| OSVDB ID | Disclosure Date | Title |
|
32320
Description:
(Description Provided by CVE) : Groupee UBB.threads 6.5.1.1 allows remote attackers to obtain sensitive information via a direct request for cron/php/subscriptions.php, which reveals the path in an error message.
|
2006-09-29
|
UBB.threads cron/php/subscriptions.php Direct Request Path Disclosure
|
|
32321
Description:
(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
|
2006-09-29
|
UBB.threads admin/doedittheme.php theme[] Variable PHP Code Injection
|
|
32322
Description:
(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
|
2006-09-29
|
UBB.threads admin/doeditconfig.php config[] Variable PHP Code Injection
|
|
32323
Description:
(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
|
2006-09-29
|
UBB.threads dorateuser.php config[path] Variable PHP Code Injection
|
|
32324
Description:
(Description Provided by CVE) : Multiple direct static code injection vulnerabilities in Groupee UBB.threads 6.5.1.1 allow remote attackers to (1) inject PHP code via a theme[] array parameter to admin/doedittheme.php, which is injected into includes/theme.inc.php; (2) inject PHP code via a config[] array parameter to admin/doeditconfig.php, and then execute the code via includes/config.inc.php; and inject a reference to PHP code via a URL in the config[path] parameter, and then execute the code via (3) dorateuser.php, (4) calendar.php, and unspecified other scripts.
|
2006-09-29
|
UBB.threads calendar.php config[path] Variable PHP Code Injection
|
|
32325
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ubbt.inc.php in Groupee UBB.threads 6.5.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[thispath] or (2) GLOBALS[configdir] parameter.
|
2006-09-29
|
UBB.threads ubbt.inc.php Multiple Variable Remote File Inclusion
|
|
29458
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
|
2006-09-29
|
Mercury SiteScope Create Name Fields XSS
|
|
29459
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Mercury SiteScope 8.2 (8.1.2.0) allow remote authenticated users to inject arbitrary web script or HTML via (1) "any field create name field" except "create new group name" or (2) any description field.
|
2006-09-29
|
Mercury SiteScope Description Field XSS
|
|
29413
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 search.php repertorylevel Variable Remote File Inclusion
|
|
29414
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 message.php repertorylevel Variable Remote File Inclusion
|
|
29415
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 member.php repertorylevel Variable Remote File Inclusion
|
|
29416
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 mail.php repertorylevel Variable Remote File Inclusion
|
|
29417
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 lostpassword.php repertorylevel Variable Remote File Inclusion
|
|
29418
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 gesfil.php repertorylevel Variable Remote File Inclusion
|
|
29419
Description:
(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts.
|
2006-09-29
|
Forum82 forum82lib.php3 repertorylevel Variable Remote File Inclusion
|
|
29420
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter.
|
2006-09-29
|
VideoDB core/pdf.php config[pdf_module] Variable Remote File Inclusion
|
|
29312
Description:
(Description Provided by CVE) : Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
|
2006-09-29
|
ffmpeg libavcodec Multiple Overflows
|
|
29452
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
|
2006-09-29
|
ConPresso CMS detail.php nr Variable XSS
|
|
29453
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
|
2006-09-29
|
ConPresso CMS db_mysql.inc.php msg Variable XSS
|
|
29454
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Bartels Schoene ConPresso before 4.0.5a allow remote attackers to inject arbitrary web script or HTML via (1) the nr parameter in detail.php, (2) the msg parameter in db_mysql.inc.php, and (3) the pos parameter in index.php.
|
2006-09-29
|
ConPresso CMS index.php pos Variable XSS
|
|
29455
Description:
(Description Provided by CVE) : SQL injection vulnerability in index.php in Bartels Schoene ConPresso before 4.0.5a allows remote attackers to execute arbitrary SQL commands via the nr parameter.
|
2006-09-29
|
ConPresso CMS index.php nr Variable SQL Injection
|
|
29293
Description:
TagIt! Tagboard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'page' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2006-09-29
|
TagIt! Tagboard index.php page Variable Remote File Inclusion
|
|
29485
Description:
(Description Provided by CVE) : SQL injection vulnerability in modules/Downloads/admin.php in the Admin section of PostNuke 0.762 allows remote attackers to execute arbitrary SQL commands via the hits parameter.
|
2006-09-29
|
PostNuke admin.php hits Variable SQL Injection
|
|
29290
Description:
PHProjekt contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered because the input supplied to 'lib_path' and 'lang_path' variables is not properly verified. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2006-09-29
|
PHProjekt Multiple Global Variable Remote File Inclusion
|
|
29432
Description:
(Description Provided by CVE) : Buffer overflow in NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to execute arbitrary code via "the signature field of NTLM Type 1 messages".
|
2006-09-29
|
MailEnable NTLM Type 1 Message Signature Field Overflow
|
|
29433
Description:
(Description Provided by CVE) : The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
|
2006-09-29
|
MailEnable NTLM Authentication Type 3 Message Unspecified Code Execution
|
|
29434
Description:
(Description Provided by CVE) : The NTLM authentication in MailEnable Professional 2.0 and Enterprise 2.0 allows remote attackers to (1) execute arbitrary code via unspecified vectors involving crafted base64 encoded NTLM Type 3 messages, or (2) cause a denial of service via crafted base64 encoded NTLM Type 1 messages, which trigger a buffer over-read.
|
2006-09-29
|
MailEnable NTLM Authentication base64 Type 1 Message DoS
|
|
29989
Description:
(Description Provided by CVE) : Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage function in coders/dcm.c, or (2) a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c.
|
2006-09-29
|
ImageMagick coders/dcm.c Unspecified Overflow
|
|
29284
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the IP Address Lookup functionality in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allows remote attackers to inject arbitrary web script and HTML via the ip parameter.
|
2006-09-29
|
BSQ Sitestats for Joomla IP Address Lookup ip Field XSS
|
|
29285
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
|
2006-09-29
|
BSQ Sitestats for Joomla ip-to-country.csv Import Multiple Field SQL Injection
|
|
29286
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in BSQ Sitestats (component for Joomla) 1.8.0, and possibly other versions before 2.2.1, allow remote attackers to execute arbitrary SQL commands via (1) unspecified parameters when importing the (a) ip-to-country.csv file; and the (2) HTTP Referer, (3) HTTP User Agent, and (4) HTTP Accept Language headers to (b) bsqtemplateinc.php.
|
2006-09-29
|
BSQ Sitestats for Joomla bsqtemplateinc.php Multiple HTTP Header SQL Injection
|
|
29287
Description:
BSQ Sitestats for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to rssfeeds.php not properly sanitizing user input supplied to the 'baseDir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2006-09-29
|
BSQ Sitestats for Joomla rssfeeds.php baseDir Variable Remote File Inclusion
|
|
29283
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions_kb.php in the phpBB XS 2 (Spain version) allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter, a different vector than CVE-2006-4780 or CVE-2006-4893.
|
2006-09-29
|
phpBB XS includes/functions_kb.php phpbb_root_path Variable Remote File Inclusion
|
|
29281
Description:
(Description Provided by CVE) : Directory traversal vulnerability in kgcall.php in KGB 1.87 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the engine parameter, as demonstrated by uploading a file containing PHP code with an image/jpeg content type, and then referencing this file through the engine parameter.
|
2006-09-29
|
Skrypty KGB kgcall.php engine Variable Local File Inclusion
|
|
29372
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in John Himmelman (aka DaRk2k1) PowerPortal 1.3a allows remote attackers to execute arbitrary PHP code via a URL in the file_name[] parameter.
|
2006-09-29
|
PowerPortal index.php file_name[] Variable Remote File Inclusion
|
|
41854
Description:
(Description Provided by CVE) : Mercury SiteScope 8.2 (8.1.2.0) allows remote authenticated users to cause a denial of service (loss of connectivity to the classic interface) via attempted HTML injection into the "new monitor description" field.
|
2006-09-29
|
Mercury SiteScope Remote New Monitor Description Field DoS
|
|
41855
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Password Reset Tool before 0.4.1 on Plone 2.5 and 2.5.1 Release Candidate allows attackers to reset the passwords of other users, related to "an erroneous security declaration."
|
2006-09-29
|
Plone Password Reset Tool Arbitrary Password Reset
|
|
29266
Description:
OpenSSH, when configured to use GSSAPI authentication, is prone to a remote information disclosure weakness. The issue occurs due to the GSSAPI authentication routine responding differently to an attacker who lets the connection proceed normally versus aborting the connection prematurely. This different in the system's response allows an attacker to determine which accounts are valid.
|
2006-09-29
|
OpenSSH GSSAPI Authentication Abort Username Enumeration
|
|
37968
Description:
(Description Provided by CVE) : SQL injection vulnerability in display.php in Lappy512 PHP Krazy Image Host Script (phpkimagehost) 0.7a allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
2006-09-29
|
PHP Krazy Image Host Script display.php id Variable SQL Injection
|
|
30908
Description:
Unknown / Incomplete
|
2006-09-28
|
phpBB XS bbcb_mg.phpd phpbb_root_path Variable Remote File Inclusion
|