[CLOSE] OSVDB ID : 31217 - Disclosed: 2006-11-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in MWChat Pro 7.0 allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[MWCHAT_Libs] parameter to (1) about.php, (2) buddy.php, (3) chat.php, (4) dialog.php, (5) head.php, (6) help.php, (7) index.php, and (8) license.php, different vectors than CVE-2005-1869.

[CLOSE] OSVDB ID : 32632 - Disclosed: 2006-11-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32633 - Disclosed: 2006-11-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32634 - Disclosed: 2006-11-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32635 - Disclosed: 2006-11-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32636 - Disclosed: 2006-11-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32637 - Disclosed: 2006-11-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30186 - Disclosed: 2006-11-03

Description:

MODx contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to Thumbnail.php not properly sanitizing user input supplied to the 'base_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 33951 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector might overlap CVE-2006-1494.

[CLOSE] OSVDB ID : 36647 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in the tab editor for Personal .NET Portal before 2.0.0 has unknown impact and attack vectors related to a "Security leak."

[CLOSE] OSVDB ID : 33968 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter.

[CLOSE] OSVDB ID : 30178 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

[CLOSE] OSVDB ID : 30179 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.

[CLOSE] OSVDB ID : 30217 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the siteconf[curl] parameter, as demonstrated by a POST to news/comment.php containing PHP code, which is stored under db/comments/news/ and included by classes/index.php.

[CLOSE] OSVDB ID : 30192 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.

[CLOSE] OSVDB ID : 30190 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.

[CLOSE] OSVDB ID : 30191 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users.

[CLOSE] OSVDB ID : 83878 - Disclosed: 2006-11-02

Description:

PHP contains a flaw that may allow a remote denial of service. The issue is triggered during the handling of a malformed color index, which causes an infinite loop. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 31704 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

[CLOSE] OSVDB ID : 30187 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter.

[CLOSE] OSVDB ID : 30188 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. (dot dot) in the action parameter.

[CLOSE] OSVDB ID : 41212 - Disclosed: 2006-11-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32624 - Disclosed: 2006-11-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 41036 - Disclosed: 2006-11-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 42075 - Disclosed: 2006-11-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30181 - Disclosed: 2006-11-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53073 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 58603 - Disclosed: 2006-11-02

Description:

FreeWebshop contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker passes an invalid 'action' parameter to the index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 59234 - Disclosed: 2006-11-02

Description:

(Description Provided by CVE) : ** DISPUTED ** Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute.

[CLOSE] OSVDB ID : 83877 - Disclosed: 2006-11-02

Description:

PHP contains a flaw in the filter extension that is triggered when magic_quotes_gpc fails to be applied during the usage of RAW filters. This may allow an attacker to bypass authentication.

[CLOSE] OSVDB ID : 41550 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.

[CLOSE] OSVDB ID : 41551 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning.

[CLOSE] OSVDB ID : 41549 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database.

[CLOSE] OSVDB ID : 41547 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.

[CLOSE] OSVDB ID : 41548 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240.

[CLOSE] OSVDB ID : 41546 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores.

[CLOSE] OSVDB ID : 30173 - Disclosed: 2006-11-01

Description:

TikiWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'url' parameter upon submission to the 'tiki-featured_link.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 30180 - Disclosed: 2006-11-01

Description:

A remote overflow exists in Mac OS X. The Orinoco Airport driver fails to validate Probe Response Frames resulting in a heap overflow. With a specially crafted probe response, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 30753 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user.

[CLOSE] OSVDB ID : 30754 - Disclosed: 2006-11-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.