[CLOSE] OSVDB ID : 34086 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 31965 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : thttpd before 2.25b-r6 in Gentoo Linux is started from the system root directory (/) by the Gentoo baselayout 1.12.6 package, which allows remote attackers to read arbitrary files.

[CLOSE] OSVDB ID : 33604 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions.php in Omegaboard 1.0beta4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 33605 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in portal.php in Cerulean Portal System 0.7b allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 36027 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in faq.php in ExoPHPDesk 1.2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 36037 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in oku.asp in Hunkaray Duyuru Scripti allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 36038 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in i-search.php in Michelle's L2J Dropcalc 4 and earlier allows remote authenticated users to execute arbitrary SQL commands via the itemid parameter.

[CLOSE] OSVDB ID : 36039 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in lang/leslangues.php in Nicolas Grandjean PHPMyRing 4.1.3b and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fichier parameter.

[CLOSE] OSVDB ID : 36041 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in windows.asp in Fullaspsite Asp Hosting Sitesi allows remote attackers to execute arbitrary SQL commands via the kategori_id parameter.

[CLOSE] OSVDB ID : 36476 - Disclosed: 2007-01-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the IFrame module before 03.02.01 for DotNetNuke (DNN) allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "Pass through values."

[CLOSE] OSVDB ID : 36149 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Internet Explorer on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows attackers to cause a denial of service (application crash and device instability) via unspecified vectors, possibly related to a buffer overflow.

[CLOSE] OSVDB ID : 36148 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Pictures and Videos on Windows Mobile 5.0 and Windows Mobile 2003 and 2003SE for Smartphones and PocketPC allows user-assisted remote attackers to cause a denial of service (device hang) via a malformed JPEG file.

[CLOSE] OSVDB ID : 38129 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be exploitable, such as a heap-based overflow in the check_idx function.

[CLOSE] OSVDB ID : 37351 - Disclosed: 2007-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37353 - Disclosed: 2007-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35848 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in vbDrupal before 4.7.6.0 have unknown impact and remote attack vectors. NOTE: the vector related to Drupal is covered by CVE-2007-0626. These vulnerabilities might be associated with other CVE identifiers.

[CLOSE] OSVDB ID : 34983 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Nortel Networks CallPilot and Meridian Mail voicemail systems, when a mailbox has auto logon enabled, allow remote attackers to retrieve or remove messages, or reconfigure the mailbox, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 34984 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Sprint Nextel Sprint voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 34985 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Alcatel-Lucent Lucent Technologies voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 34986 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : T-Mobile voice mail systems allow remote attackers to retrieve or remove messages, or reconfigure mailboxes, by spoofing Calling Number Identification (CNID, aka Caller ID).

[CLOSE] OSVDB ID : 32949 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : LGSERVER.EXE in BrightStor Mobile Backup 4.0 allows remote attackers to cause a denial of service (disk consumption and daemon hang) via a value of 0xFFFFFF7F at a certain point in an authentication negotiation packet, which writes a large amount of data to a .USX file in CA_BABLDdata\Server\data\transfer\.

[CLOSE] OSVDB ID : 32138 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

[CLOSE] OSVDB ID : 33070 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : show.php in Vlad Alexa Mancini PHPFootball 1.6 allows remote attackers to obtain sensitive information (database contents) via a % (percent) character in the dbfieldv parameter.

[CLOSE] OSVDB ID : 32137 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : The (1) Textimage 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal and the (2) Captcha 4.7.x before 4.7-1.2 and 5.x before 5.x-1.1 module for Drupal allow remote attackers to bypass the CAPTCHA test via an empty captcha element in $_SESSION.

[CLOSE] OSVDB ID : 33034 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

[CLOSE] OSVDB ID : 33035 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

[CLOSE] OSVDB ID : 33036 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in EncapsCMS 0.3.6 allow remote attackers to execute arbitrary PHP code via a URL in the (1) config[path] parameter to (a) common_foot.php or (b) blogs.php, or (2) the config[theme] parameter to (c) admin/gallery_head.php.

[CLOSE] OSVDB ID : 33033 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in zd_numer.php in Galeria Zdjec 3.0 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the galeria parameter, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by zd_numer.php.

[CLOSE] OSVDB ID : 33627 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : ** DISPUTED ** The Speech Recognition feature of Windows Vista allows user-assisted remote attackers to delete arbitrary files, and conduct other unauthorized activities, via a web page with an embedded sound object that contains voice commands to an enabled microphone, allowing for interaction with Windows Explorer. NOTE: the vendor disputes the severity of this issue, stating that "there is little if any need to worry about the effects of this issue on your new Windows Vista installation." Since little user interaction is required, and the relevant operating environment is common, CVE considers this a vulnerability.

[CLOSE] OSVDB ID : 33019 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in include/themes/themefunc.php in MyNews 4.2.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the myNewsConf[path][sys][index] parameter.

[CLOSE] OSVDB ID : 32707 - Disclosed: 2007-01-30

Description:

A local format string flaw exists in Mac OS X. The Help Viewer fails to validate the filename for .help files resulting in possible format string execution. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 32708 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Format string vulnerability in iMovie HD 6.0.3, and Safari in Apple Mac OS X 10.4 through 10.4.10, allows remote user-assisted attackers to cause a denial of service (crash) via format string specifiers in a filename, which is not properly handled when calling the NSRunCriticalAlertPanel Apple AppKit function.

[CLOSE] OSVDB ID : 32709 - Disclosed: 2007-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32710 - Disclosed: 2007-01-30

Description:

Mac OS X contains a flaw that may allow a malicious user to execute arbitrary code via a format string flaw. The issue is triggered when Safari opens a specially crafted HTML file containing a malformed string passed to window.console.log(). It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 32711 - Disclosed: 2007-01-30

Description:

iPhoto contains a format string flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially crafted photo:// string is passed to iPhoto. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 31878 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in Sun Solaris 10 before 20070130 allows remote attackers to cause a denial of service (system crash) via certain ICMP packets.

[CLOSE] OSVDB ID : 33630 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Atsphp 5.0.1 allow remote attackers to execute arbitrary PHP code via a URL in the CONF[path] parameter to (1) index.php, (2) sources/usercp.php, or (3) sources/admin.php. NOTE: Another researcher has disputed this vulnerability, noting that CONF[path] is defined before use in index.php, that CONF[path] inclusion cannot occur through a direct request to other affected files, and that usercp.php is a typo of user_cp.php.

[CLOSE] OSVDB ID : 32198 - Disclosed: 2007-01-30

Description:

Siebel CRM Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a user navigates to the server statistics page (http://www.example.com/[app_name]/_stats.swe. This discloses information about the additional applications installed on the server, the server version, installation location and, if the SessionMonitor parameter is enabled, the session information of the clients connected.

[CLOSE] OSVDB ID : 36018 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions.php in phpBB2-MODificat 0.2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 38131 - Disclosed: 2007-01-30

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Bloodshed Dev-C++ 4.9.9.2 allows user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long line in a .cpp file.