[CLOSE] OSVDB ID : 38298 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 38299 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in (1) Request-spk.xuda and (2) Add-msie-request.xuda in RSA KEON Registration Authority Web Interface 1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 38987 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in inc/lib/language.lib.php in Claroline before 1.8.6 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

[CLOSE] OSVDB ID : 39048 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the BlueSkychat (BlueSkyCat) ActiveX control (V2.V2Ctrl.1) in v2.ocx 8.1.2.0 and earlier allows remote attackers to execute arbitrary code via a long string in the second argument to the ConnecttoServer method.

[CLOSE] OSVDB ID : 39192 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.

[CLOSE] OSVDB ID : 39216 - Disclosed: 2007-07-31

Description:

WebEvent contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cmd' variable upon submission to the 'webevent.cgi' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39295 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : irc-channel.c in ngIRCd before 0.10.3 allows remote attackers to cause a denial of service (crash) via a JOIN command without a channel argument.

[CLOSE] OSVDB ID : 39371 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-general.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39372 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-writing.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39373 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-reading.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39374 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-discussion.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39375 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-privacy.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39376 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-permalink.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39377 - Disclosed: 2007-07-31

Description:

Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'options-misc.php' script not properly sanitizing user-supplied input to the 'page_options' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 39029 - Disclosed: 2007-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39030 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in includes/functions.inc.php in phpVoter 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the sitepath parameter.

[CLOSE] OSVDB ID : 39033 - Disclosed: 2007-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39369 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple buffer overflows in Konst CenterICQ 4.9.11 through 4.21 allow remote attackers to execute arbitrary code via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. NOTE: this might overlap CVE-2007-0160.

[CLOSE] OSVDB ID : 37706 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : A certain ActiveX control in BaiduBar.dll in Baidu Soba Search Bar 5.4 allows remote attackers to execute arbitrary code via a request containing "a link to download and a file to execute," possibly involving remote file inclusion.

[CLOSE] OSVDB ID : 36352 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.

[CLOSE] OSVDB ID : 38120 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Integer overflow in the StreamPredictor::StreamPredictor function in xpdf 3.02, as used in (1) poppler before 0.5.91, (2) gpdf before 2.8.2, (3) kpdf, (4) kdegraphics, (5) CUPS, (6) PDFedit, and other products, might allow remote attackers to execute arbitrary code via a crafted PDF file that triggers a stack-based buffer overflow in the StreamPredictor::getNextLine function.

[CLOSE] OSVDB ID : 38739 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : CRLF injection vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to inject arbitrary HTTP headers and probably conduct HTTP response splitting attacks via CRLF sequences in the url parameter. NOTE: this can be leveraged for cross-site scripting (XSS) attacks. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 36613 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the dynamic tracing framework (DTrace) on Sun Solaris 10 before 20070730 allows local users with PRIV_DTRACE_USER privileges to cause a denial of service (panic or hang) via unspecified use of certain DTrace programs.

[CLOSE] OSVDB ID : 36453 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in the Perl Compatible Regular Expressions (PCRE) library in the JavaScript engine in WebKit in Apple Safari 3 Beta before Update 3.0.3, and iPhone before 1.0.1, allow remote attackers to execute arbitrary code via certain JavaScript regular expressions. NOTE: this issue was originally reported only for MobileSafari on the iPhone. NOTE: it is not clear whether this stems from an issue in the original distribution of PCRE, which might already have a separate CVE identifier.

[CLOSE] OSVDB ID : 38026 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an about:blank document loaded by chrome via (a) the window.open function or (b) a content.location assignment, aka "Cross Context Scripting." NOTE: this issue is caused by a CVE-2007-3089 regression.

[CLOSE] OSVDB ID : 39560 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : The GDM daemon in GNOME Display Manager (GDM) before 2.14.13, 2.16.x before 2.16.7, 2.18.x before 2.18.4, and 2.19.x before 2.19.5 does not properly handle NULL return values from the g_strsplit function, which allows local users to cause a denial of service (persistent daemon crash) via a crafted command to the daemon's socket, related to (1) gdm.c and (2) gdmconfig.c in daemon/, and (3) gdmconfig.c and (4) gdmflexiserver.c in gui/.

[CLOSE] OSVDB ID : 37680 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Memory leak in TIBCO Rendezvous (RV) daemon (rvd) 7.5.2, 7.5.3 and 7.5.4 allows remote attackers to cause a denial of service (memory consumption) via a packet with a length field of zero, a different vulnerability than CVE-2006-2830.

[CLOSE] OSVDB ID : 37681 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : rvd in TIBCO Rendezvous (RV) 7.5.2, when -no-lead-wc is omitted, might allow remote attackers to cause a denial of service (network instability) via a subject name with a leading (1) '*' (asterisk) or (2) '>' (greater than) wildcard character.

[CLOSE] OSVDB ID : 43977 - Disclosed: 2007-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38031 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the file extension at the end of the URI," a variant of CVE-2007-4041. NOTE: the vendor states that "it is still possible to launch a filetype handler based on extension rather than the registered protocol handler."

[CLOSE] OSVDB ID : 36351 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in wolioCMS allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to member.php in a page action, related to a SELECT statement in common.php; and the (2) loginid parameter (uid variable), and possibly the (3) pwd parameter, to admin/index.php.

[CLOSE] OSVDB ID : 37254 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.

[CLOSE] OSVDB ID : 37255 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.

[CLOSE] OSVDB ID : 37256 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in IT!CMS (itcms) 0.2 allow remote attackers to inject arbitrary web script or HTML via the wndtitle parameter to (1) lang-en.php, (2) menu-ed.php, or (3) titletext-ed.php.

[CLOSE] OSVDB ID : 37262 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.

[CLOSE] OSVDB ID : 37263 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.

[CLOSE] OSVDB ID : 37264 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Madoa Poll 1.1 allow remote attackers to execute arbitrary PHP code via the Madoa parameter to (1) index.php, (2) vote.php, and (3) admin.php.

[CLOSE] OSVDB ID : 39034 - Disclosed: 2007-07-30

Description:

(Description Provided by CVE) : ** DISPUTED ** PHP remote file inclusion vulnerability in index.php in phpWebFileManager 0.5 allows remote attackers to execute arbitrary PHP code via a URL in the PN_PathPrefix parameter. NOTE: this issue is disputed by a reliable third party, who demonstrates that PN_PathPrefix is defined before use.

[CLOSE] OSVDB ID : 39031 - Disclosed: 2007-07-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in administrator/popups/pollwindow.php in Joomla! 1.0.12 allows remote attackers to execute arbitrary SQL commands via the pollid parameter.

[CLOSE] OSVDB ID : 39028 - Disclosed: 2007-07-29

Description:

Unknown / Incomplete