[CLOSE] OSVDB ID : 22806 - Disclosed: 2006-01-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Articles module in sPaiz-Nuke allows remote attackers to inject arbitrary web script or HTML via the query parameter in the search file.

[CLOSE] OSVDB ID : 22804 - Disclosed: 2006-01-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Easy CMS allow remote attackers to inject arbitrary web script or HTML via (1) unknown attack vectors in the administrative interface and (2) input fields of the contact form.

[CLOSE] OSVDB ID : 23003 - Disclosed: 2006-01-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Add Thread to Favorites feature in usercp2.php in MyBB (aka MyBulletinBoard) 1.02 allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header ($url variable).

[CLOSE] OSVDB ID : 22808 - Disclosed: 2006-01-29

Description:

UBB.threads contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the showflat.php script not properly sanitizing user-supplied input to the 'Number' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22900 - Disclosed: 2006-01-29

Description:

Ad Zapper for squid contains a flaw that may allow a remote denial of service. The issue is triggered when sending a URL to the squid_redirect script with a large number of forward slashes. This can cause the remote host to consume CPU resources, potentially causing a denial of service.

[CLOSE] OSVDB ID : 58846 - Disclosed: 2006-01-29

Description:

(Description Provided by CVE) : Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow.

[CLOSE] OSVDB ID : 23074 - Disclosed: 2006-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23075 - Disclosed: 2006-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23076 - Disclosed: 2006-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 22924 - Disclosed: 2006-01-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

[CLOSE] OSVDB ID : 79167 - Disclosed: 2006-01-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Mozilla 1.7.12 and possibly earlier, Mozilla Firefox 1.0.7 and possibly earlier, and Netscape 8.1 and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the -moz-binding (Cascading Style Sheets) CSS property, which does not require that the style sheet have the same origin as the web page, as demonstrated by the compromise of a large number of LiveJournal accounts.

[CLOSE] OSVDB ID : 22807 - Disclosed: 2006-01-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag.

[CLOSE] OSVDB ID : 22791 - Disclosed: 2006-01-28

Description:

(Description Provided by CVE) : Unspecified vulnerability in Pioneers (formerly gnocatan) before 0.9.49 allows remote attackers to cause a denial of service (application crash) via long chat messages.

[CLOSE] OSVDB ID : 22792 - Disclosed: 2006-01-28

Description:

(Description Provided by CVE) : pmwiki.php in PmWiki 2.1 beta 20, with register_globals enabled, allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GPC variable and a GLOBALS[] variable with the same name, which causes PmWiki to unset the GLOBALS[] variable but not the GPC variable, which creates resultant vulnerabilities such as remote file inclusion and cross-site scripting (XSS).

[CLOSE] OSVDB ID : 22935 - Disclosed: 2006-01-28

Description:

(Description Provided by CVE) : zbattle.net Zbattle client 1.09 SR-1 beta allows remote attackers to cause an unspecified denial of service by rapidly creating and closing a game.

[CLOSE] OSVDB ID : 23351 - Disclosed: 2006-01-27

Description:

(Description Provided by CVE) : Multiple memory leaks in the LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (memory consumption) via invalid BER packets that trigger an error, which might prevent memory from being freed if it was allocated during the ber_scanf call, as demonstrated using the ProtoVer LDAP test suite.

[CLOSE] OSVDB ID : 23352 - Disclosed: 2006-01-27

Description:

(Description Provided by CVE) : dn2ancestor in the LDAP component in Fedora Directory Server 1.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via a ModDN operation with a DN that contains a large number of "," (comma) characters, which results in a large amount of recursion, as demonstrated using the ProtoVer LDAP test suite.

[CLOSE] OSVDB ID : 23353 - Disclosed: 2006-01-27

Description:

(Description Provided by CVE) : The LDAP component in Fedora Directory Server 1.0 allow remote attackers to cause a denial of service (crash) via a certain "bad BER sequence" that results in a free of uninitialized memory, as demonstrated using the ProtoVer LDAP test suite.

[CLOSE] OSVDB ID : 22790 - Disclosed: 2006-01-27

Description:

ASPThai Forums contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.asp script not properly sanitizing user-supplied input to the 'password' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23657 - Disclosed: 2006-01-27

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious user to bypass the kill bit settings for ActiveX controls. The issue is triggered when user visits a malicious web page that contains specially crafted HTML which would cause the killbit setting for ActiveX controls to be bypassed. It is possible that the flaw may allow to execute arbitary code with user privileges.

[CLOSE] OSVDB ID : 22794 - Disclosed: 2006-01-27

Description:

(Description Provided by CVE) : Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link.

[CLOSE] OSVDB ID : 22787 - Disclosed: 2006-01-27

Description:

(Description Provided by CVE) : CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.

[CLOSE] OSVDB ID : 22788 - Disclosed: 2006-01-27

Description:

(Description Provided by CVE) : CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite.

[CLOSE] OSVDB ID : 22945 - Disclosed: 2006-01-26

Description:

(Description Provided by CVE) : Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.

[CLOSE] OSVDB ID : 22946 - Disclosed: 2006-01-26

Description:

(Description Provided by CVE) : Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.

[CLOSE] OSVDB ID : 22947 - Disclosed: 2006-01-26

Description:

(Description Provided by CVE) : Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h.

[CLOSE] OSVDB ID : 22922 - Disclosed: 2006-01-26

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Vis.pl, as part of the FACE CONTROL product, allows remote attackers to read arbitrary files via a .. (dot dot) in any parameter that opens a file, such as (1) s or (2) p.

[CLOSE] OSVDB ID : 22810 - Disclosed: 2006-01-26

Description:

Calendarix contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cal_functions.inc.php script not properly sanitizing user-supplied input to the 'catview' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22811 - Disclosed: 2006-01-26

Description:

Calendarix contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/cal_login.php script not properly sanitizing user-supplied input to the 'login' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22754 - Disclosed: 2006-01-26

Description:

Cisco VPN Conentrator 3000 contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted HTTP packet is sent to the service, which will lead to the device being rebooted. This will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 22876 - Disclosed: 2006-01-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23313 - Disclosed: 2006-01-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 22756 - Disclosed: 2006-01-26

Description:

(Description Provided by CVE) : Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.

[CLOSE] OSVDB ID : 22750 - Disclosed: 2006-01-25

Description:

MyBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sortby', 'sortordr' and 'keywords' variables upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 22720 - Disclosed: 2006-01-25

Description:

Phpclanwebsite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the "par" variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22721 - Disclosed: 2006-01-25

Description:

Phpclanwebsite contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker who is logged in as a clan administrator assigns a backslash to an the "page" variable, which will disclose the software's installation path in an error message, resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 22722 - Disclosed: 2006-01-25

Description:

Phpclanwebsite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'par' and 'poll_id' variables upon submission to the 'index.php' script, and will call the 'pollresults.php' script without validating these variables. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39241 - Disclosed: 2006-01-25

Description:

(Description Provided by CVE) : Unspecified vulnerability in the kernel in Red Hat Enterprise Linux (RHEL) 4 on the x86_64 platform allows local users to cause a denial of service (OOPS) via unspecified vectors related to the get_gate_vma function and the fuser command.

[CLOSE] OSVDB ID : 22719 - Disclosed: 2006-01-25

Description:

Oracle PL/SQL Gateway (a component of iAS, OAS and the Oracle HTTP Server) contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a failure to filter user input when referencing the PLSQLExclusion list. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 22761 - Disclosed: 2006-01-25

Description:

A remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.