[CLOSE] OSVDB ID : 33045 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not properly parse commands, which allows local users to gain privileges via unspecified vectors, aka CSCsh30624.

[CLOSE] OSVDB ID : 33046 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : The (1) TTLS CHAP, (2) TTLS MSCHAP, (3) TTLS MSCHAPv2, (4) TTLS PAP, (5) MD5, (6) GTC, (7) LEAP, (8) PEAP MSCHAPv2, (9) PEAP GTC, and (10) FAST authentication methods in Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client store transmitted authentication credentials in plaintext log files, which allows local users to obtain sensitive information by reading these files, aka CSCsg34423.

[CLOSE] OSVDB ID : 33047 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client use an insecure default Discretionary Access Control Lists (DACL) for the connection client GUI, which allows local users to gain privileges by injecting "a thread under ConnectionClient.exe," aka CSCsg20558.

[CLOSE] OSVDB ID : 33048 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client allows local users to gain SYSTEM privileges via unspecified vectors in the supplicant, aka CSCsf15836.

[CLOSE] OSVDB ID : 33049 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Cisco Secure Services Client (CSSC) 4.x, Trust Agent 1.x and 2.x, Cisco Security Agent (CSA) 5.0 and 5.1 (when a vulnerable Trust Agent has been deployed), and the Meetinghouse AEGIS SecureConnect Client do not drop privileges when the help facility in the supplicant GUI is invoked, which allows local users to gain privileges, aka CSCsf14120.

[CLOSE] OSVDB ID : 33373 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php.

[CLOSE] OSVDB ID : 33374 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in phpTrafficA 1.4.1, and possibly earlier, allow remote attackers to include arbitrary local files via a .. (dot dot) in the (1) file parameter to plotStat.php and the (2) lang parameter to banref.php.

[CLOSE] OSVDB ID : 33041 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : The web interface in Trend Micro ServerProtect for Linux (SPLX) 1.25, 1.3, and 2.5 before 20070216 accepts logon requests through unencrypted HTTP, which might allow remote attackers to obtain credentials by sniffing the network.

[CLOSE] OSVDB ID : 33471 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : The start function in class.t3lib_formmail.php in TYPO3 before 4.0.5, 4.1beta, and 4.1RC1 allows attackers to inject arbitrary email headers via unknown vectors. NOTE: some details were obtained from third party information.

[CLOSE] OSVDB ID : 34937 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'admin/attributes.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34938 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'admin/images.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34939 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/scan.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34940 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/includes/attributes.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34941 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/includes/db_utils.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34942 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/includes/images.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34943 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/includes/utils.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34944 - Disclosed: 2007-02-21

Description:

DBImageGallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/includes/values.php' script not properly sanitizing user input supplied to the 'donsimg_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35998 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the reports system in OpenBiblio before 0.6.0 allows attackers to gain privileges via unspecified vectors.

[CLOSE] OSVDB ID : 74094 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Open Ticket Request System (OTRS) before 3.0.0-beta7 does not properly restrict the ticket ages that are within the scope of a search, which allows remote authenticated users to cause a denial of service (daemon hang) via a fulltext search.

[CLOSE] OSVDB ID : 45435 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Multiple absolute path traversal vulnerabilities in Microsoft Internet Explorer 6 on Windows XP SP2 allow remote attackers to access arbitrary local files via the file: URI in the (1) src attribute of a (a) bgsound, (b) input, (c) EMBED, (d) img, or (e) script tag; (2) data attribute of an object tag; (3) value attribute of a param tag; (4) background attribute of a body tag; or (5) the background:url attribute declared in the BODY parameter of a STYLE tag.

[CLOSE] OSVDB ID : 33252 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Stack-based buffer overflow in News File Grabber 4.1.0.1 and earlier allows remote attackers to execute arbitrary code via a .nzb file with a long subject field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 33746 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Rhino Software, Inc. FTP Voyager 14.0.0.3 and earlier allows remote servers to cause a denial of service (crash) via a long response to a CWD command, which triggers the overflow when the user aborts the command.

[CLOSE] OSVDB ID : 33744 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.

[CLOSE] OSVDB ID : 33264 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

[CLOSE] OSVDB ID : 33265 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Interspire SendStudio 2004.14 and earlier, when register_globals and allow_fopenurl are enabled, allow remote attackers to execute arbitrary PHP code via a URL in the ROOTDIR parameter to (1) createemails.inc.php and (2) send_emails.inc.php in /admin/includes/.

[CLOSE] OSVDB ID : 33765 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in nukesentinel.php in NukeSentinel 2.5.05, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header, aka the "File Disclosure Exploit."

[CLOSE] OSVDB ID : 33496 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : FTP Explorer 1.0.1 Build 047, and other versions before 1.0.1.52, allows remote servers to cause a denial of service (CPU consumption) via a long response to a PWD command.

[CLOSE] OSVDB ID : 33533 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Unspecified vulnerability in Novell ZENworks 7 Desktop Management Support Pack 1 before Hot patch 3 (ZDM7SP1HP3) allows remote attackers to upload images to certain folders that were not configured in the "Only allow uploads to the following directories" setting via unspecified vectors.

[CLOSE] OSVDB ID : 34242 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : ftpd, as used by Gentoo and Debian Linux, sets the gid to the effective uid instead of the effective group id before executing /bin/ls, which allows remote authenticated users to list arbitrary directories with the privileges of gid 0 and possibly enable additional attack vectors.

[CLOSE] OSVDB ID : 34179 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in includes/nsbypass.php in NukeSentinel 2.5.05, 2.5.11, and other versions before 2.5.12 allows remote attackers to execute arbitrary SQL commands via an admin cookie.

[CLOSE] OSVDB ID : 33253 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in S&H Computer Systems News Rover 12.1 Rev 1 allow remote attackers to execute arbitrary code via a .nzb file with a long (1) group or (2) subject string.

[CLOSE] OSVDB ID : 33749 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in phpXmms 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the tcmdp parameter to (1) phpxmmsb.php or (2) phpxmmst.php. NOTE: this issue has been disputed by a reliable third party, stating that the tcmdp variable is initialized by config.php.

[CLOSE] OSVDB ID : 33042 - Disclosed: 2007-02-20

Description:

Multiple overflows exist in ServerProtect. TmRpcSrv.dll fails to validate data received on resulting in a multiple stack overflows. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 40798 - Disclosed: 2007-02-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33305 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in function.php in Ultimate Fun Book 1.02 allows remote attackers to execute arbitrary PHP code via a URL in the gbpfad parameter. NOTE: some sources mention "Ultimate Fun Board," but this appears to be an error.

[CLOSE] OSVDB ID : 33304 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : The Net Direct client for Linux before 6.0.5 in Nortel Application Switch 2424, VPN 3050 and 3070, and SSL VPN Module 1000 extracts and executes files with insecure permissions, which allows local users to exploit a race condition to replace a world-writable file in /tmp/NetClient and cause another user to execute arbitrary code when attempting to execute this client, as demonstrated by replacing /tmp/NetClient/client.

[CLOSE] OSVDB ID : 33751 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : TurboFTP 5.30 Build 572 allows remote servers to cause a denial of service (CPU consumption) via a response with a large number of newline characters.

[CLOSE] OSVDB ID : 33752 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.

[CLOSE] OSVDB ID : 33782 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in TurboFTP 5.30 Build 572 allow remote servers to cause a denial of service via (1) long filename in a response to a LIST command, and (2) a long response to a CWD command.

[CLOSE] OSVDB ID : 32677 - Disclosed: 2007-02-20

Description:

(Description Provided by CVE) : SQL injection vulnerability in user_pages/page.asp in Online Web Building 2.0 allows remote attackers to execute arbitrary SQL commands via the art_id parameter.