| OSVDB ID | Disclosure Date | Title |
|---|
|
53227
Description:
(Description Provided by CVE) : CRLF injection vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the (1) c_type and possibly (2) file_type parameters.
|
2009-03-24
|
phpMyAdmin BLOB Streaming Feature bs_disp_as_mime_type.php Multiple Parameter HTTP Response Splitting
|
|
56412
Description:
(Description Provided by CVE) : Multiple integer overflows in icc.c in the International Color Consortium (ICC) Format library (aka icclib), as used in Ghostscript 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and earlier, allow context-dependent attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly execute arbitrary code by using a device file for a translation request that operates on a crafted image file and targets a certain "native color space," related to an ICC profile in a (1) PostScript or (2) PDF file with embedded images. NOTE: this issue exists because of an incomplete fix for CVE-2009-0583.
|
2009-03-24
|
International Color Consortium (ICC) Format library (icclib) Native Color Space Handling Overflow
|
|
52958
Description:
A buffer overflow exists in IBM Access Support ActiveX control. IbmEgath.dll fails to validate data passed to the GetXMLValue() method resulting in a stack overflow. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2009-03-24
|
IBM Access Support ActiveX (IbmEgath.dll) GetXMLValue() Method Overflow
|
|
52858
Description:
Jinzora contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the 'name' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.
|
2009-03-24
|
Jinzora index.php name Parameter Traversal Local File Inclusion
|
|
53693
Description:
pam_ssh contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when "pam_ssh" returning different password prompts depending on whether or not a valid user name is supplied, which will disclose user information resulting in a loss of confidentiality.
|
2009-03-24
|
pam_ssh Login Prompt Remote Username Enumeration
|
|
53486
Description:
(Description Provided by CVE) : The Device Mapper multipathing driver (aka multipath-tools or device-mapper-multipath) 0.4.8, as used in SUSE openSUSE, SUSE Linux Enterprise Server (SLES), Fedora, and possibly other operating systems, uses world-writable permissions for the socket file (aka /var/run/multipathd.sock), which allows local users to send arbitrary commands to the multipath daemon.
|
2009-03-24
|
multipath-tools in SUSE /var/run/multipathd.sock Multipath Daemon Local Arbitrary Command Execution
|
|
53490
Description:
PHPizabi contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'theme/default/proc.inc.php' script not properly sanitizing user-supplied input to the 'notepad_body' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-24
|
PHPizabi theme/default/proc.inc.php notepad_body Parameter SQL Injection
|
|
54565
Description:
(Description Provided by CVE) : Directory traversal vulnerability in bom.php in MyPic 2.1 allows remote attackers to list files in arbitrary directories via a .. (dot dot) in the dir parameter.
|
2009-03-24
|
MyPic bom.php dir Parameter Traversal Arbitrary Directory Access
|
|
59825
Description:
(Description Provided by CVE) : Multiple integer overflows in Poppler 0.10.5 and earlier allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file, related to (1) glib/poppler-page.cc; (2) ArthurOutputDev.cc, (3) CairoOutputDev.cc, (4) GfxState.cc, (5) JBIG2Stream.cc, (6) PSOutputDev.cc, and (7) SplashOutputDev.cc in poppler/; and (8) SplashBitmap.cc, (9) Splash.cc, and (10) SplashFTFont.cc in splash/. NOTE: this may overlap CVE-2009-0791.
|
2009-03-24
|
Poppler PDF Handling Multiple Unspecified Overflows
|
|
53164
Description:
(Description Provided by CVE) : LdapCtx in the LDAP service in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier does not close the connection when initialization fails, which allows remote attackers to cause a denial of service (LDAP service hang).
|
2009-03-23
|
Sun Java JDK / JRE LDAP Service LdapCtx Connection Persistence Remote DoS
|
|
53165
Description:
(Description Provided by CVE) : Unspecified vulnerability in the LDAP implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; SDK and JRE 1.3.1_24 and earlier; and 1.4.2_19 and earlier allows remote LDAP servers to execute arbitrary code via unknown vectors related to serialized data.
|
2009-03-23
|
Sun Java JDK / JRE LDAP Implementation Serialized Data Unspecified Arbitrary Code Execution
|
|
53166
Description:
(Description Provided by CVE) : Integer overflow in unpack200 in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via a JAR file with crafted Pack200 headers.
|
2009-03-23
|
Sun Java JDK / JRE unpack200 JAR File Pack200 Header Handling Multiple Overflows
|
|
53167
Description:
(Description Provided by CVE) : Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
|
2009-03-23
|
Sun Java JDK / JRE Splash Screen PNG Image Handling Overflow
|
|
53169
Description:
(Description Provided by CVE) : Integer signedness error in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allows remote attackers to access files or execute arbitrary code via crafted glyph descriptions in a Type1 font, which bypasses a signed comparison and triggers a buffer overflow.
|
2009-03-23
|
Sun Java JDK / JRE Type1 Font Glyph Description Handling Overflow
|
|
53170
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.
|
2009-03-23
|
Sun Java JDK / JRE Temporary Font File Creation Limit Unspecified Disk Consumption DoS
|
|
53172
Description:
(Description Provided by CVE) : Unspecified vulnerability in the lightweight HTTP server implementation in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to cause a denial of service (probably resource consumption) for a JAX-WS service endpoint via a connection without any data, which triggers a file descriptor "leak."
|
2009-03-23
|
Sun Java JDK / JRE Lightweight HTTP Server Implementation JAX-WS Service Endpoint Crafted Connection Remote DoS
|
|
53173
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Virtual Machine in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "code generation."
|
2009-03-23
|
Sun Java JDK / JRE Virtual Machine Code Generation Unspecified Remote Privilege Escalation
|
|
53174
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; 1.4.2_19 and earlier; and 1.3.1_24 and earlier allows remote attackers to access files and execute arbitrary code via unknown vectors related to "deserializing applets," aka CR 6646860.
|
2009-03-23
|
Sun Java JDK / JRE Java Plug-in Deserializing Applets Unspecified Remote Privilege Escalation
|
|
53175
Description:
(Description Provided by CVE) : The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier; 6 Update 12 and earlier; and 1.4.2_19 and earlier does not prevent Javascript that is loaded from the localhost from connecting to other ports on the system, which allows user-assisted attackers to bypass intended access restrictions via LiveConnect, aka CR 6724331. NOTE: this vulnerability can be leveraged with separate cross-site scripting (XSS) vulnerabilities for remote attack vectors.
|
2009-03-23
|
Sun Java JDK / JRE Java Plug-in LiveConnect Localhost Restriction Bypass
|
|
53176
Description:
(Description Provided by CVE) : The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 allows user-assisted remote attackers to cause a trusted applet to run in an older JRE version, which can be used to exploit vulnerabilities in that older version, aka CR 6706490.
|
2009-03-23
|
Sun Java JDK / JRE Java Plug-in Applet Execution Version Regression Weakness
|
|
53177
Description:
(Description Provided by CVE) : The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12, 11, and 10 does not properly parse crossdomain.xml files, which allows remote attackers to bypass intended access restrictions and connect to arbitrary sites via unknown vectors, aka CR 6798948.
|
2009-03-23
|
Sun Java JDK / JRE Java Plug-in crossdomain.xml Parsing Restriction Bypass
|
|
53178
Description:
(Description Provided by CVE) : The Java Plug-in in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier, and 5.0 Update 17 and earlier, allows remote attackers to trick a user into trusting a signed applet via unknown vectors that misrepresent the security warning dialog, related to a "Swing JLabel HTML parsing vulnerability," aka CR 6782871.
|
2009-03-23
|
Sun Java JDK / JRE Java Plug-in Swing JLabel HTML Parsing Signed Applet Trust Weakness
|
|
53168
Description:
(Description Provided by CVE) : Multiple buffer overflows in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 6 Update 12 and earlier allow remote attackers to access files or execute arbitrary code via (1) a crafted PNG image that triggers an integer overflow during memory allocation for display on the splash screen, aka CR 6804996; and (2) a crafted GIF image from which unspecified values are used in calculation of offsets, leading to object-pointer corruption, aka CR 6804997.
|
2009-03-23
|
Sun Java JDK / JRE GIF Image Handling Overflows
|
|
53171
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Java SE Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 17 and earlier, and 6 Update 12 and earlier, allow remote attackers to cause a denial of service (disk consumption) via vectors related to temporary font files and (1) "limits on Font creation," aka CR 6522586, and (2) another unspecified vector, aka CR 6632886.
|
2009-03-23
|
Sun Java JDK / JRE Temporary Font File Unspecified Disk Consumption DoS (6632886)
|
|
55440
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator IPSec Tunnel Configuration Restriction Bypass
|
|
55441
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator IDS/IPS SIP Packet Security Protection Bypass
|
|
55443
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator Multiple Default Gateways Packet Policies Bypass
|
|
55444
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator SIP Module (sipfw) Streams Handling Unspecified Remote DoS
|
|
55445
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator Crafted SIP Media Description Remote DoS
|
|
55446
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator SIP Module Malformed Via Header Remote DoS
|
|
55447
Description:
Unknown / Incomplete
|
2009-03-23
|
Ingate Firewall/SIParator SIP Module Hold Media Encryption Transcoding Remote DoS
|
|
56383
Description:
Unknown / Incomplete
|
2009-03-23
|
Telnet-FTP Server Multiple FTP Command Traversal Arbitrary File Manipulation
|
|
56384
Description:
Unknown / Incomplete
|
2009-03-23
|
Telnet-FTP Server Malformed RETR Commands Remote DoS
|
|
56343
Description:
Unknown / Incomplete
|
2009-03-23
|
ZyXEL G-570S Malformed HTTP Request Remote DoS
|
|
56344
Description:
Unknown / Incomplete
|
2009-03-23
|
ZyXEL G-570S Unspecified Crafted Request Configuration Manipulation
|
|
56345
Description:
Unknown / Incomplete
|
2009-03-23
|
ZyXEL G-570S /cgi-bin/ExportCurrentSettings Configuration File Disclosure
|
|
52863
Description:
Unknown / Incomplete
|
2009-03-23
|
CCK Field Privacy Module for Drupal Menu System Access Bypass
|
|
53080
Description:
Vendor denies that this is a software vulnerability because Piwik does not "store" the API key in "archive.sh" as alleged in the advisory -- it never configures (nor modifies) "archive.sh". The only way to expose the API key in "archive.sh" would be for a user to manually edit this example script in-situ.
|
2009-03-23
|
Piwik misc/cron/archive.sh Direct Request Information Disclosure
|
|
53114
Description:
(Description Provided by CVE) : The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
|
2009-03-23
|
FreeBSD ktimer (sys/kern/kern_time.c) Arbitrary Kernel Memory Overwrite Local Privilege Escalation
|
|
53113
Description:
Unknown / Incomplete
|
2009-03-23
|
FreeBSD kenv(2) Environment Dump Local DoS
|
