[CLOSE] OSVDB ID : 58439 - Disclosed: 2009-08-26

Description:

Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_gallery_view.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 58440 - Disclosed: 2009-08-26

Description:

Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_image_add.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 58441 - Disclosed: 2009-08-26

Description:

Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_image_view_full.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 58442 - Disclosed: 2009-08-26

Description:

Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_login.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 58443 - Disclosed: 2009-08-26

Description:

Moa Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'sources/page_sitemap.php' script not properly sanitizing user input supplied to the 'MOA_PATH' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 61858 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : Directory traversal vulnerability in sources/_template_parser.php in Moa Gallery 1.2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the p_filename parameter, a different issue than CVE-2009-4614.

[CLOSE] OSVDB ID : 66695 - Disclosed: 2009-08-26

Description:

(Description Provided by CVE) : Directory traversal vulnerability in box_display.php in TotalCalendar 2.4 allows remote attackers to read arbitrary files and possibly have unspecified other impact via a .. (dot dot) in the box parameter.

[CLOSE] OSVDB ID : 66694 - Disclosed: 2009-08-26

Description:

TotalCalendar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'rss.php' script not properly sanitizing user-supplied input to the 'selectedCal' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 87931 - Disclosed: 2009-08-26

Description:

Open Auto Classifieds contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'next' parameter to listnings.php upon submission to the SmartyPaginate.class.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 58935 - Disclosed: 2009-08-25

Description:

Achievo contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'title' parameter upon submission to the dispatch.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 57372 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : in.lpd in the print service in Sun Solaris 8 and 9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors that trigger a "fork()/exec() bomb."

[CLOSE] OSVDB ID : 85208 - Disclosed: 2009-08-25

Description:

Comodo Internet Security contains a flaw related to the antivirus component that may allow for a denial of service. The issue is triggered when a user opens a malformed compressed file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).

[CLOSE] OSVDB ID : 85207 - Disclosed: 2009-08-25

Description:

Comodo Internet Security contains a flaw related to the antivirus component that may allow for a denial of service. The issue is triggered when a user opens a malformed packed file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).

[CLOSE] OSVDB ID : 57339 - Disclosed: 2009-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57327 - Disclosed: 2009-08-25

Description:

SimpleID contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's' parameter upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57334 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : Buffer overflow in xlssr.dll in the Autonomy KeyView XLS viewer (aka File Viewer for Excel), as used in IBM Lotus Notes 5.x through 8.5.x, Symantec Mail Security, Symantec BrightMail Appliance, Symantec Data Loss Prevention (DLP), and other products, allows remote attackers to execute arbitrary code via a crafted .xls spreadsheet attachment.

[CLOSE] OSVDB ID : 57399 - Disclosed: 2009-08-25

Description:

EMO Breeder Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'video.php' script not properly sanitizing user-supplied input to the 'idd' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57394 - Disclosed: 2009-08-25

Description:

A buffer overflow exists in ProFTP. The client fails to validate FTP server welcome messages resulting in a stack overflow. With a specially crafted welcome message, a remote FTP server operator can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 57491 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : Cisco Aironet Lightweight Access Point (AP) devices send the contents of certain multicast data frames in cleartext, which allows remote attackers to discover Wireless LAN Controller MAC addresses and IP addresses, and AP configuration details, by sniffing the wireless network.

[CLOSE] OSVDB ID : 57508 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : Mozilla Firefox 3.5.2 on Windows XP, in some situations possibly involving an incompletely configured protocol handler, does not properly implement setting the document.location property to a value specifying a protocol associated with an external application, which allows remote attackers to cause a denial of service (memory consumption) via vectors involving a series of function calls that set this property, as demonstrated by (1) the chromehtml: protocol and (2) the aim: protocol.

[CLOSE] OSVDB ID : 57505 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.

[CLOSE] OSVDB ID : 57586 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

[CLOSE] OSVDB ID : 57587 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : The doHotCopy subroutine in socket-server.pl in Zmanda Recovery Manager (ZRM) for MySQL 2.x before 2.1.1 allows remote attackers to execute arbitrary commands via vectors involving a crafted $MYSQL_BINPATH variable.

[CLOSE] OSVDB ID : 57645 - Disclosed: 2009-08-25

Description:

(Description Provided by CVE) : A certain ActiveX control in lnresobject.dll 7.1.1.119 in the Research In Motion (RIM) Lotus Notes connector for BlackBerry Desktop Manager 5.0.0.11 allows remote attackers to cause a denial of service (Internet Explorer crash) by referencing the control's CLSID in the classid attribute of an OBJECT element.

[CLOSE] OSVDB ID : 60421 - Disclosed: 2009-08-25

Description:

Q-Proje Siirler Bileseni contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'sid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62590 - Disclosed: 2009-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62642 - Disclosed: 2009-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62615 - Disclosed: 2009-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59938 - Disclosed: 2009-08-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57342 - Disclosed: 2009-08-24

Description:

Ed Charkows SuperCharged Linking contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'browse.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 61974 - Disclosed: 2009-08-24

Description:

Enano CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'includes/comment.php' script not properly sanitizing user-supplied input to the comment submission interface. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 57369 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

[CLOSE] OSVDB ID : 58240 - Disclosed: 2009-08-24

Description:

Uebimiau Webmail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered due to unrestricted access to system_admin/admin.ucf occurs, which will disclose the username and password hash database resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 57427 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.

[CLOSE] OSVDB ID : 57346 - Disclosed: 2009-08-24

Description:

avast! Home/Professional contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when the aswMon kernel driver processes a specially crafted IOCTL. It is possible that the flaw may allow execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 57345 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Arcade Trade Script 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the adminLoggedIn cookie to true.

[CLOSE] OSVDB ID : 57343 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Fat Player 0.6b allows remote attackers to execute arbitrary code via a long string in a .wav file. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 57344 - Disclosed: 2009-08-24

Description:

Moa Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'gallery_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57351 - Disclosed: 2009-08-24

Description:

ITechBids contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the feedback.php script not properly sanitizing user-supplied input to the 'user_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57350 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Faslo Player 7.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long string in a .m3u playlist file.