[CLOSE] OSVDB ID : 38345 - Disclosed: 2007-05-31

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in myBloggie 2.1.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) year parameter to index.php in a viewuser action, different vectors than CVE-2005-1500 and CVE-2005-4225.

[CLOSE] OSVDB ID : 39230 - Disclosed: 2007-05-31

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the Vivotek Motion Jpeg ActiveX control (aka MjpegControl) in MjpegDecoder.dll 2.0.0.13 allows remote attackers to execute arbitrary code via a long PtzUrl property value.

[CLOSE] OSVDB ID : 43455 - Disclosed: 2007-05-31

Description:

(Description Provided by CVE) : Buffer overflow in Acoustica MP3 CD Burner 4.32 allows user-assisted remote attackers to execute arbitrary code via a .asx playlist file with a REF element containing a long string in the HREF attribute.

[CLOSE] OSVDB ID : 35712 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Softnews Media Group DataLife Engine allow remote attackers to execute arbitrary PHP code via a URL in the root_dir parameter to (1) init.php and (2) Ajax/editnews.php. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 35522 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 36128 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Apple Xserve Lights-Out Management before Firmware Update 1.0 on Intel hardware does not require a password for remote access to IPMI, which allows remote attackers to gain administrative access via unspecified requests with ipmitool.

[CLOSE] OSVDB ID : 35576 - Disclosed: 2007-05-30

Description:

A buffer overflow exists in QuickTime. QuickTime for Java fails to validate applets resulting in a heap overflow. With a specially crafted applet, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 36827 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.

[CLOSE] OSVDB ID : 36727 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Real-time Scanning component in multiple F-Secure products, including Internet Security 2005, 2006 and 2007; Anti-Virus 2005, 2006 and 2007; and Solutions based on F-Secure Protection Service for Consumers 6.40 and earlier allows local users to gain privileges via a crafted I/O request packet (IRP), related to IOCTL (Input/Output Control) and "access validation of the address space."

[CLOSE] OSVDB ID : 36725 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.

[CLOSE] OSVDB ID : 36726 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple F-Secure anti-virus products for Microsoft Windows and Linux before 20070522 allow remote attackers to cause a denial of service (file scanning infinite loop) via certain crafted (1) ARJ archives or (2) FSG packed files.

[CLOSE] OSVDB ID : 35134 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) via vectors related to dangling pointers, heap corruption, signed/unsigned, and other issues.

[CLOSE] OSVDB ID : 35135 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : The form autocomplete feature in Mozilla Firefox 1.5.x before 1.5.0.12, 2.x before 2.0.0.4, and possibly earlier versions, allows remote attackers to cause a denial of service (persistent temporary CPU consumption) via a large number of characters in a submitted form.

[CLOSE] OSVDB ID : 35136 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to bypass the same-origin policy and conduct cross-site scripting (XSS) and other attacks by using the addEventListener method to add an event listener for a site, which is executed in the context of that site.

[CLOSE] OSVDB ID : 35137 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to spoof or hide the browser chrome, such as the location bar, by placing XUL popups outside of the browser's content pane. NOTE: this issue can be leveraged for phishing and other attacks.

[CLOSE] OSVDB ID : 35138 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via vectors that trigger memory corruption.

[CLOSE] OSVDB ID : 35139 - Disclosed: 2007-05-30

Description:

Mozilla Firefox and SeaMonkey contain a flaw that may allow a remote denial of service. The issue is triggered due to the cookie path parameter not properly verifying user-supplied input, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 35140 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2, allows remote attackers to cause a denial of service via (1) a large cookie path parameter, which triggers memory consumption, or (2) an internal delimiter within cookie path or name values, which could trigger a misinterpretation of cookie data, aka "Path Abuse in Cookies."

[CLOSE] OSVDB ID : 36819 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Buffer overflow in Advanced Software Production Line Vortex Library before 1.0.3 allows remote attackers to cause a denial of service (listener crash) via unspecified vectors related to the select I/O implementation and the file set buffer. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 35430 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

[CLOSE] OSVDB ID : 35431 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

[CLOSE] OSVDB ID : 35432 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

[CLOSE] OSVDB ID : 35433 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

[CLOSE] OSVDB ID : 35434 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

[CLOSE] OSVDB ID : 35435 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board (IPB or IP.Board) 2.2.2, and possibly earlier, allows remote attackers to inject arbitrary web script or HTML via (1) module_bbcodeloader.php, (2) module_div.php, (3) module_email.php, (4) module_image.php, (5) module_link.php, or (6) the editorid parameter to module_table.php in jscripts/folder_rte_files/. NOTE: some details were obtained from third party sources.

[CLOSE] OSVDB ID : 36724 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Buffer overflow in the LHA decompresion component in F-Secure anti-virus products for Microsoft Windows and Linux before 20070529 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted LHA archive, related to an integer wrap, a similar issue to CVE-2006-4335.

[CLOSE] OSVDB ID : 36718 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple buffer overflows in the British Telecommunications Business Connect webhelper ActiveX control before 1.0.0.7 in btbconnectwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 36046 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : A certain ActiveX control in sasatl.dll in Zenturi ProgramChecker allows remote attackers to download arbitrary files to the client system via the DownloadFile function.

[CLOSE] OSVDB ID : 36908 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

[CLOSE] OSVDB ID : 36197 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Buffer overflow in Qualcomm Eudora 7.1.0.9 allows user-assisted, remote IMAP servers to execute arbitrary code via a long FLAGS response to a SELECT INBOX command.

[CLOSE] OSVDB ID : 36318 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.

[CLOSE] OSVDB ID : 36319 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to execute arbitrary SQL commands via (1) the iCategoryUnq parameter to G_Display.php or (2) the iSearchID parameter to Search/DisplayResults.php.

[CLOSE] OSVDB ID : 36414 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in search.php in Particle Gallery 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the order parameter.

[CLOSE] OSVDB ID : 37468 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in archives.php in Particle Blogger 1.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the month parameter and other unspecified vectors.

[CLOSE] OSVDB ID : 38877 - Disclosed: 2007-05-30

Description:

PHP JackKnife contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'sUName' variable upon submission to the 'UserArea/Authenticate.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 38878 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.

[CLOSE] OSVDB ID : 38879 - Disclosed: 2007-05-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in PHP JackKnife (PHPJK) allow remote attackers to inject arbitrary web script or HTML via (1) the sUName parameter to UserArea/Authenticate.php, (2) the sAccountUnq parameter to UserArea/NewAccounts/index.php, or the (3) iCategoryUnq, (4) iDBLoc, (5) iTtlNumItems, (6) iNumPerPage, or (7) sSort parameter to G_Display.php, different vectors than CVE-2005-4239.

[CLOSE] OSVDB ID : 38364 - Disclosed: 2007-05-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in lib/live_status.lib.php in AdminBot MX 9.0.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT parameter.

[CLOSE] OSVDB ID : 36585 - Disclosed: 2007-05-29

Description:

(Description Provided by CVE) : Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file.

[CLOSE] OSVDB ID : 36584 - Disclosed: 2007-05-29

Description:

(Description Provided by CVE) : The libike library in Sun Solaris 9 before 20070529 contains a logic error related to a certain pointer, which allows remote attackers to cause a denial of service (in.iked daemon crash) by sending certain UDP packets with a source port different from 500. NOTE: this issue might overlap CVE-2006-2298.