| OSVDB ID | Disclosure Date | Title |
|
33868
Description:
HyperBook Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting data/gbconfiguration.dat directly, which will disclose the administrator's MD5 password hash to a remote attacker.
|
2007-02-28
|
HyperBook Guestbook data/gbconfiguration.dat Direct Request Information Disclosure
|
|
33835
Description:
(Description Provided by CVE) : SQL injection vulnerability in inlinemod.php in Jelsoft vBulletin before 3.5.8, and before 3.6.5 in the 3.6.x series, might allow remote authenticated users to execute arbitrary SQL commands via the postids parameter. NOTE: the vendor states that the attack is feasible only in circumstances "almost impossible to achieve."
|
2007-02-28
|
vBulletin inlinemod.php postids Parameter SQL Injection
|
|
33621
Description:
(Description Provided by CVE) : Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
|
2007-02-28
|
SQL-Ledger users Blacklist String Bypass
|
|
33619
Description:
(Description Provided by CVE) : Directory traversal vulnerability in SQL-Ledger, and LedgerSMB before 1.1.5, allows remote attackers to read and overwrite arbitrary files, and execute arbitrary code, via . (dot) characters adjacent to (1) users and (2) users/members strings, which are removed by blacklisting functions that filter these strings and collapse into .. (dot dot) sequences.
|
2007-02-28
|
LedgerSMB users Blacklist String Bypass
|
|
33854
Description:
(Description Provided by CVE) : Unspecified vulnerability in Lenovo Intel PRO/1000 LAN adapter before Build 135400, as used on IBM Lenovo ThinkPad systems, has unknown impact and attack vectors.
|
2007-02-28
|
Lenovo Intel PRO/1000 LAN Adapter Software Unspecified Issue
|
|
33897
Description:
(Description Provided by CVE) : Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
|
2007-02-28
|
Adobe Reader PDF file:// URI Arbitrary File Access
|
|
33067
Description:
(Description Provided by CVE) : Unspecified vulnerability in Cisco IOS 12.2SXA, SXB, SXD, and SXF; and the MSFC2, MSFC2a and MSFC3 running in Hybrid Mode on Cisco Catalyst 6000, 6500 and Cisco 7600 series systems; allows remote attackers on a local network segment to cause a denial of service (software reload) via a certain MPLS packet.
|
2007-02-28
|
Cisco Catalyst Hybrid Mode Malformed MPLS Packet Remote DoS
|
|
33833
Description:
(Description Provided by CVE) : Unspecified vulnerability in Citrix Presentation Server Client for Windows before 10.0 allows remote web sites to execute arbitrary code via unspecified vectors, related to the implementation of ICA connectivity through proxy servers.
|
2007-02-28
|
Citrix Presentation Server Client Unspecified Remote Code Execution
|
|
33066
Description:
(Description Provided by CVE) : The Network Analysis Module (NAM) in Cisco Catalyst Series 6000, 6500, and 7600 allows remote attackers to execute arbitrary commands via certain SNMP packets that are spoofed from the NAM's own IP address.
|
2007-02-28
|
Cisco Catalyst Network Analysis Module (NAM) Spoofed SNMP Packet Arbitrary Command Execution
|
|
34486
Description:
(Description Provided by CVE) : The Social Bookmarks (del.icio.us) plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file.
|
2007-02-28
|
Social Bookmarks (del.icio.us) Plug-in for 8F Console.log Cleartext Password Disclosure
|
|
33817
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Epiware before 4.7.5 have unknown impact and attack vectors, possibly related to cross-site scripting (XSS) and other unspecified issues.
|
2007-02-28
|
Epiware Project and Document Management Multiple Unspecified Issues
|
|
34955
Description:
(Description Provided by CVE) : Norman SandBox Analyzer does not use the proper range for Interrupt Descriptor Table (IDT) entries, which allows local users to determine that the local machine is an emulator, or a similar environment not based on a physical Intel processor, which allows attackers to produce malware that is more difficult to analyze.
|
2007-02-28
|
Norman SandBox Analyzer Interrupt Descriptor Table (IDT) Entry Information Disclosure
|
|
34956
Description:
(Description Provided by CVE) : Integer overflow in the envwrite function in the Alcatel-Lucent Bell Labs Plan 9 kernel allows local users to overwrite certain memory addresses with kernel memory via a large n argument, as demonstrated by (1) modifying the iseve function to gain privileges and (2) making the devpermcheck function grant unrestricted device permissions.
|
2007-02-28
|
Plan 9 Kernel envwrite Function Local Overflow
|
|
35913
Description:
(Description Provided by CVE) : Mozilla Firefox 2.0.0.2 allows remote attackers to spoof the address bar, favicons, and document source, and perform updates in the context of arbitrary websites, by repeatedly setting document.location in the onunload attribute when linking to another website, a variant of CVE-2007-1092.
|
2007-02-27
|
Mozilla Firefox onunload Attribute document.location Spoofing
|
|
33832
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in chooser.cgi in Webmin before 1.330 and Usermin before 1.260 allow remote attackers to inject arbitrary web script or HTML via a crafted filename.
|
2007-02-27
|
Webmin/Usermin chooser.cgi Crafted Filename XSS
|
|
34361
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/functions.php in WordPress before 2.1.2-alpha allow remote attackers to inject arbitrary web script or HTML via (1) the Referer HTTP header or (2) the URI, a different vulnerability than CVE-2007-1049.
|
2007-02-27
|
WordPress wp-includes/functions.php Multiple Method XSS
|
|
33792
Description:
(Description Provided by CVE) : Audins Audiens 3.3 allows remote attackers to bypass authentication and perform certain privileged actions, possibly an uninstall of the product, by calling unistall.php with the values cnf=disinstalla and status=on. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-02-27
|
Audins Audiens unistall.php Authentication Bypass
|
|
33781
Description:
(Description Provided by CVE) : Directory traversal vulnerability in index.php in the Pagesetter 6.2.0 through 6.3.0 beta 5 module for PostNuke allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter.
|
2007-02-27
|
Pagesetter for PostNuke index.php id Parameter Traversal Arbitrary File Access
|
|
33797
Description:
(Description Provided by CVE) : VShieldCheck in McAfee VirusScan for Mac (Virex) before 7.7 patch 1 allow local users to change permissions of arbitrary files via a symlink attack on /Library/Application Support/Virex/VShieldExclude.txt, as demonstrated by symlinking to the root crontab file to execute arbitrary commands.
|
2007-02-27
|
McAfee VirusScan for Mac (Virex) VShieldExclude.txt Symlink Arbitrary File Permission Modification
|
|
33798
Description:
(Description Provided by CVE) : McAfee VirusScan for Mac (Virex) before 7.7 patch 1 has weak permissions (0666) for /Library/Application Support/Virex/VShieldExclude.txt, which allows local users to reconfigure Virex to skip scanning of arbitrary files.
|
2007-02-27
|
McAfee VirusScan for Mac (Virex) VShieldExclude.txt Symlink Arbitrary File Scan Bypass
|
|
33793
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Nullsoft ShoutcastServer 1.9.7 allows remote attackers to inject arbitrary web script or HTML via the top-level URI on the Incoming interface (port 8001/tcp), which is not properly handled in the administrator interface when viewing the log file.
|
2007-02-27
|
SHOUTcast Incoming Interface Logfile XSS
|
|
34349
Description:
Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search script not properly sanitizing user-supplied input to the search variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2007-02-27
|
WordPress Search Function SQL Injection
|
|
34635
Description:
Admin Phorum contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'actions/del.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2007-02-27
|
Admin Phorum actions/del.php include_path Parameter Remote File Inclusion
|
|
36001
Description:
(Description Provided by CVE) : Grok Developments NetProxy 4.03 allows remote attackers to bypass URL filtering via a request that omits "http://" from the URL and specifies the destination port (:80).
|
2007-02-27
|
NetProxy Crafted URL Port Specification URL Filtering Bypass
|
|
36002
Description:
(Description Provided by CVE) : The connection log file implementation in Grok Developments NetProxy 4.03 does not record requests that omit http:// in a URL, which might allow remote attackers to conduct unauthorized activities and avoid detection.
|
2007-02-27
|
NetProxy Crafted URL Logging Bypass
|
|
34959
Description:
(Description Provided by CVE) : The Hypervisor in Microsoft Xbox 360 kernel 4532 and 4548 allows attackers with physical access to force execution of the hypervisor syscall with a certain register set, which bypasses intended code protection.
|
2007-02-27
|
Microsoft Xbox 360 Hypervisor Syscall Bypass Arbitrary Code Access
|
|
32290
Description:
CA eTrust Intrusion Detection contain a flaw that may allow a remote denial of service. The issue is due to the application failing to properly validate key length values during authentication and is triggered when a remote attacker sends a specially crafted packet containing a long key length value to the remote administration port (9191/TCP). This causes a heap-based buffer overflow in SW3eng.exe in the eID Engine, resulting in loss of availability for the service.
|
2007-02-27
|
CA eTrust Intrusion Detection SW3eng.exe Key Length Value Remote DoS
|
|
92803
Description:
CommuniGate Pro Webmail contains a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via email replies during the parsing of arbitrary content. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2007-02-27
|
CommuniGate Pro Webmail Email Reply Content Parsing XSS
|
|
35994
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in setup.php in Audins Audiens 3.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-02-26
|
Audins Audiens setup.php PATH_INFO Parameter XSS
|
|
33787
Description:
(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
|
2007-02-26
|
WordPress wp-admin/post.php Delete Action CSRF
|
|
33788
Description:
(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
|
2007-02-26
|
WordPress wp-admin/post.php post Parameter XSS
|
|
33816
Description:
(Description Provided by CVE) : The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program that calls the TIOCSTI ioctl.
|
2007-02-26
|
Apache HTTP Server on Debian Linux TTY Local Privilege Escalation
|
|
33777
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in downloadcounter.php in STWC-Counter 3.4.0.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the stwc_counter_verzeichniss parameter.
|
2007-02-26
|
STWC-Counter downloadcounter.php stwc_counter_verzeichniss Parameter Remote File Inclusion
|
|
34085
Description:
Unknown / Incomplete
|
2007-02-26
|
Phorum admin.php upgradefile Parameter XSS
|
|
34631
Description:
(Description Provided by CVE) : SQL injection vulnerability in system/index.php in Audins Audiens 3.3 allows remote attackers to execute arbitrary SQL commands via the PHPSESSID cookie. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-02-26
|
Audins Audiens system/index.php Cookie PHPSESSID Parameter SQL Injection
|
|
34693
Description:
(Description Provided by CVE) : Directory traversal vulnerability in index.php in SolarPay allows remote attackers to read certain files via a .. (dot dot) in the read parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
|
2007-02-26
|
SolarPay index.php read Parameter Traversal Arbitrary File Access
|
|
41106
Description:
(Description Provided by CVE) : Unspecified vulnerability in Watchtower (WT) before 0.12 has unknown impact and attack vectors, related to "unauthorized accounts."
|
2007-02-26
|
Watchtower (WT) Unauthorized Accounts Unspecified Issue
|
|
33689
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in classes/class_mail.inc.php in Maian Recipe 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the path_to_folder parameter.
|
2007-02-25
|
AgerMenu classes/class_mail.inc.php path_to_folder Parameter Remote File Inclusion
|
|
33243
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in images_archive.asp in Uapplication Uphotogallery 1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the s parameter. NOTE: the thumbnails.asp vector is already covered by CVE-2006-3023.
|
2007-02-25
|
Uphotogallery images_archive.asp s Parameter XSS
|
|
45249
Description:
(Description Provided by CVE) : Tor does not verify a node's uptime and bandwidth advertisements, which allows remote attackers who operate a low resource node to make false claims of greater resources, which places the node into use for many circuits and compromises the anonymity of traffic sources and destinations.
|
2007-02-25
|
Tor Low Resource Node Advertisement Spoofing Route Subversion
|