[CLOSE] OSVDB ID : 34678 - Disclosed: 2007-03-31

Description:

A buffer overflow exists in Tivoli Provisioning Manager for OS Deployment. The rembo.exe service fails to validate HTTP requests resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 35232 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in 2BGal 3.1.1 allow remote attackers to execute arbitrary PHP code via a URL in the lang_filename parameter to (1) index.php or (2) backupdb.inc.php in admin/, or other unspecified files, different vectors than CVE-2006-5505. NOTE: this issue has been disputed by CVE, since the lang_filename variable is defined before it is used.

[CLOSE] OSVDB ID : 35223 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.

[CLOSE] OSVDB ID : 35224 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.

[CLOSE] OSVDB ID : 35225 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Aardvark Topsites PHP 5 allow remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) button/settings_sql.php, (2) settings_sql.php, and (3) sources/misc/new_day.php.

[CLOSE] OSVDB ID : 35222 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in smarty/smarty_class.php in Shop-Script FREE allow remote attackers to execute arbitrary PHP code via a URL in the (1) _smarty_compile_path, (2) smarty_compile_path, (3) get_plugin_filepath, (4) smarty_dir, and (5) filename parameters. NOTE: this issue might be related to CVE-2006-7105.

[CLOSE] OSVDB ID : 35220 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.

[CLOSE] OSVDB ID : 35221 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in SLAED CMS 2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) path parameter to admin/admin.php or the (2) modpath parameter to index.php.

[CLOSE] OSVDB ID : 33961 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP SOAP client in PHP, and via a call to msg_receive with the largest positive integer value of maxsize.

[CLOSE] OSVDB ID : 33960 - Disclosed: 2007-03-31

Description:

PHP contains a flaw that may allow context-dependent attackers to execute arbitrary code. The issue is due to the maxsize parameter of the msg_receive function not properly sanitizing user-supplied input. By providing crafted data to this function, an attacker can trigger an integer overflow and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 33959 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.

[CLOSE] OSVDB ID : 33958 - Disclosed: 2007-03-31

Description:

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the in parameter of the sqlite_decode_binary function in the bundled sqlite library not properly sanitizing user-supplied input. By supplying crafted input, an attacker can trigger a buffer overflow and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 33957 - Disclosed: 2007-03-31

Description:

PHP contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the imap_mail_compose function not properly sanitizing user-supplied input to the type.parameters field. By supplying an overly long boundary string, an attacker can trigger a buffer overflow and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 33956 - Disclosed: 2007-03-31

Description:

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to the str_replace function not sanitizing user-supplied input. If an attacker supplies a single character search string in conjunction with a long replacement string, they can trigger an overflow and execute arbitrary code.

[CLOSE] OSVDB ID : 39177 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some PHP installations use a bundled version of sqlite without this vulnerability. The SQLite developer has argued that this issue could be due to a misuse of the sqlite_decode_binary() API.

[CLOSE] OSVDB ID : 34463 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Lykos Reviews (lykos_reviews) 1.00 module for Xoops allows remote attackers to execute arbitrary SQL commands via the uid parameter in a u action.

[CLOSE] OSVDB ID : 35247 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due to missing null termination.

[CLOSE] OSVDB ID : 34679 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : The UTF-8 decoder in codecs/qutfcodec.cpp in Qt 3.3.8 and 4.2.3 does not reject long UTF-8 sequences as required by the standard, which allows remote attackers to conduct cross-site scripting (XSS) and directory traversal attacks via long sequences that decode to dangerous metacharacters.

[CLOSE] OSVDB ID : 36310 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.

[CLOSE] OSVDB ID : 41985 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets.

[CLOSE] OSVDB ID : 41986 - Disclosed: 2007-03-31

Description:

(Description Provided by CVE) : Multiple off-by-one errors in VooDoo cIRCle before 1.1.beta27 allow remote attackers to cause a denial of service (connection loss) or possibly execute arbitrary code via a (1) DNS name response of the exact length as a buffer; or a long (2) channel name, (3) partyline channel name, or unspecified vectors in crafted BOTNET packets.

[CLOSE] OSVDB ID : 34626 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in lib/timesheet.class.php in Softerra Time-Assistant 6.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_dir or (2) lib_dir parameter.

[CLOSE] OSVDB ID : 34988 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in JCcorp URLshrink before 1.3.2 have unspecified attack vectors and impact.

[CLOSE] OSVDB ID : 34640 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the dns_decode_reverse_name function in dns_decode.c in dproxy-nexgen allows remote attackers to execute arbitrary code by sending a crafted packet to port 53/udp, a different issue than CVE-2007-1465.

[CLOSE] OSVDB ID : 35445 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in MOD_forum_fields_parse.php in the Forum picture and META tags 1.7 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 33955 - Disclosed: 2007-03-30

Description:

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a negative argument number is passed to the php_formatted_print function before a 64 to 32 bit truncation, it may bypass a check for the maximum allowable value causing memory corruption. This may allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 34767 - Disclosed: 2007-03-30

Description:

PHP contains a flaw that may allow a context-dependent attacker to gain elevated privileges. The issue is due to an integer signedness error in the printf function family as used on 64 bit machines. When a width and precision of -1 is passed to the php_sprintf_appendstring function, it may place an internal buffer at an arbitrary memory location. This may allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 37305 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in classes/captcha/captcha.jpg.php in Drake CMS allows remote attackers to read arbitrary files or list arbitrary directories, and obtain the installation path, via a .. (dot dot) in the d_private parameter. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

[CLOSE] OSVDB ID : 37306 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in 404.php in Drake CMS allows remote attackers to include and execute arbitrary local arbitrary files via a .. (dot dot) in the d_private parameter. NOTE: some of these details are obtained from third party information. NOTE: Drake CMS has only a beta version available, and the vendor has previously stated "We do not consider security reports valid until the first official release of Drake CMS."

[CLOSE] OSVDB ID : 34658 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : member.php in MyBB (aka MyBulletinBoard), when debug mode is available, allows remote authenticated users to change the password of any account by providing the account's registered e-mail address in a debug request for a do_lostpw action, which prints the change password verification code in the debug output.

[CLOSE] OSVDB ID : 34987 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : JCcorp URLshrink 1.3.1 allows remote attackers to execute arbitrary PHP code via the email address field in an HTML link. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 34588 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in MailDwarf 3.01 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 34589 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in MailDwarf 3.01 and earlier allows remote attackers to send e-mail to addresses different from the configured addresses.

[CLOSE] OSVDB ID : 34590 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in Hitachi JP1/HiCommand DeviceManager, Global Link Availability Manager, Replication Monitor, Tiered Storage Manager, and Tuning Manager allows local users to obtain authentication information via unspecified vectors.

[CLOSE] OSVDB ID : 34895 - Disclosed: 2007-03-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 34897 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : Buffer overflow in the pfs_mountd.rpc RPC daemon in the Portable File System (PFS) in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to execute arbitrary code by sending "a call to procedure 5, followed by a crafted payload to procedure 2."

[CLOSE] OSVDB ID : 34544 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in Hitachi Collaboration - Online Community Management 01-00 through 01-30, as used in Groupmax Collaboration Portal, Groupmax Collaboration Web Client, uCosminexus Collaboration Portal, Cosminexus Collaboration Portal, and uCosminexus Content Manager, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 34318 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.

[CLOSE] OSVDB ID : 34126 - Disclosed: 2007-03-30

Description:

(Description Provided by CVE) : The RPC service in mediasvr.exe in CA BrightStor ARCserve Backup 11.5 SP2 build 4237 allows remote attackers to execute arbitrary code via crafted xdr_handle_t data in RPC packets, which is used in calculating an address for a function call, as demonstrated using the 191 (0xbf) RPC request.

[CLOSE] OSVDB ID : 88033 - Disclosed: 2007-03-30

Description:

IBM WebSphere MQ contains a flaw related to application processes that may allow a remote denial of service. The issue is triggered when a heap corruption occurs in the runmqlsr listener. This will result in a loss of availability for the program.