[CLOSE] OSVDB ID : 27796 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in cake/libs/error.php in CakePHP before 1.1.7.3363 allows remote attackers to inject arbitrary web script or HTML via the URL, which is reflected back in a 404 ("Not Found") error page. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 27793 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.

[CLOSE] OSVDB ID : 27794 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in Lhaz before 1.32 allow user-assisted attackers to execute arbitrary code via a long filename in (1) an LHZ archive, when saving the filename during extraction; and (2) an LHZ archive with an invalid CRC checksum, when constructing an error message.

[CLOSE] OSVDB ID : 41607 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.

[CLOSE] OSVDB ID : 27823 - Disclosed: 2006-08-06

Description:

Simplog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'keyw' variables upon submission to the 'archive.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 29083 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in blursoft blur6ex 0.3 allows remote attackers to inject arbitrary web script or HTML via a comment title.

[CLOSE] OSVDB ID : 29100 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.

[CLOSE] OSVDB ID : 29101 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.

[CLOSE] OSVDB ID : 29102 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Fabian Hainz phpCC Beta 4.2 allow remote attackers to execute arbitrary PHP code via a URL in the base_dir parameter to (1) login.php, (2) reactivate.php, or (3) register.php.

[CLOSE] OSVDB ID : 45259 - Disclosed: 2006-08-06

Description:

(Description Provided by CVE) : Microsoft Internet Explorer allows remote attackers to cause a denial of service (crash) via an IFRAME with a certain XML file and XSL stylesheet that triggers a crash in mshtml.dll when a refresh is called, probably a null pointer dereference.

[CLOSE] OSVDB ID : 39605 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Research in Motion BlackBerry Enterprise Server 4.0 through 4.1 has a default configuration that permits installation of arbitrary third-party applications on BlackBerry devices, which might facilitate loading of malware.

[CLOSE] OSVDB ID : 27797 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Sign extension vulnerability in the createBrushIndirect function in the GDI library (gdi32.dll) in Microsoft Windows XP, Server 2003, and possibly other versions, allows user-assisted attackers to cause a denial of service (application crash) via a crafted WMF file.

[CLOSE] OSVDB ID : 27826 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : SQL injection vulnerability in profile.php in XennoBB 2.1.0 and earlier allows remote authenticated users to execute arbitrary SQL commands via the (1) bday_day, (2) bday_month, and (3) bday_year parameters in the personal section.

[CLOSE] OSVDB ID : 27791 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in trackback.php in myWebland myBloggie 2.1.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) title, (2) url, (3) excerpt, or (4) blog_name parameters.

[CLOSE] OSVDB ID : 27792 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : index.php in myWebland myBloggie 2.1.4 and earlier allows remote attackers to obtain sensitive information via a query that only specifies the viewdate mode, which reveals the table prefix in a SQL error message.

[CLOSE] OSVDB ID : 29082 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Fill Threads Database (FTD) 3.7.3 allows remote attackers to inject arbitrary web script or HTML via the (1) search field or (2) an e-mail message.

[CLOSE] OSVDB ID : 29411 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in TinyPortal before 0.8.6 allows remote attackers to inject arbitrary web script or HTML via the shoutbox.

[CLOSE] OSVDB ID : 27807 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.

[CLOSE] OSVDB ID : 27808 - Disclosed: 2006-08-05

Description:

(Description Provided by CVE) : Linksys WRT54g firmware 1.00.9 does not require credentials when making configuration changes, which allows remote attackers to modify arbitrary configurations via a direct request to Security.tri, as demonstrated using the SecurityMode and layout parameters, a different issue than CVE-2006-2559.

[CLOSE] OSVDB ID : 27878 - Disclosed: 2006-08-04

Description:

(Description Provided by CVE) : The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.

[CLOSE] OSVDB ID : 27806 - Disclosed: 2006-08-04

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in auto_check_renewals.php in phpAutoMembersArea (phpAMA) 3.2.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the installed_config_file parameter.

[CLOSE] OSVDB ID : 29780 - Disclosed: 2006-08-04

Description:

By default, Spam Firewall contains hard-coded admin and guest accounts. The guest account, with a password of 'bnadmin99' may allow an attacker to access the contents of arbitrary files, leading to a loss of confidentiality. With the admin account, an attacker could make arbitrary changes to the system, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27779 - Disclosed: 2006-08-04

Description:

vBulletin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_tmp[csscolors]' variable upon submission to the /forum/mods/global.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27795 - Disclosed: 2006-08-04

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in Beautifier/Core.php in Brad Fears phpCodeCabinet 0.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the BEAUT_PATH parameter.

[CLOSE] OSVDB ID : 27824 - Disclosed: 2006-08-04

Description:

PHP contains a flaw that may allow a context-dependent attacker to elevate privileges. The issue is due to the sscanf function in scanf.c not properly sanitizing user-supplied input. Passing a crafted string to this function may trigger a buvver over-read allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 29081 - Disclosed: 2006-08-04

Description:

(Description Provided by CVE) : Buffer overflow in the preview_create function in gui.cpp in Mitch Murray Eremove 1.4 allows remote attackers to cause a denial of service (application crash), and possibly execute arbitrary code, via a large email attachment.

[CLOSE] OSVDB ID : 27766 - Disclosed: 2006-08-04

Description:

ME Download System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/sett_style.php not properly sanitizing user input supplied to the 'Vb8878b936c2bd8ae0cab' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27767 - Disclosed: 2006-08-04

Description:

ME Download System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/sett_smilies.php not properly sanitizing user input supplied to the 'Vb8878b936c2bd8ae0cab' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27768 - Disclosed: 2006-08-04

Description:

ME Download System contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to inc/datei.php not properly sanitizing user input supplied to the 'Vb6c4d0e18a204a63b38f', 'V18a78b93c3adaaae84e2' and 'V9ae5d2ca9e9e787969ff' variables. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29777 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, which makes it easier for remote attackers to conduct offline brute force attacks. NOTE: this script might also allow attackers to generate the server-side "secret" URL without determining the original password, but this possibility was not discussed by the original researcher.

[CLOSE] OSVDB ID : 27760 - Disclosed: 2006-08-03

Description:

CME (CallManager Express) contains unspecified flaw(s) that may lead to an unauthorized information disclosure.  The issue is triggered when receiving specially crafted SIP (Session Initiation Protocol) messages, which will disclose usernames from the SIP user directory resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 41608 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : IBM WebSphere Application Server (WAS) 5.0 through 5.1.1.0 allows remote attackers to obtain JSP source code and other sensitive information via certain "special URIs."

[CLOSE] OSVDB ID : 27750 - Disclosed: 2006-08-03

Description:

PC Tools AntiVirus contains a flaw that may allow an attacker to gain access to unauthorized privileges. The "Everyone" group is granted full control of the "PC Tools AntiVirus" directory and all child objects by default, allowing a local attacker to add, delete, or manipulate application files.

[CLOSE] OSVDB ID : 27785 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.

[CLOSE] OSVDB ID : 27786 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."

[CLOSE] OSVDB ID : 27787 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : Unspecified vulnerability in CA eTrust Antivirus WebScan allows remote attackers to execute arbitrary code due to "improper bounds checking when processing certain user input."

[CLOSE] OSVDB ID : 27749 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : preview_email.cgi in Barracuda Spam Firewall (BSF) 3.3.01.001 through 3.3.03.053 allows remote attackers to execute commands via shell metacharacters ("|" pipe symbol) in the file parameter. NOTE: the attack can be extended to arbitrary commands by the presence of CVE-2006-4000.

[CLOSE] OSVDB ID : 27757 - Disclosed: 2006-08-03

Description:

(Description Provided by CVE) : Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.

[CLOSE] OSVDB ID : 27782 - Disclosed: 2006-08-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27783 - Disclosed: 2006-08-03

Description:

Unknown / Incomplete