| OSVDB ID | Disclosure Date | Title |
|
32038
Description:
Unknown / Incomplete
|
2006-11-30
|
WoltLab Burning Board register.php r_dateformat Variable XSS
|
|
30685
Description:
(Description Provided by CVE) : LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
|
2006-11-30
|
LifeType bayesianfilter.class.php Multiple Path Disclosure Vulnerabilities
|
|
30686
Description:
(Description Provided by CVE) : LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
|
2006-11-30
|
LifeType bootstrap.php Multiple Path Disclosure Vulnerabilities
|
|
34648
Description:
(Description Provided by CVE) : SQL injection vulnerability in includes/functions.php in Kubix 0.7 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the member_id parameter ($id variable) to index.php.
|
2006-11-29
|
Kubix includes/functions.php member_id Variable SQL Injection
|
|
36832
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database."
|
2006-11-29
|
@Mail Webadmin Unspecified XSS
|
|
31351
Description:
(Description Provided by CVE) : Multiple buffer overflows in the Spooler service (nwspool.dll) in Novell Netware Client 4.91 through 4.91 SP2 allow remote attackers to execute arbitrary code via a long argument to the (1) EnumPrinters and (2) OpenPrinter functions.
|
2006-11-29
|
Novell Netware Client Print Provider (nwspool.dll) Multiple Function Overflow
|
|
34641
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
|
2006-11-29
|
Kubix index.php theme Cookie Traversal Local File Inclusion
|
|
34642
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Kubix 0.7 and earlier allow remote attackers to (1) include and execute arbitrary local files via ".." sequences in the theme cookie to index.php, which is not properly handled by includes/head.php; and (2) read arbitrary files via ".." sequences in the file parameter in an add_dl action to adm_index.php, as demonstrated by reading connect.php.
|
2006-11-29
|
Kubix adm_index.php add_dl Action Traversal Arbitrary File Access
|
|
36529
Description:
(Description Provided by CVE) : Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets.
|
2006-11-29
|
Teredo Clients Encapsulated IPv6 Packet Source Routing Policy Bypass
|
|
36530
Description:
(Description Provided by CVE) : Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering.
|
2006-11-29
|
Teredo Crafted Traffic IPv4 Ingress Filtering Bypass
|
|
36531
Description:
(Description Provided by CVE) : Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure.
|
2006-11-29
|
Teredo Clients Remote Tunneling Weakness
|
|
36532
Description:
(Description Provided by CVE) : Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties.
|
2006-11-29
|
Teredo Clients Third Party Traffic Induction
|
|
30784
Description:
(Description Provided by CVE) : Heap-based buffer overflow in Borland idsql32.dll 5.1.0.4, as used by RevilloC MailServer; 5.2.0.2 as used by Borland Developer Studio 2006; and possibly other versions allows remote attackers to execute arbitrary code via a long SQL statement, related to use of the DbiQExec function.
|
2006-11-29
|
Borland Multiple Products idsql32.dll SQL Statement Handling Overflow
|
|
30781
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
2006-11-29
|
Blogn admin.php Unspecified XSS
|
|
30777
Description:
(Description Provided by CVE) : Unrestricted file upload vulnerability in P-News 2.0 allows remote attackers to upload and execute arbitrary files via an avatar file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2006-11-29
|
P-News Avatar Upload Multiple File Extension Command Execution
|
|
30725
Description:
(Description Provided by CVE) : Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
|
2006-11-29
|
Linux Kernel get_fdb_entries() Local Overflow
|
|
31298
Description:
(Description Provided by CVE) : Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section in a JPEG file, which results in an infinite recursion.
|
2006-11-29
|
KDE kfile-info Plugin EXIF File Handling Overflow DoS
|
|
30770
Description:
(Description Provided by CVE) : Stack-based buffer overflow in BlazeVideo BlazeDVD Standard and Professional 5.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.
|
2006-11-29
|
BlazeDVD PLF Playlist Filename Parsing Overflow
|
|
30772
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. (dot dot) sequence in an FTP command argument, as demonstrated by RETR (GET) or STOR (PUT). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
2006-11-29
|
Telnet-FTP Server Multiple Command Traversal Arbitrary File Access
|
|
30773
Description:
(Description Provided by CVE) : Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
2006-11-29
|
Telnet-FTP Server RETR Command DoS
|
|
31354
Description:
(Description Provided by CVE) : srvloc.sys in Novell Client for Windows before 4.91 SP3 allows remote attackers to cause an unspecified denial of service via a crafted packet to port 427 that triggers an access of pageable or invalid addresses using a higher interrupt request level (IRQL) than necessary.
|
2006-11-29
|
Novell Client srvloc.sys Crafted Packet Unspecified Remote DoS
|
|
31583
Description:
(Description Provided by CVE) : Directory traversal vulnerability in lib/FBView.php in Horde Kronolith H3 before 2.0.7 and 2.1.x before 2.1.4 allows remote attackers to include arbitrary files and execute PHP code via a .. (dot dot) sequence in the view parameter.
|
2006-11-29
|
Kronolith FBView.php view Traversal Source Inclusion
|
|
32018
Description:
(Description Provided by CVE) : SQL injection vulnerability in login.asp in Redbinaria Sistema Integrado de Administracion de Portales (SIAP) allows remote attackers to execute arbitrary SQL commands via the username parameter.
|
2006-11-29
|
Siap CMS login.asp username SQL Injection
|
|
34761
Description:
(Description Provided by CVE) : Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.
|
2006-11-28
|
Free PDF Library hpdf_page_operator.c HPDF_Page_Circle Ffunction Overflow
|
|
32035
Description:
Unknown / Incomplete
|
2006-11-28
|
PHP Event Calendar index.php path_to_calendar Variable Remote File Inclusion
|
|
31548
Description:
(Description Provided by CVE) : Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.
|
2006-11-28
|
Quintessential Player Playlist Handling DoS
|
|
36533
Description:
(Description Provided by CVE) : Format string vulnerability in Songbird Media Player 0.2 and earlier allows remote attackers to cause a denial of service (crash) via an M3U Playlist file containing extended ASCII, which causes the Unicode converter to be invoked.
|
2006-11-28
|
Songbird Media Player M3U Playlist Format String DoS
|
|
31264
Description:
Unknown / Incomplete
|
2006-11-28
|
ELOG Multiple Unspecified Issues
|
|
36527
Description:
(Description Provided by CVE) : Unspecified scripts in the admin directory in 8pixel.net SimpleBlog 3.0 and earlier do not properly perform authentication, which allows remote attackers to add users and perform certain other unauthorized privileged actions. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
|
2006-11-28
|
SimpleBlog Unspecified Remote Privilege Escalation
|
|
32026
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter.
|
2006-11-28
|
b2evolution inc/CONTROL/import/import-mt.php inc_path Variable Remote File Inclusion
|
|
33856
Description:
(Description Provided by CVE) : PuTTY 0.59 and earlier uses weak file permissions for (1) ppk files containing private keys generated by puttygen and (2) session logs created by putty, which allows local users to gain sensitive information by reading these files.
|
2006-11-28
|
PuTTY on Debian Linux puttygen ppk File Creation Permission Weakness
|
|
30778
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php.
|
2006-11-28
|
b2evolution _404_not_found.page.php Multiple Variable XSS
|
|
30779
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php.
|
2006-11-28
|
b2evolution _410_stats_gone.page.php app_name Variable XSS
|
|
30780
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php.
|
2006-11-28
|
b2evolution _referer_spam.page.php Multiple Variable XSS
|
|
30723
Description:
A local overflow exists in Mac OS X. The shared_region_make_private_NP() function fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2006-11-28
|
Apple Mac OS X shared_region_make_private_np() Call Local Privilege Escalation
|
|
30776
Description:
(Description Provided by CVE) : P-News 2.0 stores db/user.txt under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes via a direct request. NOTE: this might be the same issue as CVE-2006-6888.
|
2006-11-28
|
P-News user.txt User Database Disclosure
|
|
31697
Description:
(Description Provided by CVE) : Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
|
2006-11-28
|
Crystal Reports Predictable Session Identifier Hijacking
|
|
30683
Description:
(Description Provided by CVE) : Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
|
2006-11-28
|
Monkey Boards class.compiler.php Multiple Path Disclosure
|
|
30684
Description:
(Description Provided by CVE) : Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
|
2006-11-28
|
Monkey Boards admin_auth.inc.php Multiple Path Disclosure
|
|
36481
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. NOTE: some of these details are obtained from third party information.
|
2006-11-28
|
ClickGallery view_search.asp txtKeyWord Variable XSS
|