[CLOSE] OSVDB ID : 31162 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 31645 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

[CLOSE] OSVDB ID : 25270 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. NOTE: it could be argued that this is a class of technology-specific vulnerability, instead of a particular instance; if so, then this should not be included in CVE.

[CLOSE] OSVDB ID : 23608 - Disclosed: 2006-02-28

Description:

Microsoft IE contains a flaw that may allow a malicious user to trick users into performing certain actions on local resources. The issue is triggered when network shares are included in an iframe occurs. It is possible that the flaw may allow an attacker to trick users into performing certain actions on local folders and files resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 23584 - Disclosed: 2006-02-28

Description:

STLport contains an overflow condition in the handling of local category names. The issue is due to the 'strcpy()' function in 'src/c_locale_glibc/c_locale_glibc2.c' not validating user-supplied input. With a specially crafted locale strings read from the environment, a local attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 23585 - Disclosed: 2006-02-28

Description:

STLport contains an overflow condition in 'src/num_put_float.cpp'. The issue is triggered as user-supplied input is not properly validated when 'cout' is used with 'setw()'. With a local attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 23934 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.

[CLOSE] OSVDB ID : 23548 - Disclosed: 2006-02-28

Description:

Parodia contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'AG_ID' variable upon submission to the agencyprofile.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 23541 - Disclosed: 2006-02-28

Description:

TOPo contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'gTopNombre' variable upon submission to the inc_header.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 23572 - Disclosed: 2006-02-28

Description:

By default, M4 Project's enigma-suite client for Windows installs an account with a default password. The 'enigma-client' account has a password of 'nominal' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 23534 - Disclosed: 2006-02-28

Description:

PHP contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when sendmail paramaters are passed as arguments to the PHP mb_send_mail function. This flaw may lead to a loss of confidentiality or integrity.

[CLOSE] OSVDB ID : 23535 - Disclosed: 2006-02-28

Description:

PHP contains a flaw that may allow a malicious local user to view arbitrary files and create or modify existing files with the same level of privelege as the web server. The issue is triggered when a script misuses the imap_open() function. It is possible that the flaw may allow reading arbitrary files or creating, renaming, or deleting existing files resulting in a loss of confidentiality or integrity.

[CLOSE] OSVDB ID : 23566 - Disclosed: 2006-02-28

Description:

PeHePe Membership Management System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'kuladi' variable upon submission to the 'sol_menu.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 23567 - Disclosed: 2006-02-28

Description:

Membership Management System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to sol_menu.php not properly sanitizing user input supplied to the 'uye_klasor' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 23798 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed.

[CLOSE] OSVDB ID : 23636 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-4504. Reason: This candidate is a duplicate of CVE-2005-4504. Notes: All CVE users should reference CVE-2005-4504 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

[CLOSE] OSVDB ID : 23637 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.

[CLOSE] OSVDB ID : 23638 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.

[CLOSE] OSVDB ID : 23640 - Disclosed: 2006-02-28

Description:

Mac OS X contains an unspecified flaw related to the automount daemon that may allow a malicious file server to cause a denial of service or execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 23641 - Disclosed: 2006-02-28

Description:

Mac OS X contains a flaw that allows an attacker to create archive files which unpack to arbitrary directories which are writable by the current user. The issue is due to the BOM framework not properly sanitizing paths to be written.

[CLOSE] OSVDB ID : 23642 - Disclosed: 2006-02-28

Description:

Mac OS X contains an unspecified flaw related to FileVault that allows user directories to be mounted in an unsafe fashion. No further details have been provided.

[CLOSE] OSVDB ID : 23643 - Disclosed: 2006-02-28

Description:

Mac OS X contains a flaw that may allow a remote denial of service. The issue is triggered when unspecified IPSEC error conditions are handled incorrectly, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 23644 - Disclosed: 2006-02-28

Description:

A local overflow exists in Mac OS X. LibSystem fails to validate requests for large amounts of memory resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23645 - Disclosed: 2006-02-28

Description:

Mac OS X contains a flaw that may allow a malicious user to bypass file validation in Mail. The issue is triggered when unspecified techniques are used to mask a file's true type from Download Validation. It is possible that the flaw may allow a malicious file to bypass validation resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23646 - Disclosed: 2006-02-28

Description:

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the passwd command is used with the option to specify a database to operate on. The passwd command does not verify that the user has permission to create the specified file before proceeding, and may lead to a loss of integrity.

[CLOSE] OSVDB ID : 23647 - Disclosed: 2006-02-28

Description:

Mac OS X contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the passwd program creating temporary files insecurely, using the form /tmp/.pwtmp.<pid> where <pid> is the process id of the passwd process. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23648 - Disclosed: 2006-02-28

Description:

A remote overflow exists in Mac OS X. The rsync server fails to validate extended attributes resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23649 - Disclosed: 2006-02-28

Description:

Mac OS X contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application may allow Javascript embedded in an RSS feed to run in the context of the RSS reader document. This could allow a user to create a specially crafted RSS feed that would execute arbitrary code by circumventing Safari's security model, leading to a loss of integrity.

[CLOSE] OSVDB ID : 23568 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag.

[CLOSE] OSVDB ID : 24681 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed.

[CLOSE] OSVDB ID : 23554 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : SQL injection vulnerability in misc.php in MyBulletinBoard (MyBB) 1.03, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands by setting the comma variable value via the comma parameter in a cookie. NOTE: 1.04 has also been reported to be affected.

[CLOSE] OSVDB ID : 25895 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : The default configuration of ISC BIND, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.

[CLOSE] OSVDB ID : 23699 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : The frontpage option in Limbo CMS 1.0.4.2 and 1.0.4.1 allows remote attackers to execute arbitrary PHP commands via the Itemid parameter in index.php.

[CLOSE] OSVDB ID : 23700 - Disclosed: 2006-02-28

Description:

QwikiWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'page' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 23768 - Disclosed: 2006-02-28

Description:

(Description Provided by CVE) : The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.

[CLOSE] OSVDB ID : 23739 - Disclosed: 2006-02-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23602 - Disclosed: 2006-02-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 31204 - Disclosed: 2006-02-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.

[CLOSE] OSVDB ID : 31205 - Disclosed: 2006-02-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. The second vector might not be XSS.

[CLOSE] OSVDB ID : 31160 - Disclosed: 2006-02-27

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in Top sites de PixelArtKingdom allows remote attackers to include and execute arbitrary files via the page parameter.