[CLOSE] OSVDB ID : 57458 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 does not properly restrict access to the listening port for the DBManager service, which allows remote attackers to bypass authentication and modify tasks or the Altiris Database via a connection to this service.

[CLOSE] OSVDB ID : 57459 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : The Aclient GUI in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 installs a client executable with insecure permissions (Everyone:Full Control), which allows local users to gain privileges by replacing the executable with a Trojan horse program.

[CLOSE] OSVDB ID : 57460 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Unspecified vulnerability in the AClient agent in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430, when key-based authentication is being used between a deployment server and a client, allows remote attackers to bypass authentication and execute arbitrary commands as SYSTEM by spoofing the deployment server and sending "alternate commands" before the handshake is completed.

[CLOSE] OSVDB ID : 57461 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Race condition in the file transfer functionality in Symantec Altiris Deployment Solution 6.9.x before 6.9 SP3 Build 430 allows remote attackers to read sensitive files and prevent client updates by connecting to the file transfer port before the expected client does.

[CLOSE] OSVDB ID : 57425 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in bingo!CMS 1.2 and earlier allows remote attackers to hijack the authentication of other users for requests that modify configuration or change content via unspecified vectors.

[CLOSE] OSVDB ID : 57426 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.

[CLOSE] OSVDB ID : 57448 - Disclosed: 2009-08-27

Description:

PHP Calendars contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' parameters upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57437 - Disclosed: 2009-08-27

Description:

Stand Alone Arcade contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cat' parameters upon submission to the 'gamelist.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57444 - Disclosed: 2009-08-27

Description:

DigiOz Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search_term' parameters upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57449 - Disclosed: 2009-08-27

Description:

SearchFeed Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57438 - Disclosed: 2009-08-27

Description:

VideoGirls contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 't' parameters upon submission to the 'forum.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57445 - Disclosed: 2009-08-27

Description:

LinkorCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'searchstr' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57450 - Disclosed: 2009-08-27

Description:

Auction RSS Content Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' parameters upon submission to the 'rss.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57441 - Disclosed: 2009-08-27

Description:

PHP Video Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'key' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57446 - Disclosed: 2009-08-27

Description:

Affiliate Master contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' parameters upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57439 - Disclosed: 2009-08-27

Description:

VideoGirls contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'profile_name' parameters upon submission to the 'profile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57440 - Disclosed: 2009-08-27

Description:

VideoGirls contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'p' parameters upon submission to the 'view.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57447 - Disclosed: 2009-08-27

Description:

DigiFolio Component for Joomla contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57464 - Disclosed: 2009-08-27

Description:

Uiga Church Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'year', 'month', 'name_from', 'email_from', 'telephone', and 'message' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 57463 - Disclosed: 2009-08-27

Description:

Pirates of The Caribbean contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'x' and 'y' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57451 - Disclosed: 2009-08-27

Description:

Auction RSS Content Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' parameters upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57895 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : xscreensaver (aka Gnome-XScreenSaver) in Sun Solaris 9 and 10, OpenSolaris snv_109 through snv_122, and X11 6.4.1 on Solaris 8 does not properly handle Accessibility support, which allows local users to cause a denial of service (system hang) by locking the screen and then attempting to launch an Accessibility pop-up window, related to a regression in certain Solaris and OpenSolaris patches.

[CLOSE] OSVDB ID : 58111 - Disclosed: 2009-08-27

Description:

Freetag Plugin for Serendipity contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewing meta keywords for a blog entry not properly sanitizing user-supplied input to the unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 60946 - Disclosed: 2009-08-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57467 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Search Functionality not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57468 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'Admin Login' page not properly sanitizing user-supplied input to the 'user' parameter. This may allow an a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57469 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Quote Addition not properly sanitizing user-supplied input to the 'quote' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57470 - Disclosed: 2009-08-26

Description:

RASH Quote Management System contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'Admin Login' page not properly sanitizing user-supplied input to the 'user' parameter. This may allow an a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57842 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Self Service UI (SSUI) in IBM Tivoli Identity Manager (ITIM) 5.0.0.5 allows remote authenticated users to inject arbitrary web script or HTML via the last name field in a profile.

[CLOSE] OSVDB ID : 57421 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : Google V8, as used in Google Chrome before 2.0.172.43, allows remote attackers to bypass intended restrictions on reading memory, and possibly obtain sensitive information or execute arbitrary code in the Chrome sandbox, via crafted JavaScript.

[CLOSE] OSVDB ID : 57422 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : Google Chrome before 2.0.172.43 does not prevent SSL connections to a site with an X.509 certificate signed with the (1) MD2 or (2) MD4 algorithm, which makes it easier for man-in-the-middle attackers to spoof arbitrary HTTPS servers via a crafted certificate, a related issue to CVE-2009-2409.

[CLOSE] OSVDB ID : 57457 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : The sockfs module in the kernel in Sun Solaris 10 and OpenSolaris snv_41 through snv_122, when Network Cache Accelerator (NCA) logging is enabled, allows remote attackers to cause a denial of service (panic) via unspecified web-server traffic that triggers a NULL pointer dereference in the nl7c_http_log function, related to "improper http response handling."

[CLOSE] OSVDB ID : 57474 - Disclosed: 2009-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57489 - Disclosed: 2009-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57496 - Disclosed: 2009-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57494 - Disclosed: 2009-08-26

Description:

OpenAutoClassifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'listings.php' script not properly sanitizing user-supplied input to the 'start_zip' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57497 - Disclosed: 2009-08-26

Description:

Open Auto Classifieds contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sets interest to 0 in the paycalc form, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 57498 - Disclosed: 2009-08-26

Description:

OpenAutoClassifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'xml_zone_data.php' script not properly sanitizing user-supplied input to the 'filter' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57434 - Disclosed: 2009-08-26

Description:

phpSANE contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'save.php' script not properly sanitizing user input supplied to the 'file_save' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 57495 - Disclosed: 2009-08-26

Description:

OpenAutoClassifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search.php' script not properly sanitizing user-supplied input to the 'start_zip' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.