[CLOSE] OSVDB ID : 32320 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.

[CLOSE] OSVDB ID : 32321 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

[CLOSE] OSVDB ID : 32322 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

[CLOSE] OSVDB ID : 32323 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

[CLOSE] OSVDB ID : 32324 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.

[CLOSE] OSVDB ID : 32325 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.

[CLOSE] OSVDB ID : 29458 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.

[CLOSE] OSVDB ID : 29459 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.

[CLOSE] OSVDB ID : 29413 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29414 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29415 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29416 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29417 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29418 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29419 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.

[CLOSE] OSVDB ID : 29420 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.

[CLOSE] OSVDB ID : 29312 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.

[CLOSE] OSVDB ID : 29452 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.

[CLOSE] OSVDB ID : 29453 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.

[CLOSE] OSVDB ID : 29454 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.

[CLOSE] OSVDB ID : 29455 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.

[CLOSE] OSVDB ID : 29293 - Disclosed: 2006-09-29

Description:

TagIt! Tagboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29485 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.

[CLOSE] OSVDB ID : 29290 - Disclosed: 2006-09-29

Description:

PHProjekt contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered because the input supplied to 'lib_path' and 'lang_path' variables is not properly verified. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29432 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".

[CLOSE] OSVDB ID : 29433 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.

[CLOSE] OSVDB ID : 29434 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.

[CLOSE] OSVDB ID : 29989 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.

[CLOSE] OSVDB ID : 29284 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.

[CLOSE] OSVDB ID : 29285 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

[CLOSE] OSVDB ID : 29286 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.

[CLOSE] OSVDB ID : 29287 - Disclosed: 2006-09-29

Description:

BSQ Sitestats for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to rssfeeds.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 29283 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893.

[CLOSE] OSVDB ID : 29281 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.

[CLOSE] OSVDB ID : 29372 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.

[CLOSE] OSVDB ID : 41854 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.

[CLOSE] OSVDB ID : 41855 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."

[CLOSE] OSVDB ID : 29266 - Disclosed: 2006-09-29

Description:

OpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.

[CLOSE] OSVDB ID : 37968 - Disclosed: 2006-09-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 30908 - Disclosed: 2006-09-28

Description:

Unknown / Incomplete