[CLOSE] OSVDB ID : 35160 - Disclosed: 2007-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Secure site 4.7.x-1.x-dev and 5.x-1.x-dev module for Drupal allows remote attackers to bypass access restrictions via a crafted URL.

[CLOSE] OSVDB ID : 34958 - Disclosed: 2007-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35161 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in certain demonstration scripts in getID3 1.7.1, as used in the Mediafield and Audio modules for Drupal, allows remote attackers to read and delete arbitrary files, list arbitrary directories, and write to empty files or .mp3 files via unknown vectors.

[CLOSE] OSVDB ID : 35159 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Directory traversal vulnerability in include/db_conn.php in SpoonLabs Vivvo Article Management CMS 3.4 allows remote attackers to include and execute arbitrary local files via the root parameter.

[CLOSE] OSVDB ID : 35132 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in inc/functions_inc.php in VS-Link-Partner 2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the gb_pfad, or possibly script_pfad, parameter.

[CLOSE] OSVDB ID : 35131 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : SQL injection vulnerability in pop_profile.asp in Snitz Forums 2000 3.1 SR4 allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 34441 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : index.php in WebMplayer before 0.6.1-Alpha allows remote attackers to execute arbitrary code via shell metacharacters in an exec function call. NOTE: some sources have referred to this as eval injection in the param parameter, but CVE source inspection suggests that this is erroneous.

[CLOSE] OSVDB ID : 34442 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.

[CLOSE] OSVDB ID : 34443 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in WebMplayer before 0.6.1-Alpha allow remote attackers to execute arbitrary SQL commands via the (1) strid parameter to index.php and the (2) id[0] or other id array index parameter to filecheck.php.

[CLOSE] OSVDB ID : 33769 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

[CLOSE] OSVDB ID : 45264 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in Publisher 2007 in Microsoft Office 2007 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "file format vulnerability." NOTE: this information is based upon a vague pre-advisory with no actionable information. However, the advisory is from a reliable source.

[CLOSE] OSVDB ID : 33244 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in generate.php in VirtualSystem Htaccess Passwort Generator 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the ht_pfad parameter.

[CLOSE] OSVDB ID : 79164 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

[CLOSE] OSVDB ID : 33247 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in show_news_inc.php in VirtualSystem VS-News-System 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the newsordner parameter.

[CLOSE] OSVDB ID : 33255 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Mozilla Firefox might allow remote attackers to conduct spoofing and phishing attacks by writing to an about:blank tab and overlaying the location bar.

[CLOSE] OSVDB ID : 33229 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : SQL injection vulnerability in news.php in webSPELL 4.01.02, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the showonly parameter to index.php, a different vector than CVE-2006-5388.

[CLOSE] OSVDB ID : 33799 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Parallels Desktop for Mac before 20070216 implements Drag and Drop by sharing the entire host filesystem as the .psf share, which allows local users of the guest operating system to write arbitrary files to the host filesystem, and execute arbitrary code via launchd by writing a plist file to a LaunchAgents directory.

[CLOSE] OSVDB ID : 34243 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in admin_rebuild_search.php in phpbb_wordsearch allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 33204 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in WebTester 5.0.20060927 and earlier allow remote attackers to execute arbitrary SQL commands via the testID parameter to directions.php, and unspecified parameters to other files that accept GET or POST input.

[CLOSE] OSVDB ID : 33738 - Disclosed: 2007-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33726 - Disclosed: 2007-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33737 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in PBLang (PBL) 4.60 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbpath parameter, a different vector than CVE-2006-5062. NOTE: this issue has been disputed by a reliable third party for 4.65, stating that the dbpath variable is initialized in an included file that is created upon installation.

[CLOSE] OSVDB ID : 33736 - Disclosed: 2007-02-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in include.php in Meganoide's news 1.1.1 allows remote attackers to execute arbitrary PHP code via a URL in the _SERVER[DOCUMENT_ROOT] parameter.

[CLOSE] OSVDB ID : 52650 - Disclosed: 2007-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 52660 - Disclosed: 2007-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35130 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : SQL injection vulnerability in inc_listnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter.

[CLOSE] OSVDB ID : 37358 - Disclosed: 2007-02-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45243 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Comodo Firewall Pro (formerly Comodo Personal Firewall) 2.4.17.183 and earlier uses a weak cryptographic hashing function (CRC32) to identify trusted modules, which allows local users to bypass security protections by substituting modified modules that have the same CRC32 value.

[CLOSE] OSVDB ID : 35930 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.

[CLOSE] OSVDB ID : 32715 - Disclosed: 2007-02-15

Description:

Apple iChat contains a flaw related to the way that aim URIs are handled by a printable format string that may allow an attacker to execute arbitrary code in the context of the user.

[CLOSE] OSVDB ID : 33200 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Buffer overflow in swcons in IBM AIX 5.3 allows local users to gain privileges via long input data.

[CLOSE] OSVDB ID : 33199 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in the LizardTech DjVu Browser Plug-in before 6.1.1 allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 34181 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Ezboo webstats, possibly 3.0.3, allows remote attackers to bypass authentication and gain access via a direct request to (1) update.php and (2) config.php.

[CLOSE] OSVDB ID : 33208 - Disclosed: 2007-02-15

Description:

A remote overflow exists in EasyMail Objects. The EasyMail IMAP component fails to properly bounds check the hostname argument being passed to the connect() method resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code on the users system resulting in a loss of integrity.

[CLOSE] OSVDB ID : 33205 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.

[CLOSE] OSVDB ID : 33206 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ZebraFeeds 1.0, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the zf_path parameter to (1) aggregator.php and (2) controller.php in newsfeeds/includes/.

[CLOSE] OSVDB ID : 32282 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.

[CLOSE] OSVDB ID : 32283 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

[CLOSE] OSVDB ID : 33735 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Dem_trac allows remote attackers to read log file contents via a direct request for /anc_sit.txt.

[CLOSE] OSVDB ID : 33734 - Disclosed: 2007-02-15

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in CedStat 1.31 allows remote attackers to inject arbitrary web script or HTML via the hier parameter.