[CLOSE] OSVDB ID : 23569 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : Directory traversal vulnerability in HP System Management Homepage (SMH) 2.0.0 through 2.1.4 on Windows allows remote attackers to access certain files via unspecified vectors.

[CLOSE] OSVDB ID : 23191 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability.

[CLOSE] OSVDB ID : 22973 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

[CLOSE] OSVDB ID : 22974 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php.

[CLOSE] OSVDB ID : 23154 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in cms/index.php in Magic Calendar Lite 1.02, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) $total_login and (2) $total_password parameter.

[CLOSE] OSVDB ID : 23176 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : settings.php in Reamday Enterprises Magic Downloads 1.1.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

[CLOSE] OSVDB ID : 23177 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in preview.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the php_script_path parameter.

[CLOSE] OSVDB ID : 23178 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : profile.php in Reamday Enterprises Magic News Lite 1.2.3, when register_globals is enabled, allows remote attackers to modify program behavior, potentially bypassing authentication controls, via modified (1) action, (2) passwd, (3) admin_password, (4) new_passwd, and (5) confirm_passwd variables, which are not initialized.

[CLOSE] OSVDB ID : 22989 - Disclosed: 2006-02-09

Description:

Indexu contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'base_path' variable upon submission to the application.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 30949 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Pioneers meta-server before 0.9.55, when the server-console is not installed, allows remote attackers to cause a denial of service (crash) via certain requests from an older gnocatan client to create a new game.

[CLOSE] OSVDB ID : 22997 - Disclosed: 2006-02-08

Description:

WiredRed e/pop Conferencing software contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the topic name upon submission to the public or private conference. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 22972 - Disclosed: 2006-02-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 22971 - Disclosed: 2006-02-08

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'fwd' variable upon submission to the 'dowebmailforward.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25230 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service (crash) via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read.

[CLOSE] OSVDB ID : 23058 - Disclosed: 2006-02-08

Description:

CPG-Nuke Dragonfly CMS contains a flaw that allows a remote attacker to include outside of the web path. The issue is due to the install.php not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'newlang' variable. This flaw permits the inclusion of files controlled by remote user input, which may be leveraged to execute arbitrary code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23086 - Disclosed: 2006-02-08

Description:

SPIP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the spip_rss.php script not properly sanitizing user input supplied to the 'type_urls' variable. This may allow an attacker to include an arbitrary file from the local system that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 23087 - Disclosed: 2006-02-08

Description:

SPIP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'spip_acces_doc.php3' script not properly sanitizing user-supplied input to the 'file' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23173 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : edituser.php in TTS Time Tracking Software 3.0 does not verify that the name and password are correct, which allows remote attackers to overwrite arbitrary data belonging to any account.

[CLOSE] OSVDB ID : 23174 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in TTS Time Tracking Software 3.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 23175 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Registration Form in TTS Time Tracking Software 3.0 allows remote attackers to inject arbitrary web script or HTML via the UserName parameter.

[CLOSE] OSVDB ID : 23126 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Buffer overflow in the arp command of IBM AIX 5.3 L, 5.3, 5.2.2, 5.2 L, and 5.2 allows local users to cause a denial of service (crash) via a long iftype argument.

[CLOSE] OSVDB ID : 23039 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 23198 - Disclosed: 2006-02-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 22996 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite.

[CLOSE] OSVDB ID : 22969 - Disclosed: 2006-02-08

Description:

Whomp! Real Estate Manager XP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login function not properly sanitizing user-supplied input to the 'username' or 'password' fields. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23044 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

[CLOSE] OSVDB ID : 23045 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

[CLOSE] OSVDB ID : 23046 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

[CLOSE] OSVDB ID : 23047 - Disclosed: 2006-02-08

Description:

(Description Provided by CVE) : Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the (1) Simple Service Discovery Protocol (SSDP), (2) Universal Plug and Play Device Host (UPnP), (3) NetBT, (4) SCardSvr, (5) DHCP, and (6) DnsCache services, aka "Permissive Windows Services DACLs." NOTE: the NetBT, SCardSvr, DHCP, DnsCache already require privileged access to exploit.

[CLOSE] OSVDB ID : 22970 - Disclosed: 2006-02-07

Description:

(Description Provided by CVE) : Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing opcontrol using sudo. In such a context, this is a vulnerability.

[CLOSE] OSVDB ID : 23509 - Disclosed: 2006-02-07

Description:

GA's Forum Light has been reported to contain an SQL injection issue in the archive.asp script. Subsequent testing by SecurityTracker after the vendor disputed the issue indicates the software uses flat files to store data, not a back-end database. Therefore, the SQL injection report is incorrect and was likely diagnosed due to a vbscript parsing error.

[CLOSE] OSVDB ID : 23156 - Disclosed: 2006-02-07

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.

[CLOSE] OSVDB ID : 23157 - Disclosed: 2006-02-07

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Carey Briggs PHP/MYSQL Timesheet 1 and 2 allow remote attackers to execute arbitrary SQL commands via the (1) yr, (2) month, (3) day, and (4) job parameters in (a) index.php and (b) changehrs.php.

[CLOSE] OSVDB ID : 22987 - Disclosed: 2006-02-07

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Lexmark Printer Sharing LexBce Server Service (LexPPS), possibly 8.29 and 9.41, allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: This information is based on a vague initial disclosure; details will be updated after the grace period has ended.

[CLOSE] OSVDB ID : 22988 - Disclosed: 2006-02-07

Description:

(Description Provided by CVE) : Lexmark X1185 printer allows local users to gain SYSTEM privileges by navigating to the "Appearance" dialog and selecting the "Additional styles (skins) are available on the Lexmark web site" option, which launches a web browser that is running with SYSTEM privileges.

[CLOSE] OSVDB ID : 23005 - Disclosed: 2006-02-07

Description:

(Description Provided by CVE) : The crypt_gensalt functions for BSDI-style extended DES-based and FreeBSD-sytle MD5-based password hashes in crypt_blowfish 0.4.7 and earlier do not evenly and randomly distribute salts, which makes it easier for attackers to guess passwords from a stolen password file due to the increased number of collisions.

[CLOSE] OSVDB ID : 22958 - Disclosed: 2006-02-07

Description:

QNX Neutrino RTOS contains a flaw that may allow a local user to gain elevated privileges. The issue is due to the /etc/rc.d/rc.local file installing with world writeable permissions. This allows any user to add arbitrary commands that will be executed with root privileges upon the next system startup.

[CLOSE] OSVDB ID : 22959 - Disclosed: 2006-02-07

Description:

A local overflow exists in QNX Neutrino RTOS. The 'passwd' binary fails to properly check user-supplied input as the first argument to the program resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code with root priveleges.

[CLOSE] OSVDB ID : 22960 - Disclosed: 2006-02-07

Description:

QNX Neutrino RTOS contains a flaw that may allow a local denial of service. The issue is triggered when a local user sends a crafted break signal (0xb032d59) to the gdb utility, and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 22961 - Disclosed: 2006-02-07

Description:

A local overflow exists in QNX Neutrino RTOS. The 'su' binary fails to properly check user-supplied input as the first argument to the program resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code with root priveleges.