[CLOSE] OSVDB ID : 29355 - Disclosed: 2006-08-18

Description:

PHlyMail Lite has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the mod.output.php script not properly sanitizing user input supplied to the '_PM_[path][handler]' variable. However, the script must be called directly to manipulate this variable, but in calling the script directly it will die without code execution.

[CLOSE] OSVDB ID : 29351 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : The Terminal Services COM object (tsuserex.dll) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by instantiating it as an ActiveX object in Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN.

[CLOSE] OSVDB ID : 28100 - Disclosed: 2006-08-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28098 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 28096 - Disclosed: 2006-08-18

Description:

Joomla Rssxt has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. Subsequent evaluation has revealed that for each script, an attacker does not have the ability to manipulate the variable.

[CLOSE] OSVDB ID : 28095 - Disclosed: 2006-08-18

Description:

Joomla x-shop has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to the admin.x-shop script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 30716 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : idmlib.sh in nxdrv in Novell Identity Manager (IDM) 3.0.1 allows local users to execute arbitrary commands via unspecified vectors, possibly involving the " (quote) and \ (backslash) characters and eval injection.

[CLOSE] OSVDB ID : 28089 - Disclosed: 2006-08-18

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in MamboLogin.php in the MamboWiki component (com_mambowiki) 0.9.6 and earlier for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the IP parameter.

[CLOSE] OSVDB ID : 28151 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_phpshop.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28152 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_phpshop_allinone.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28153 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_phpshop_cart.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28154 - Disclosed: 2006-08-18

Description:

mambo-phpShup contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_phpshop_featureprod.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28155 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_phpshop_latestprod.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28156 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_product_categories.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28157 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mod_productscroller.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28158 - Disclosed: 2006-08-18

Description:

mambo-phpShop contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to mosproductsnap.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 84079 - Disclosed: 2006-08-18

Description:

PHP on Win32 contains a flaw that may allow a denial of service. The issue is triggered when an error occurs in the GetNamedPipeInfo() function during the handling of streams. This will result in loss of availability for the program.

[CLOSE] OSVDB ID : 52440 - Disclosed: 2006-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29477 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in pageheaderdefault.inc.php in Invisionix Roaming System Remote (IRSR) 0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the _sysSessionPath parameter.

[CLOSE] OSVDB ID : 29476 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : SQL injection vulnerability in torrents.php in WebTorrent (WTcom) 0.2.4 and earlier allows remote attackers to execute arbitrary SQL commands via the cat parameter in category mode.

[CLOSE] OSVDB ID : 27997 - Disclosed: 2006-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27998 - Disclosed: 2006-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32195 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

[CLOSE] OSVDB ID : 29185 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux.

[CLOSE] OSVDB ID : 29183 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in bos.net.tcp.client in IBM AIX 5.2.0 and 5.3.0 allows local users to execute arbitrary commands via unspecified vectors involving /etc/slip.login.

[CLOSE] OSVDB ID : 27960 - Disclosed: 2006-08-17

Description:

A vulnerability which affects the as_bad() function of the GNU Binutils Assembler can be exploited by tricking a user into assembling a specially crafted source file. Successful exploitation can execute arbitrary code under the context of the logged on user.

[CLOSE] OSVDB ID : 28783 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

[CLOSE] OSVDB ID : 27989 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 27990 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 27971 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in archive.php in the mosListMessenger Component (com_lm) before 20060719 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 27991 - Disclosed: 2006-08-17

Description:

a6MamboCredits contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to administrator/components/com_a6mambocredits/admin.a6mambocredits.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27999 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.

[CLOSE] OSVDB ID : 28001 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Integer overflow in memory allocation routines in PHP before 5.1.6, when running on a 64-bit system, allows context-dependent attackers to bypass the memory_limit restriction.

[CLOSE] OSVDB ID : 28002 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Buffer overflow in the LWZReadByte_ function in ext/gd/libgd/gd_gif_in.c in the GD extension in PHP before 5.1.5 allows remote attackers to have an unknown impact via a GIF file with input_code_size greater than MAX_LWZ_BITS, which triggers an overflow when initializing the table array.

[CLOSE] OSVDB ID : 28003 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

[CLOSE] OSVDB ID : 28004 - Disclosed: 2006-08-17

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.

[CLOSE] OSVDB ID : 28005 - Disclosed: 2006-08-17

Description:

PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to the imap_body() function not properly sanitizing user-supplied input. By using crafted input, an attacker may be able to bypass the safe_mode and open_basedir security restrictions.

[CLOSE] OSVDB ID : 28006 - Disclosed: 2006-08-17

Description:

PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to the error_log() function not properly sanitizing user-supplied input. By using crafted input, an attacker may be able to bypass the safe_mode and open_basedir security restrictions.

[CLOSE] OSVDB ID : 28007 - Disclosed: 2006-08-17

Description:

PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to the file_exists() function not properly sanitizing user-supplied input. By using crafted input, an attacker may be able to bypass the safe_mode and open_basedir security restrictions.

[CLOSE] OSVDB ID : 28009 - Disclosed: 2006-08-17

Description:

PHP contains a flaw that may allow an attacker to bypass security restrictions. The issue is due to the imap_reopen() function not properly sanitizing user-supplied input. By using crafted input, an attacker may be able to bypass the safe_mode and open_basedir security restrictions.