| OSVDB ID | Disclosure Date | Title |
|---|
|
54075
Description:
Phorum contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions for the forum posting functionality in posting.php. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2009-03-11
|
Phorum posting.php Forum Post CSRF
|
|
56444
Description:
(Description Provided by CVE) : The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of an ICMP Host Unreachable message, which allows remote attackers to cause a denial of service (connectivity outage) by sending a large series of packets to many destination IP addresses within this REJECT route, related to an "rt_cache leak."
|
2009-03-11
|
Linux Kernel net/ipv4/icmp.c icmp_send Function REJECT Route Remote DoS
|
|
52616
Description:
(Description Provided by CVE) : Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request.
|
2009-03-11
|
IBM Director CIM Server /CIMListener/ Traversal Arbitrary File Execution Local Privilege Escalation
|
|
52523
Description:
Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified handle validation flaw in the kernel. This flaw may lead to a loss of integrity.
|
2009-03-11
|
Microsoft Windows Handle Validation Local Privilege Escalation
|
|
52524
Description:
Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified flaw in the kernel related to invalid pointers. This flaw may lead to a loss of integrity.
|
2009-03-11
|
Microsoft Windows Invalid Pointer Local Privilege Escalation
|
|
56281
Description:
Unknown / Incomplete
|
2009-03-11
|
Adobe Flash Player Plug-in Unspecified NULL Pointer Dereference DoS
|
|
52519
Description:
Windows contains a flaw that may allow a malicious user to spoof a WPAD (Web Proxy Auto-Discovery) DNS record. The issue is caused by the DNS server allowing any client to register a WPAD entry in DNS. It is possible that the flaw may allow a malicious proxy to redirect Internet traffic resulting in a loss of integrity.
|
2009-03-11
|
Microsoft Windows DNS Server WPAD Registration Dynamic Update MiTM Weakness
|
|
52521
Description:
Windows contains a flaw that may allow a malicious user to authenticate against a protected server using only the public portion of a valid user's credential. The issue is triggered by weak certificate validation by the SChannel security component. It is possible that the flaw may allow unauthorized access to protected servers resulting in a loss of integrity.
|
2009-03-11
|
Microsoft Windows SChannel Certificate Based Authentication Spoofing Bypass
|
|
52533
Description:
Unknown / Incomplete
|
2009-03-11
|
OpenPHPnuke SQLite Abstraction Layer SQL Injection
|
|
52552
Description:
(Description Provided by CVE) : The PDF XSS protection feature in ModSecurity before 2.5.8 allows remote attackers to cause a denial of service (Apache httpd crash) via a request for a PDF file that does not use the GET method.
|
2009-03-11
|
ModSecurity (mod_security) PDF XSS Protection Implementation Crafted HTTP Request Handling DoS
|
|
52551
Description:
Maarch contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'login' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-11
|
Maarch login.php login Parameter SQL Injection
|
|
52553
Description:
(Description Provided by CVE) : The multipart processor in ModSecurity before 2.5.9 allows remote attackers to cause a denial of service (crash) via a multipart form datapost request with a missing part header name, which triggers a NULL pointer dereference.
|
2009-03-11
|
ModSecurity (mod_security) Multipart Request Header Name Handling DoS
|
|
55260
Description:
Trellis Desk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the keywords variables upon submission to the sources/article.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-03-11
|
Trellis Desk Search Box XSS
|
|
52522
Description:
An unspecified remote code execution flaw exists in Window. The GDI kernel interface fails to validate WMF and EMF graphics files resulting in arbitrary code execution. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2009-03-10
|
Microsoft Windows GDI Kernel Component Unspecified Remote Code Execution
|
|
55624
Description:
WebBid contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the cron.php script not properly sanitizing user input supplied to the include_path parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-03-10
|
WeBid cron.php include_path Parameter Remote File Inclusion
|
|
55625
Description:
WeBid contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/ST_browsers.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-03-10
|
WeBid /admin/ST_browsers.php include_path Parameter Remote File Inclusion
|
|
55626
Description:
WeBid contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/ST_countries.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-03-10
|
WeBid /admin/ST_countries.php include_path Parameter Remote File Inclusion
|
|
55627
Description:
WeBid contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/ST_platforms.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-03-10
|
WeBid /admin/ST_platforms.php include_path Parameter Remote File Inclusion
|
|
52568
Description:
(Description Provided by CVE) : The SIP channel driver in Asterisk Open Source 1.4.22, 1.4.23, and 1.4.23.1; 1.6.0 before 1.6.0.6; 1.6.1 before 1.6.1.0-rc2; and Asterisk Business Edition C.2.3, with the pedantic option enabled, allows remote authenticated users to cause a denial of service (crash) via a SIP INVITE request without any headers, which triggers a NULL pointer dereference in the (1) sip_uri_headers_cmp and (2) sip_uri_params_cmp functions.
|
2009-03-10
|
Asterisk SIP Channel Driver Pedantic Functionality Malformed SIP INVITE Message Remote DoS
|
|
56368
Description:
(Description Provided by CVE) : The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
|
2009-03-10
|
Roundup cgi/actions.py EditCSVAction Function Arbitrary Saved Query Manipulation
|
|
52517
Description:
Windows contains a flaw that may allow a malicious user to spoof DNS records. The issue is triggered by the use of predictable transaction IDs in the Windows DNS Server. It is possible that the flaw may allow DNS cache poisoning resulting in a loss of integrity.
|
2009-03-10
|
Microsoft Windows DNS Server Query Validation Spoofing
|
|
52518
Description:
Windows contains a flaw that may allow a malicious user to poison its DNS cache. The issue is triggered by a weakness which allows for predictable transaction IDs, allowing spoofed records to be stored in the DNS cache. It is possible that the flaw may allow DNS cache poisoning resulting in a loss of integrity.
|
2009-03-10
|
Microsoft Windows DNS Server Response Response Validation Transaction ID Prediction Weakness
|
|
52617
Description:
(Description Provided by CVE) : Heap-based buffer overflow in adsmdll.dll 5.3.7.7296, as used by the daemon (dsmsvc.exe) in the backup server in IBM Tivoli Storage Manager (TSM) Express 5.3.7.3 and earlier and TSM 5.2, 5.3 before 5.3.6.0, and 5.4.0.0 through 5.4.4.0, allows remote attackers to execute arbitrary code via a crafted length value.
|
2009-03-10
|
IBM Tivoli Storage Manager (TSM) Express adsmdll.dll Length Value Handling Remote Overflow
|
|
52615
Description:
(Description Provided by CVE) : The CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to cause a denial of service (daemon crash) via a long consumer name, as demonstrated by an M-POST request to a long /CIMListener/ URI.
|
2009-03-10
|
IBM Director CIM Server /CIMListener/ Consumer Name Handling Overflow Remote DoS
|
|
52561
Description:
(Description Provided by CVE) : Race condition in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allows local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors involving the time at which control is transferred from a caller to a door server.
|
2009-03-10
|
Solaris Kernel Doors Subsystem Multiple Unspecified Local DoS
|
|
52562
Description:
Unknown / Incomplete
|
2009-03-10
|
Solaris Kernel Doors Subsystem Unspecified Local Cross-zone File Access
|
|
52563
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the Doors subsystem in the kernel in Sun Solaris 8 through 10, and OpenSolaris before snv_94, allow local users to cause a denial of service (process hang), or possibly bypass file permissions or gain kernel-context privileges, via vectors including ones related to (1) an argument handling deadlock in a door server and (2) watchpoint problems in the door_call function.
|
2009-03-10
|
Solaris Kernel Doors Subsystem Unspecified Local Privilege Escalation
|
|
52580
Description:
(Description Provided by CVE) : Sun xVM VirtualBox 2.0.0, 2.0.2, 2.0.4, 2.0.6r39760, 2.1.0, 2.1.2, and 2.1.4r42893 on Linux allows local users to gain privileges via a hardlink attack, which preserves setuid/setgid bits on Linux, related to DT_RPATH:$ORIGIN.
|
2009-03-10
|
Sun xVM VirtualBox for Linux Unspecified Local Privilege Escalation
|
|
52520
Description:
(Description Provided by CVE) : The WINS server in Microsoft Windows 2000 SP4 and Server 2003 SP1 and SP2 does not restrict registration of the (1) "wpad" and (2) "isatap" NetBIOS names, which allows remote authenticated users to hijack the Web Proxy Auto-Discovery (WPAD) and Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) features, and conduct man-in-the-middle attacks by spoofing a proxy server or ISATAP route, by registering one of these names in the WINS database, aka "WPAD WINS Server Registration Vulnerability," a related issue to CVE-2007-1692.
|
2009-03-10
|
Microsoft Windows WPAD WINS Server Registration Web Proxy MiTM Weakness
|
|
55614
Description:
(Description Provided by CVE) : Stack-based buffer overflow in Foxit Reader 3.0 before Build 1506, including 1120 and 1301, allows remote attackers to execute arbitrary code via a long (1) relative path or (2) absolute path in the filename argument in an action, as demonstrated by the "Open/Execute a file" action.
|
2009-03-10
|
Foxit Reader Filename Argument Handling Overflow
|
|
57150
Description:
Unknown / Incomplete
|
2009-03-10
|
RoundCube Webmail Vcard Export Unspecified Issue
|
|
53622
Description:
Addonics NAS Adapter's Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when an authenticated user sends a post request to nas.cgi with a long string, and will result in loss of availability for the platform.
|
2009-03-10
|
Addonics NAS Adapter nas.cgi Multiple Parameter Overflow DoS
|
|
56300
Description:
Unknown / Incomplete
|
2009-03-10
|
PC Tools iAntiVirus for Mac OS X SIT / DMG Archive Scan Bypass
|
|
56301
Description:
Unknown / Incomplete
|
2009-03-10
|
PC Tools iAntiVirus for Mac OS X Filename Special Character Handling Weakness
|
|
56302
Description:
Unknown / Incomplete
|
2009-03-10
|
PC Tools iAntiVirus for Mac OS X Quarantine-management Cross-user File Restoration
|
|
56303
Description:
Unknown / Incomplete
|
2009-03-10
|
PC Tools iAntiVirus for Mac OS X OnGuard Multi-user Protection Weakness
|
|
52527
Description:
MP Form Mail CGI contains an unspecified flaw that may allow an attacker to bypass restrictions and gain admin access. No further details have been provided.
|
2009-03-10
|
MP Form Mail CGI Unspecified Admin Access Restriction Bypass
|
|
52525
Description:
WEBJump! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'portfolio_genre.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-10
|
WEBJump! portfolio_genre.php id Parameter SQL Injection
|
|
52889
Description:
A remote attacker can inject a specially crafted XML entity through the web browser to exploit the server. It would be possible for the attacker to read files stored locally on the server by doing this.
|
2009-03-10
|
NextApp Echo2 Engine External Entity (XXE) Data Parsing Arbitrary File Access
|
|
52842
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Mahara 1.0 before 1.0.10 and 1.1 before 1.1.2 allow remote attackers to inject arbitrary web script or HTML via a (1) profile and (2) blog, a different vulnerability than CVE-2009-0487.
|
2009-03-10
|
Mahara Profile Functionality Unspecified XSS
|
