[CLOSE] OSVDB ID : 52781 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via values in the URI.

[CLOSE] OSVDB ID : 52813 - Disclosed: 2009-03-18

Description:

Advanced Image Hosting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'gallery_list.php' script not properly sanitizing user-supplied input to the 'gal' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52783 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.

[CLOSE] OSVDB ID : 52782 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Tasklist module 5.x-1.x before 5.x-1.3 and 5.x-2.x before 5.x-2.0-alpha1, a module for Drupal, allows remote authenticated users to inject arbitrary web script or HTML via Cascading Style Sheets (CSS).

[CLOSE] OSVDB ID : 52786 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in the Plus 1 module before 6.x-2.6, a module for Drupal, allows remote attackers to cast votes for content via unspecified aspects of the URI.

[CLOSE] OSVDB ID : 52784 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the node edit form feature in Drupal Content Construction Kit (CCK) 6.x before 6.x-2.2, a module for Drupal, allow remote attackers to inject arbitrary web script or HTML via the (1) titles of candidate referenced nodes in the Node reference sub-module and the (2) names of candidate referenced users in the User reference sub-module.

[CLOSE] OSVDB ID : 52846 - Disclosed: 2009-03-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 52852 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Send by e-mail module in the "Printer, e-mail and PDF versions" module 5.x before 5.x-4.4 and 6.x before 6.x-1.4, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via vectors involving outbound HTML e-mail.

[CLOSE] OSVDB ID : 52888 - Disclosed: 2009-03-18

Description:

An attacker can execute arbitrary code (possibly gaining control over the machine) by having an end-user click on a malicious URL.

[CLOSE] OSVDB ID : 52892 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in Microsoft Internet Explorer 8 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors triggered by clicking on a link, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

[CLOSE] OSVDB ID : 52896 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : Mozilla Firefox 3.0.7 on Windows 7 allows remote attackers to execute arbitrary code via unknown vectors related to the _moveToEdgeShift XUL tree method, which triggers garbage collection on objects that are still in use, as demonstrated by Nils during a PWN2OWN competition at CanSecWest 2009.

[CLOSE] OSVDB ID : 53065 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.

[CLOSE] OSVDB ID : 53479 - Disclosed: 2009-03-18

Description:

(Description Provided by CVE) : The IMAP task in the server in IBM Lotus Domino 8.0.2 before FP1 IF1 and 8.5 before IF3 allows remote attackers to cause a denial of service (daemon crash) via a MIME e-mail message with RFC822 attachments (aka blobs) containing malformed root entities.

[CLOSE] OSVDB ID : 91911 - Disclosed: 2009-03-18

Description:

Juniper IVE OS Secure Access (SA) contains an unspecified flaw in multiple parameters in the Secure Meeting client that may allow an attacker to have an unspecified impact. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91910 - Disclosed: 2009-03-18

Description:

Juniper IVE OS Secure Access (SA) contains an unspecified flaw in the sign-in page in the Secure Meeting Outlook plugin that may allow an attacker to have an unspecified impact. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 52713 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : Stack-based buffer overflow in wp6sr.dll in the Autonomy KeyView SDK 10.4 and earlier, as used in IBM Lotus Notes, Symantec Mail Security (SMS) products, Symantec BrightMail Appliance products, and Symantec Data Loss Prevention (DLP) products, allows remote attackers to execute arbitrary code via a crafted Word Perfect Document (WPD) file.

[CLOSE] OSVDB ID : 52750 - Disclosed: 2009-03-17

Description:

PHP Pro Bid contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/class_image.php' script not properly sanitizing user input supplied to the 'fileExtension' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 52770 - Disclosed: 2009-03-17

Description:

phpFoX contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions for the manipulation of user accounts. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 52798 - Disclosed: 2009-03-17

Description:

PHPRunner contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'UserView_list.php' script not properly sanitizing user-supplied input to the 'SearchField' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52789 - Disclosed: 2009-03-17

Description:

YABSoft Mega File Hosting Script contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'cross.php' script not properly sanitizing user input supplied to the 'url' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 52836 - Disclosed: 2009-03-17

Description:

fMoblog Plugin for Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52764 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : IBM Rational AppScan Enterprise before 5.5 FP1 allows remote attackers to read arbitrary exported reports by "forcefully browsing."

[CLOSE] OSVDB ID : 52797 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : Format string vulnerability in Symantec pcAnywhere before 12.5 SP1 allows local users to read and modify arbitrary memory locations, and cause a denial of service (application crash) or possibly have unspecified other impact, via format string specifiers in the pathname of a remote control file (aka .CHF file).

[CLOSE] OSVDB ID : 52847 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

[CLOSE] OSVDB ID : 52799 - Disclosed: 2009-03-17

Description:

PHPRunner contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'orders_list.php' script not properly sanitizing user-supplied input to the 'SearchField' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52800 - Disclosed: 2009-03-17

Description:

PHPRunner contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'users_list.php' script not properly sanitizing user-supplied input to the 'SearchField' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52801 - Disclosed: 2009-03-17

Description:

PHPRunner contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'Administrator_list.php' script not properly sanitizing user-supplied input to the 'SearchField' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52803 - Disclosed: 2009-03-17

Description:

Ganesha Digital Library (GDL) contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'gdl.php' script not properly sanitizing user-supplied input to the 'node' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52804 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : UserView_list.php in PHPRunner 4.2, and possibly earlier, stores passwords in cleartext in the database, which allows attackers to gain privileges. NOTE: this can be leveraged with a separate SQL injection vulnerability to obtain passwords remotely without authentication.

[CLOSE] OSVDB ID : 52812 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : Buffer overflow in CDex 1.70b2 allows remote attackers to execute arbitrary code via a crafted Info header in an Ogg Vorbis (.ogg) file.

[CLOSE] OSVDB ID : 52848 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

[CLOSE] OSVDB ID : 52849 - Disclosed: 2009-03-17

Description:

(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in the HP Embedded Web Server (EWS) on HP LaserJet Printers, Edgeline Printers, and Digital Senders allow remote attackers to hijack the intranet connectivity of arbitrary users for requests that (1) print documents via unknown vectors, (2) modify the network configuration via a NetIPChange request to hp/device/config_result_YesNo.html/config, or (3) change the password via the Password and ConfirmPassword parameters to hp/device/set_config_password.html/config.

[CLOSE] OSVDB ID : 53263 - Disclosed: 2009-03-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53264 - Disclosed: 2009-03-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64582 - Disclosed: 2009-03-17

Description:

Talkative IRC 0.4.4.16 suffers from a stack based buffer overflow vulnerability that enables us to gain full control over the application and execute arbitrary commands. ECX and EIP registers gets overwriten, so does the SEH. An attacker can exploit this issue by enticing an unsuspecting user into connecting to a malicious IRC server.

[CLOSE] OSVDB ID : 89520 - Disclosed: 2009-03-17

Description:

Vino contains a flaw in vino-preferences that is due to the program notifying users that their desktop is only reachable over a local network, which has been reported to be incorrect. This may cause a user to assume their system is more secure than it actually is.

[CLOSE] OSVDB ID : 52974 - Disclosed: 2009-03-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in Sun OpenSolaris snv_39 through snv_45, when running in 64-bit mode on x86 architectures, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6442712.

[CLOSE] OSVDB ID : 52973 - Disclosed: 2009-03-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in Sun Solaris 10 on SPARC sun4v systems, and OpenSolaris snv_47 through snv_85, allows local users to cause a denial of service (hang of UFS filesystem write) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6425723.

[CLOSE] OSVDB ID : 52972 - Disclosed: 2009-03-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in the UFS filesystem functionality in Sun OpenSolaris snv_86 through snv_91, when running in 32-bit mode on x86 systems, allows local users to cause a denial of service (panic) via unknown vectors related to the (1) ufs_getpage and (2) ufs_putapage routines, aka CR 6679732.

[CLOSE] OSVDB ID : 52971 - Disclosed: 2009-03-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in Kerberos Incremental Propagation in Solaris 10 and OpenSolaris snv_01 through snv_110 allows remote attackers to cause a denial of service (loss of incremental propagation requests to slave KDC servers) via unknown vectors related to the master Key Distribution Center (KDC) server.