[CLOSE] OSVDB ID : 37432 - Disclosed: 2007-04-09

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 35579 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35580 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35581 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35564 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35565 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35566 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35567 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35291 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : ** DISPUTED ** Unspecified vulnerability in administration.php in xodagallery allows remote attackers to execute arbitrary code via the cmd parameter. NOTE: CVE disputes this vulnerability because administration.php does not use the cmd parameter for inclusion.

[CLOSE] OSVDB ID : 35290 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Guernion Sylvain Portail Web Php (aka Gsylvain35 Portail Web, PwP) allow remote attackers to execute arbitrary PHP code via a URL in the pageAll parameter to index.php in (1) template/Vert/, or (2) template/Noir/.

[CLOSE] OSVDB ID : 35289 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Pineapple Technologies Lore 1 allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang_path parameter to third_party/phpmailer/class.phpmailer.php or the (2) get_plugin_file_path parameter to third_party/smarty/libs/plugins/function.html_checkboxes.php. NOTE: the affected files might be from other software packages, so this might not be a vulnerability in Lore itself. NOTE: (1) might be the same issue as CVE-2006-5734.4.

[CLOSE] OSVDB ID : 35049 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in mysql/phpinfo.php in phpMyAdmin 2.6.1 allows remote attackers to inject arbitrary web script or HTML via the lang[] parameter.

[CLOSE] OSVDB ID : 35288 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : SQL injection vulnerability in ubbthreads.php in Groupee UBB.threads 6.1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the C parameter.

[CLOSE] OSVDB ID : 35287 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the embedded webserver in Daniel Naber LanguageTool before 0.8.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message, possibly the demultiplex method in HTTPServer.java.

[CLOSE] OSVDB ID : 34777 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in auth.php in Pineapple Technologies QuizShock 1.6.1 and earlier allows remote attackers to inject arbitrary web script or HTML via encoded special characters in the forward_to parameter, as demonstrated using "<"<".

[CLOSE] OSVDB ID : 34746 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in scarnews.inc.php in ScarNews 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sn_admin_dir parameter.

[CLOSE] OSVDB ID : 34754 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in smilies.php in Scorp Book 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the config parameter.

[CLOSE] OSVDB ID : 34960 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in the UpLoad feature (lib/plugin/UpLoad.php) in PhpWiki 1.3.x allows remote attackers to upload arbitrary PHP files with a (1) php3, (2) php4, or (3) php5 extension.

[CLOSE] OSVDB ID : 34721 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in login.php in DeskPro 2.0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

[CLOSE] OSVDB ID : 34806 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in member.php in the eBoard 1.0.7 module for PHP-Nuke allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the GLOBALS[name] parameter.

[CLOSE] OSVDB ID : 38459 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.

[CLOSE] OSVDB ID : 38460 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.

[CLOSE] OSVDB ID : 38461 - Disclosed: 2007-04-08

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PcP-Guestbook (PcP-Book) 3.0 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the lang parameter to (1) index.php, (2) gb.php, or (3) faq.php.

[CLOSE] OSVDB ID : 58751 - Disclosed: 2007-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56060 - Disclosed: 2007-04-07

Description:

(Description Provided by CVE) : FCKeditor.Java 2.4 allows remote attackers to cause a denial of service (infinite loop) via a malformed request parameter that contains "ctrl" characters.

[CLOSE] OSVDB ID : 35285 - Disclosed: 2007-04-07

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index_cms.php in WebBlizzard CMS allows remote attackers to inject arbitrary web script or HTML via the Suchzeile parameter.

[CLOSE] OSVDB ID : 35286 - Disclosed: 2007-04-07

Description:

(Description Provided by CVE) : Session fixation vulnerability in WebBlizzard CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

[CLOSE] OSVDB ID : 35284 - Disclosed: 2007-04-07

Description:

(Description Provided by CVE) : Unspecified vulnerability in phpTodo before 0.8.1 allows remote attackers to have an unknown impact via newlines in regular expressions to (1) index.php, (2) feed.php, (3) prefs.php, and (4) todolist.php; and (5) classTodoItem.php and (6) phpTodoUser.php in libs/. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 34120 - Disclosed: 2007-04-07

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in mail/signup.asp in CmailServer WebMail 5.4.3, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via the Comment parameter, a different vector than CVE-2007-1927.

[CLOSE] OSVDB ID : 33962 - Disclosed: 2007-04-07

Description:

PHP's ext/filter extension contains a flaw that may allow a malicious user to inject specially crafted mail headers. The issue is triggered due to the FILTER_VALIDATE_EMAIL function using an incorrect regular expression which can be trivially bypassed. By using a newline character, an attacker could potentially use this to send unsolicited e-mail from the host.

[CLOSE] OSVDB ID : 79036 - Disclosed: 2007-04-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35280 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Arizona Dream Livre d'or (livor) 2.5 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

[CLOSE] OSVDB ID : 35277 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Session fixation vulnerability in onelook courts on-line allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

[CLOSE] OSVDB ID : 35278 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

[CLOSE] OSVDB ID : 35279 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Session fixation vulnerability in onelook onebyone CMS allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

[CLOSE] OSVDB ID : 35276 - Disclosed: 2007-04-06

Description:

phpContact contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'contact_business.php ' and the 'contact_person.php' scripts not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34430 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

[CLOSE] OSVDB ID : 34431 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : The Impulse Tracker (IT) and ScreamTracker 3 (S3M) modules in IN_MOD.DLL in AOL Nullsoft Winamp 5.33 allows remote attackers to execute arbitrary code via a crafted (1) .IT or (2) .S3M file containing integer values that are used as memory offsets, which triggers memory corruption.

[CLOSE] OSVDB ID : 35479 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in LAN Management System (LMS) before 1.6.9 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving the OD parameter to contrib/formularz_przelewu_wplaty/druk.php.

[CLOSE] OSVDB ID : 34432 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : LIBSNDFILE.DLL, as used by AOL Nullsoft Winamp 5.33 and possibly other products, allows remote attackers to execute arbitrary code via a crafted .MAT (MATLAB sound) file that contains a value that is used as an offset, which triggers memory corruption.