[CLOSE] OSVDB ID : 38197 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : The IAX2 channel driver (chan_iax2) in Asterisk Open 1.2.x before 1.2.23, 1.4.x before 1.4.9, and Asterisk Appliance Developer Kit before 0.6.0, when configured to allow unauthenticated calls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of calls that do not complete a 3-way handshake, which causes an ast_channel to be allocated but not released.

[CLOSE] OSVDB ID : 38755 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 38756 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 38757 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 38758 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Session fixation vulnerability in Joomla! before 1.0.13 (aka Sunglow) allows remote attackers to hijack administrative web sessions via unspecified vectors.

[CLOSE] OSVDB ID : 36454 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Centennial Discovery 2006 Feature Pack 1, which is used by (1) Numara Asset Manager 8.0 and (2) Symantec Discovery 6.5, uses insecure permissions on certain directories, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 37980 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to cause a denial of service via a crafted DOC file that triggers a divide-by-zero error.

[CLOSE] OSVDB ID : 37981 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : The OLE2 parsing in Norman Antivirus before 5.91.02 allows remote attackers to bypass the malware detection via a crafted DOC file, resulting from an "integer cast around".

[CLOSE] OSVDB ID : 37982 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."

[CLOSE] OSVDB ID : 37983 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple buffer overflows in Norman Antivirus 5.90 allow remote attackers to execute arbitrary code via a crafted (1) ACE or (2) LZH file, resulting from an "integer cast around."

[CLOSE] OSVDB ID : 36223 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port 5179 that overwrites a destructor, as reachable by the (1) DoAttachVideoSender, (2) DoAttachVideoReceiver, (3) DoAttachAudioSender, and (4) DoAttachAudioReceiver functions.

[CLOSE] OSVDB ID : 37122 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : The (1) aac_cfg_open and (2) aac_compat_ioctl functions in the SCSI layer ioctl path in aacraid in the Linux kernel before 2.6.23-rc2 do not check permissions for ioctls, which might allow local users to cause a denial of service or gain privileges.

[CLOSE] OSVDB ID : 36471 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in cv.asp in Asp cvmatik 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz (Ady), (2) Soyadiniz (Soyady), (3) Ehliyet, (4) Askerlik, and (5) GSM parameters; and possibly other unspecified vectors.

[CLOSE] OSVDB ID : 36276 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : SQL injection vulnerability in editpost.php in phpMyForum before 4.1.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 38568 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added.

[CLOSE] OSVDB ID : 38569 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

[CLOSE] OSVDB ID : 38570 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255, or (2) a long d_name directory (dirent) field in the fsp_readdir function.

[CLOSE] OSVDB ID : 37135 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.asp in Alisveris Sitesi Scripti allows remote attackers to inject arbitrary web script or HTML via the q parameter in a search mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 37136 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in index.asp in Alisveris Sitesi Scripti allow remote attackers to execute arbitrary SQL commands via the (1) product_id or (2) cat_id parameter in a product mod action. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 38270 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in default.asp in Dora Emlak 1.0, when the goster parameter is set to iletisim, allow remote attackers to inject arbitrary web script or HTML via the (1) Adiniz and (2) Soyadiniz parameters; and possibly other unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 38271 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : SQL injection vulnerability in default.asp in Dora Emlak 1.0, when the goster parameter is set to emlakdetay, allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 39004 - Disclosed: 2007-07-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43773 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Microsoft Windows Explorer (explorer.exe) allows user-assisted remote attackers to cause a denial of service via a certain GIF file, as demonstrated by Art.gif.

[CLOSE] OSVDB ID : 43774 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Buffer overflow in Nipun Jain xserver 0.1 alpha allows remote attackers to cause a denial of service via a POST request with a long URI.

[CLOSE] OSVDB ID : 73528 - Disclosed: 2007-07-23

Description:

(Description Provided by CVE) : Double free vulnerability in IBM Tivoli Directory Server (TDS) 5.2 before 5.2.0.5-TIV-ITDS-LA0005 allows remote authenticated users to cause a denial of service (ABEND) via search operations that trigger recursive filter_free calls.

[CLOSE] OSVDB ID : 48697 - Disclosed: 2007-07-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 36277 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : SQL injection vulnerability in SearchResults.asp in ImageRacer 1.0, when WordSearchCrit is enabled, allows remote attackers to execute arbitrary SQL commands via the SearchWord parameter.

[CLOSE] OSVDB ID : 46947 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

[CLOSE] OSVDB ID : 46948 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

[CLOSE] OSVDB ID : 46949 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

[CLOSE] OSVDB ID : 46950 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

[CLOSE] OSVDB ID : 46951 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

[CLOSE] OSVDB ID : 46952 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : AlstraSoft Video Share Enterprise allows remote attackers to obtain sensitive information (the full path) via (1) a ' (quote) character in the category parameter to view_video.php, or (2) an XSS sequence in the UID parameter to (a) uprofile.php, (b) channel_detail.php, (c) uvideos.php, (d) groups_home.php, or (e) ufriends.php.

[CLOSE] OSVDB ID : 46953 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.

[CLOSE] OSVDB ID : 46954 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft Affiliate Network Pro allow remote attackers to inject arbitrary web script or HTML via vectors in (a) merchants/index.php, including the (1) id or (2) msg parameter in a programedit action; the (3) pgmid parameter in an uploadProducts action; the (4) d, (5) m, or (6) y parameter in a daily action; the (7) err parameter in a ProgramReport action; the (8) i, (9) txtto, (10) txtfrom, or (11) programs parameter in a LinkReport action; or the (12) msg parameter in an add_money action; and one vector in (b) merchants/temp.php using (13) the rowid parameter. NOTE: vector 7 might overlap CVE-2005-3795.1.

[CLOSE] OSVDB ID : 36858 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certain arguments, as demonstrated by a 'chr(0), 0, ""' argument set.

[CLOSE] OSVDB ID : 38997 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : Minb Is Not a Blog (minb) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing usernames and encrypted passwords via a direct request for db/users.db.

[CLOSE] OSVDB ID : 52199 - Disclosed: 2007-07-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37088 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in contact_author.php AlstraSoft Article Manager Pro allows remote attackers to inject arbitrary web script or HTML via the userid parameter.

[CLOSE] OSVDB ID : 37092 - Disclosed: 2007-07-22

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to inject arbitrary web script or HTML via (1) the cat_id parameter to search.php or the (2) typ parameter to register.php.