[CLOSE] OSVDB ID : 32652 - Disclosed: 2006-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 36701 - Disclosed: 2006-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33966 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in logout.php in T.G.S. CMS 0.1.7 and earlier allows remote attackers to execute arbitrary SQL commands via the myauthorid cookie.

[CLOSE] OSVDB ID : 45451 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.

[CLOSE] OSVDB ID : 30149 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 30166 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127.

[CLOSE] OSVDB ID : 30165 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter.

[CLOSE] OSVDB ID : 30144 - Disclosed: 2006-10-31

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to login.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30145 - Disclosed: 2006-10-31

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to register.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30146 - Disclosed: 2006-10-31

Description:

Free File Hosting contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to send.php not properly sanitizing user input supplied to the 'AD_BODY_TEMP' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30193 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI.

[CLOSE] OSVDB ID : 29997 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.

[CLOSE] OSVDB ID : 30205 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632.

[CLOSE] OSVDB ID : 32631 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in gestion/savebackup.php in Gepi 1.4.0 and earlier, and possibly other versions before 1.4.4, allows remote attackers to execute arbitrary PHP code via a URL in the filename parameter.

[CLOSE] OSVDB ID : 31168 - Disclosed: 2006-10-31

Description:

phpMyConferences contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'library.inc.php' script not properly sanitizing user input supplied to the 'lvc_modules_dir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 32621 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key.

[CLOSE] OSVDB ID : 32620 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE.

[CLOSE] OSVDB ID : 32619 - Disclosed: 2006-10-31

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BytesFall Explorer (bfExplorer) 0.0.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the username ($User variable) to login/doLogin.php and other unspecified vectors.

[CLOSE] OSVDB ID : 33998 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 33999 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Exhibit Engine (EE) 1.22, and possibly earlier, allow remote attackers to execute arbitrary PHP code via a URL in the toroot parameter to (1) fetchsettings.php or (2) fstyles.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 36062 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : Mozilla Firefox 2.0, possibly only when running on Windows, allows remote attackers to bypass the Phishing Protection mechanism by representing an IP address in (1) dotted-hex, (2) dotted-octal, (3) single decimal integer, (4) single hex integer, or (5) single octal integer format, which is not captured by the blacklist filter.

[CLOSE] OSVDB ID : 45198 - Disclosed: 2006-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31962 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. NOTE: the original Bugtraq post mentioned that code execution was possible, but followup analysis has shown that it is only a null dereference.

[CLOSE] OSVDB ID : 33823 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL.

[CLOSE] OSVDB ID : 86926 - Disclosed: 2006-10-30

Description:

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when use-after-free error occurs in the xacct_add_tsk() function in tsacct.c, which will result in already freed memory being derefenced. This may allow a local attacker to gain access to potentially sensitive information.

[CLOSE] OSVDB ID : 30153 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts.

[CLOSE] OSVDB ID : 30154 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 30117 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/include/headerscripts.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30118 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/include/footerhome.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30119 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/include/footermain.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30120 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to ohotogallery/headerscripts.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30121 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/footerhome.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30122 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/footermain.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30123 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/headermain.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30124 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/sitemapfooter.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30125 - Disclosed: 2006-10-30

Description:

QnECMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to templates/sitemapheader.php not properly sanitizing user input supplied to the 'adminfolderpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30152 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in includes/menu.inc.php in E-Annu 1.0 allows remote attackers to execute arbitrary SQL commands via the login parameter. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 30151 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned.

[CLOSE] OSVDB ID : 30148 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.

[CLOSE] OSVDB ID : 30150 - Disclosed: 2006-10-30

Description:

(Description Provided by CVE) : Easy File Sharing (EFS) Web Server 4.0, when running on an NTFS file system, allows remote attackers to read arbitrary files under the web root by appending "::$DATA" to the end of a HTTP GET request, which accesses the alternate data stream.