| OSVDB ID | Disclosure Date | Title |
|---|
|
57452
Description:
Cisco Unified Communication Manager contains a flaw that may allow a remote denial of service. The issue is triggered when malformed header in SIP occurs, and will result in loss of availability for the service.
|
2009-08-26
|
Cisco Unified Communications Manager Unspecified SIP Packet Handling Remote DoS
|
|
57453
Description:
(Description Provided by CVE) : Cisco IOS 12.2 through 12.4 and 15.0 through 15.1, Cisco IOS XE 2.5.x and 2.6.x before 2.6.1, and Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allow remote attackers to cause a denial of service (device reload or voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug IDs CSCsz40392 and CSCsz43987.
|
2009-08-26
|
Cisco Unified Communications Manager SIP Trunk Malformed Packet Handling Remote DoS
|
|
57454
Description:
(Description Provided by CVE) : Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2); and Cisco Unified Presence 1.x, 6.x before 6.0(6), and 7.x before 7.0(4); allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug IDs CSCsq22534 and CSCsw52371.
|
2009-08-26
|
Cisco Unified Communications Manager Embedded Firewall Network Connection Saturation Remote DoS
|
|
57455
Description:
(Description Provided by CVE) : Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
|
2009-08-26
|
Cisco Unified Communications Manager SCCP Packet Handling Unspecified Remote DoS
|
|
57456
Description:
(Description Provided by CVE) : Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.
|
2009-08-26
|
Cisco Unified Communications Manager SIP Packet Processing Unspecified Remote DoS
|
|
58245
Description:
PAD Site Scripts contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'list.php' script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-26
|
PAD Site Scripts list.php search Parameter SQL Injection
|
|
58246
Description:
PAD Site Scripts contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'rss.php' script not properly sanitizing user-supplied input to the 'cat' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-26
|
PAD Site Scripts rss.php cat Parameter SQL Injection
|
|
58243
Description:
PAD Site Scripts contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' parameter upon submission to the 'rss.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-26
|
PAD Site Scripts rss.php cat Parameter XSS
|
|
58244
Description:
PAD Site Scripts contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat' parameter upon submission to the 'opml.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-26
|
PAD Site Scripts opml.php cat Parameter XSS
|
|
57401
Description:
Unknown / Incomplete
|
2009-08-26
|
tsclient on Ubuntu /.tsclient/last.tsc Cleartext Password Local Disclosure
|
|
57413
Description:
Unknown / Incomplete
|
2009-08-26
|
Go - url redirects Module for Drupal PCRE Regex Engine Arbitrary PHP Code Execution
|
|
57414
Description:
Unknown / Incomplete
|
2009-08-26
|
Go - url redirects Module for Drupal Unspecified XSS
|
|
57415
Description:
Unknown / Incomplete
|
2009-08-26
|
Go - url redirects Module for Drupal Redirect Manipulation CSRF
|
|
57429
Description:
(Description Provided by CVE) : Unspecified vulnerability in Symantec Norton AntiVirus 2005 through 2008; Norton Internet Security 2005 through 2008; AntiVirus Corporate Edition 9.0 before MR7, 10.0, 10.1 before MR8, and 10.2 before MR3; and Client Security 2.0 before MR7, 3.0, and 3.1 before MR8; when Internet Email Scanning is installed and enabled, allows remote attackers to cause a denial of service (CPU consumption and persistent connection loss) via unknown attack vectors.
|
2009-08-26
|
Symantec Multiple Products Internet Email Scanning Functionality Crafted Email Handling Infinite Loop DoS
|
|
57432
Description:
(Description Provided by CVE) : common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.
|
2009-08-26
|
Back In Time File Snapshot Deletion Permission Weakness Information Disclosure
|
|
57435
Description:
(Description Provided by CVE) : The Ajax Table module 5.x for Drupal does not perform access control, which allows remote attackers to delete arbitrary users and nodes via unspecified vectors.
|
2009-08-26
|
Ajax Table Module for Drupal Unspecified Arbitrary Node / User Deletion
|
|
57436
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Ajax Table module 5.x for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2009-08-26
|
Ajax Table Module for Drupal Unspecified XSS
|
|
58178
Description:
Crazy Star Plugin for Discuz! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'plugin.php' script not properly sanitizing user-supplied input to the 'fmid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-26
|
Crazy Star Plugin for Discuz! plugin.php fmid Parameter SQL Injection
|
|
58401
Description:
(Description Provided by CVE) : Mozilla Firefox 3.0.1 and earlier allows remote attackers to cause a denial of service (browser hang) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
2009-08-26
|
Mozilla Firefox window.print Function Loop Remote DoS
|
|
58400
Description:
(Description Provided by CVE) : Opera 9.52 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
2009-08-26
|
Opera window.print Function Loop Remote DoS
|
|
58398
Description:
(Description Provided by CVE) : Google Chrome 0.2.149.29 and earlier allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
2009-08-26
|
Google Chrome window.print Function Loop Remote DoS
|
|
58397
Description:
(Description Provided by CVE) : Microsoft Internet Explorer 6 through 6.0.2900.2180, and 7.0.6000.16711, allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
2009-08-26
|
Microsoft IE Auto Form Submission KEYGEN Element Remote DoS
|
|
58396
Description:
(Description Provided by CVE) : Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an automatically submitted form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
2009-08-26
|
Google Chrome Auto Form Submission KEYGEN Element Remote DoS
|
|
58395
Description:
(Description Provided by CVE) : Opera 9.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a series of automatic submissions of a form containing a KEYGEN element, a related issue to CVE-2009-1828.
|
2009-08-26
|
Opera Auto Form Submission KEYGEN Element Remote DoS
|
|
58399
Description:
(Description Provided by CVE) : Microsoft Internet Explorer 7 through 7.0.6000.16711 allows remote attackers to cause a denial of service (unusable browser) by calling the window.print function in a loop, aka a "printing DoS attack," possibly a related issue to CVE-2009-0821.
|
2009-08-26
|
Microsoft IE window.print Function Loop Remote DoS
|
|
58393
Description:
Unknown / Incomplete
|
2009-08-26
|
XMLTooling-C Crafted URL Handling Overflow
|
|
58391
Description:
(Description Provided by CVE) : Buffer overflow in OpenSAML before 1.1.3 as used in Internet2 Shibboleth Service Provider software 1.3.x before 1.3.4, and XMLTooling before 1.2.2 as used in Internet2 Shibboleth Service Provider software 2.x before 2.2.1, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed encoded URL.
|
2009-08-26
|
OpenSAML Crafted URL Handling Overflow
|
|
58426
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/_error_funcs.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/_error_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58427
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/_integrity_funcs.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/_integrity_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58428
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/_template_component_admin.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/_template_component_admin.php MOA_PATH Parameter Remote File Inclusion
|
|
58429
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/_template_component_gallery.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/_template_component_gallery.php MOA_PATH Parameter Remote File Inclusion
|
|
58430
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/_template_parser.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/_template_parser.php MOA_PATH Parameter Remote File Inclusion
|
|
58431
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/mod_gallery_funcs.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/mod_gallery_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58432
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/mod_image_funcs.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/mod_image_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58433
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/mod_tag_funcs.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/mod_tag_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58434
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/mod_tag_view.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/mod_tag_view.php MOA_PATH Parameter Remote File Inclusion
|
|
58435
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/mod_tag_view.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/mod_upgrade_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58436
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/mod_user_funcs.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/mod_user_funcs.php MOA_PATH Parameter Remote File Inclusion
|
|
58437
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_admin.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/page_admin.php MOA_PATH Parameter Remote File Inclusion
|
|
58438
Description:
Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_gallery_add.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-08-26
|
Moa Gallery sources/page_gallery_add.php MOA_PATH Parameter Remote File Inclusion
|
