[CLOSE] OSVDB ID : 19088 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.

[CLOSE] OSVDB ID : 19079 - Disclosed: 2005-08-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19083 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.

[CLOSE] OSVDB ID : 19114 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php.

[CLOSE] OSVDB ID : 19115 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.

[CLOSE] OSVDB ID : 19116 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.

[CLOSE] OSVDB ID : 19117 - Disclosed: 2005-08-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19118 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbtirary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.

[CLOSE] OSVDB ID : 19077 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.

[CLOSE] OSVDB ID : 19082 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

[CLOSE] OSVDB ID : 19067 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.

[CLOSE] OSVDB ID : 20707 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."

[CLOSE] OSVDB ID : 24605 - Disclosed: 2005-08-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebHost Automation Ltd Helm before 3.2.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors involving the default page.

[CLOSE] OSVDB ID : 20312 - Disclosed: 2005-08-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19089 - Disclosed: 2005-08-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19068 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.

[CLOSE] OSVDB ID : 19732 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

[CLOSE] OSVDB ID : 19733 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.4.9 allow remote attackers to inject arbitrary web script or HTML via (1) <math> tags or (2) Extension or <nowiki> sections that "bypass HTML style attribute restrictions" that are intended to protect against XSS vulnerabilities in Internet Explorer clients.

[CLOSE] OSVDB ID : 19069 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value.

[CLOSE] OSVDB ID : 19047 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and possibly other versions allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail containing tags with strings that contain ">" or other special characters, which is not properly sanitized by SqWebMail.

[CLOSE] OSVDB ID : 19055 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.

[CLOSE] OSVDB ID : 19071 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : Helpdesk software Hesk 0.92 does not properly verify usernames and passwords, which allows remote attackers to bypass authentication via a direct request to admin_main.php.

[CLOSE] OSVDB ID : 19073 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to bypass authentication via (1) an unknown attack vector or (2) a NULL (0x00) as a username.

[CLOSE] OSVDB ID : 19074 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, relies on the client to enforce permissions and perform actions such as disconnections, which allows remote attackers to bypass administrative restrictions via a modified client.

[CLOSE] OSVDB ID : 19075 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : BFCommand & Control Server Manager BFCC 1.22_A and earlier, and BFVCC 2.14_B and earlier, allows remote attackers to cause a denial of service (refused new connections) via a series of connections and disconnections without sending the login command.

[CLOSE] OSVDB ID : 19076 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in the login function for the administration login panel in cosmoshop 8.10.78 allows remote attackers to execute arbitrary SQL commands and bypass authentication via unspecified vectors.

[CLOSE] OSVDB ID : 19078 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop 8.10.78 and earlier allows remote administrators to read arbitrary files via ".." sequences in the file parameter.

[CLOSE] OSVDB ID : 19165 - Disclosed: 2005-08-29

Description:

(Description Provided by CVE) : smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.

[CLOSE] OSVDB ID : 19299 - Disclosed: 2005-08-29

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 19300 - Disclosed: 2005-08-29

Description:

Land Down Under (LDU) contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'events.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 24885 - Disclosed: 2005-08-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21580 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs.

[CLOSE] OSVDB ID : 21579 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems.

[CLOSE] OSVDB ID : 19070 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : comment_delete_cgi.php in Simple PHP Blog allows remote attackers to delete arbitrary files via the comment parameter.

[CLOSE] OSVDB ID : 19072 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

[CLOSE] OSVDB ID : 19298 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) allows remote attackers to inject arbitrary web script or HTML via a signature.

[CLOSE] OSVDB ID : 19066 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.

[CLOSE] OSVDB ID : 19091 - Disclosed: 2005-08-27

Description:

(Description Provided by CVE) : php_api.php in phpWebNotes 2.0.0 uses the extract function to modify key variables such as $t_path_core, which leads to a PHP file inclusion vulnerability that allows remote attackers to execute arbitrary PHP code via the t_path_core parameter.

[CLOSE] OSVDB ID : 19090 - Disclosed: 2005-08-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29350 - Disclosed: 2005-08-27

Description:

(Description Provided by CVE) : Unspecified vulnerability in the stats module in Gallery 1.5.1-RC2 and earlier allows remote attackers to obtain sensitive information via unspecified attack vectors, related to "two file exposure bugs."