admin/login.php URL XSS
|
|
48649
Description:
Unknown / Incomplete
|
2008-09-30
|
moziloCMS Unspecified CSRF
|
|
48655
Description:
(Description Provided by CVE) : Directory traversal vulnerability in index.php in Pritlog 0.4 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter in a viewEntry action.
|
2008-09-30
|
Pritlog index.php filename Parameter Traversal Arbitrary File Access
|
|
48656
Description:
(Description Provided by CVE) : The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
|
2008-09-30
|
GdPicture Pro Imaging SDK GdPicturePro5S.Imaging ActiveX (gdpicturepro5s.ocx) SaveAsPDF Method Arbitrary File Overwrite
|
|
48659
Description:
FAQ Management Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'catid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-09-30
|
FAQ Management Script index.php catid Parameter SQL Injection
|
|
48657
Description:
(Description Provided by CVE) : The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.
|
2008-09-30
|
GdPicture Light Imaging Toolkit GdPicture4S.Imaging ActiveX (gdpicture4s.ocx) SaveAsPDF Method Arbitrary File Overwrite
|
|
48730
Description:
Trend Micro OfficeScan contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a HTTP GET request containing dot dot slash directory traversal, which will disclose arbitrary files as the SYSTEM account, resulting in a loss of confidentiality.
|
2008-09-30
|
Trend Micro OfficeScan OfficeScanNT Listener Traversal Arbitrary File Access
|
|
48687
Description:
Celoxis contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'ni.smessage' parameters upon submission to the 'user.do' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2008-09-30
|
Celoxis user.do ni.smessage Parameter XSS
|
|
48774
Description:
(Description Provided by CVE) : Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.
|
2008-09-30
|
Avaya CMS Solaris ACL for UFS File Systems NULL Dereference Local DoS
|
|
48878
Description:
(Description Provided by CVE) : A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.
|
2008-09-30
|
Fedora Linux Kernel utrace Subsystem utrace_control Function Local DoS
|
|
48886
Description:
(Description Provided by CVE) : lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.
|
2008-09-30
|
lighttpd url.redirect / url.rewrite URL Decoding Remote Security Bypass
|
|
48889
Description:
(Description Provided by CVE) : mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.
|
2008-09-30
|
lighttpd mod_userdir Filename Component Case Mismatch Remote Access Restriction Bypass
|
|
48894
Description:
(Description Provided by CVE) : xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.
|
2008-09-30
|
libvirt xenstore /local/domain/ Subdirectory Xen Guest VM File Modification
|
|
48901
Description:
(Description Provided by CVE) : The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247.
|
2008-09-30
|
Linux Kernel VMI arch/x86/kernel/vmi_32.c vmi_write_ldt_entry Function Crafted Function Calls Local DoS
|
|
49047
Description:
(Description Provided by CVE) : The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.
|
2008-09-30
|
LiveUpdate UpdateEngine ActiveX (LiveUpdate16.DLL) ApplyPatch Method Arbitrary Program Execution
|
|
49727
Description:
(Description Provided by CVE) : Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
|
2008-09-30
|
KDE Konqueror Crafted URL-encoded String alert Function DoS
|
|
50077
Description:
(Description Provided by CVE) : The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via unspecified vectors, related to sctp_sf_violation_paramlen, sctp_sf_abort_violation, sctp_make_abort_violation, and incorrect data types in function calls.
|
2008-09-30
|
Linux Kernel sctp Protocol Violation Handling Multiple Function Calls Unspecified Remote DoS
|
|
50125
Description:
(Description Provided by CVE) : webseald in WebSEAL 6.0.0.17 in IBM Tivoli Access Manager for e-business allows remote attackers to cause a denial of service (crash or hang) via HTTP requests, as demonstrated by a McAfee vulnerability scan.
|
2008-09-30
|
IBM Tivoli Access Manager WebSEAL webseald Daemon Crafted HTTP Message Handling Remote DoS
|
|
51757
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
|
2008-09-30
|
Micronation Banking System utdb_access.php minsoft_path Parameter Remote File Inclusion
|
|
51758
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Micronation Banking System (minba) 1.5.0 allow remote attackers to execute arbitrary PHP code via a URL in the minsoft_path parameter to (1) utdb_access.php and (2) utgn_message.php in utility/.
|
2008-09-30
|
Micronation Banking System utgn_message.php minsoft_path Parameter Remote File Inclusion
|
|
51759
Description:
(Description Provided by CVE) : SG Real Estate Portal 2.0 allows remote attackers to bypass authentication and gain administrative access by setting the Auth cookie to 1.
|
2008-09-30
|
Real Estate Portal Auth Cookie Manipulation Admin Access Bypass
|
|
51760
Description:
Rianxosencabos CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'scripts/links.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-09-30
|
Rianxosencabos CMS scripts/links.php id Parameter SQL Injection
|
|
51877
Description:
Unknown / Incomplete
|
2008-09-30
|
Printlog index.php filename Parameter NULL Byte Request Arbitrary Script Source Disclosure
|
|
51900
Description:
Unknown / Incomplete
|
2008-09-30
|
phpMyID MyID.php openid_return_to Parameter Arbitrary Site Redirect
|
|
51948
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.
|
2008-09-30
|
Real Estate Portal index.php Multiple Parameter Traversal Arbitrary File Access
|
|
51949
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in SG Real Estate Portal 2.0 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) mod, (2) page, or (3) lang parameter to index.php; or the (4) action or (5) folder parameter in a security request to admin/index.php.
|
2008-09-30
|
Real Estate Portal admin/index.php Multiple Parameter Traversal Arbitrary File Access
|
|
51950
Description:
Real Estate Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'page_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-09-30
|
Real Estate Portal index.php page_id Parameter SQL Injection
|
|
48755
Description:
XAMPP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the dbserver, host, user, password, database, and table parameters upon submission to the adodb.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2008-09-29
|
XAMPP adodb.php Multiple Parameter XSS
|
|
52644
Description:
Unknown / Incomplete
|
2008-09-29
|
Opera Window Object Suppressing Remote DoS
|
|
57065
Description:
Unknown / Incomplete
|
2008-09-29
|
Google Chrome window.open DMK.alert DoS
|
|
57066
Description:
Unknown / Incomplete
|
2008-09-29
|
Apple Safari window.open DMK.alert DoS
|
