| OSVDB ID | Disclosure Date | Title |
|---|
|
38421
Description:
(Description Provided by CVE) : Buffer overflow in the PowerPlayer.dll ActiveX control in PPStream 2.0.1.3829 allows remote attackers to execute arbitrary code via a long Logo parameter.
|
2007-08-31
|
PPStream PowerPlayer.dll ActiveX Logo Variable Arbitrary Code Execution
|
|
38422
Description:
(Description Provided by CVE) : SQL injection vulnerability in category.php in CartKeeper CKGold Shopping Cart 2.0 allows remote attackers to execute arbitrary SQL commands via the category_id parameter.
|
2007-08-31
|
CKGold Shopping Cart category.php category_id Variable SQL Injection
|
|
38427
Description:
(Description Provided by CVE) : SQL injection vulnerability in links.php in the Links MOD 1.2.2 and earlier for phpBB 2.0.22 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter in a search action.
|
2007-08-31
|
Links MOD for phpBB links.php search Action start Variable SQL Injection
|
|
41657
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
|
2007-08-30
|
Gallery WebDAV Module Unspecified File Manipulation
|
|
41658
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Gallery before 2.2.3 allow attackers to (1) rename items, (2) read and modify item properties, or (3) lock and replace items via unknown vectors in (a) the WebDAV module; and (4) edit unspecified data files using "linked items" in WebDAV and (b) Reupload modules.
|
2007-08-30
|
Gallery Reupload Module Linked Item Unspecified File Manipulation
|
|
36659
Description:
Cisco CallManager/Unified Communications Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the logon page not properly sanitizing user-supplied input to the lang variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.
|
2007-08-30
|
Cisco CallManager / CUCM Logon Page lang Variable SQL Injection
|
|
38184
Description:
MailMarshal contains a flaw that may allow a remote context-dependant attacker to overwrite arbitrary files on the target system. The issue is due to the server not properly handling TAR archives. With a specially crafted archive, an attacker may be able to trick a user into extracting the files and overwriting arbitrary files on the system. This could be used to install malicious software on the system.
|
2007-08-30
|
MailMarshal tar Archive Traversal Arbitrary File Overwrite
|
|
40496
Description:
(Description Provided by CVE) : The DataLoader::doStart function in dataloader.cpp in QGit 1.5.6 and other versions up to 2pre1 allows local users to overwrite arbtirary files and execute arbitrary code via a symlink attack on temporary files with predictable filenames.
|
2007-08-30
|
QGit dataloader.cpp DataLoader::doStart() Symlink Arbitrary File Overwrite
|
|
37445
Description:
Unknown / Incomplete
|
2007-08-30
|
Achievo ATK PHP_SELF XSS
|
|
40171
Description:
(Description Provided by CVE) : Buffer overflow in the pop3 service in Hexamail Server 3.0.0.001 Lite allows remote attackers to cause a denial of service (daemon crash) and probably execute arbitrary code via a long USER command.
|
2007-08-30
|
Hexamail Server pop3 Service USER Command Remote Overflow DoS
|
|
37310
Description:
(Description Provided by CVE) : Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312.
|
2007-08-30
|
Firebird Unspecified Remote File Enumeration
|
|
37311
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Services API in Firebird before 2.0.2 allows remote attackers to cause a denial of service, aka CORE-1149.
|
2007-08-30
|
Firebird Services API Unspecified Remote DoS
|
|
37312
Description:
(Description Provided by CVE) : Unspecified vulnerability in the server in Firebird before 2.0.2, when a Superserver/TCP/IP environment is configured, allows remote attackers to cause a denial of service (CPU and memory consumption) via "large network packets with garbage", aka CORE-1397.
|
2007-08-30
|
Firebird Server Crafted Packet Remote DoS
|
|
37313
Description:
(Description Provided by CVE) : Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to cause a denial of service (daemon crash) via an XNET session that makes multiple simultaneous requests to register events, aka CORE-1403.
|
2007-08-30
|
Firebird Server Crafted XNET Session Remote DoS
|
|
37314
Description:
(Description Provided by CVE) : Unspecified vulnerability in the (1) attach database and (2) create database functionality in Firebird before 2.0.2, when a filename exceeds MAX_PATH_LEN, has unknown impact and attack vectors, aka CORE-1405.
|
2007-08-30
|
Firebird attach / create Database Functions Unspecified Issue
|
|
37444
Description:
(Description Provided by CVE) : backup-manager-upload in Backup Manager before 0.6.3 provides the FTP server hostname, username, and password as plaintext command line arguments during FTP uploads, which allows local users to obtain sensitive information by listing the process and its arguments, a different vulnerability than CVE-2007-2766.
|
2007-08-30
|
Backup Manager FTP Upload Password Disclosure
|
|
36859
Description:
(Description Provided by CVE) : Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
|
2007-08-30
|
PHP php_openssl_make_REQ Function Overflow
|
|
36861
Description:
(Description Provided by CVE) : Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
|
2007-08-30
|
PHP strspn Function Overflow
|
|
36862
Description:
(Description Provided by CVE) : Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn function, which triggers an out-of-bounds read. NOTE: this affects different product versions than CVE-2007-3996.
|
2007-08-30
|
PHP strcspn Function Overflow
|
|
36863
Description:
(Description Provided by CVE) : Unspecified vulnerability in PHP before 5.2.4 has unknown impact and attack vectors, related to an "Improved fix for MOPB-03-2007," probably a variant of CVE-2007-1285.
|
2007-08-30
|
PHP Unspecified Issue (Zend Engine)
|
|
36864
Description:
(Description Provided by CVE) : The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
|
2007-08-30
|
PHP zend_alter_ini_entry Function Unspecified Issue
|
|
36865
Description:
(Description Provided by CVE) : The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
2007-08-30
|
PHP money_format Function Unspecified Issue
|
|
36866
Description:
(Description Provided by CVE) : The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
|
2007-08-30
|
PHP Session File Symlink open_basedir Restriction Bypass
|
|
36867
Description:
(Description Provided by CVE) : The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
|
2007-08-30
|
PHP MySQL Extension LOCAL INFILE Operation Security Restriction Bypass
|
|
36868
Description:
(Description Provided by CVE) : The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
|
2007-08-30
|
PHP MySQLi Extension LOCAL INFILE Operation Security Restriction Bypass
|
|
36869
Description:
(Description Provided by CVE) : The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execute arbitrary commands, as demonstrated using (a) php_value, (b) php_flag, and (c) directives in .htaccess.
|
2007-08-30
|
PHP Multiple Function .htaccess php_value Directive Arbitrary Command Execution
|
|
36870
Description:
(Description Provided by CVE) : Multiple integer overflows in libgd in PHP before 5.2.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large (1) srcW or (2) srcH value to the (a) gdImageCopyResized function, or a large (3) sy (height) or (4) sx (width) value to the (b) gdImageCreate or the (c) gdImageCreateTrueColor function.
|
2007-08-30
|
PHP libgd Multiple Functions Overflow
|
|
36739
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx index.php PATH_INFO Variable XSS
|
|
36740
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx nodeworx.php PATH_INFO Variable XSS
|
|
36742
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx users.php PATH_INFO Variable XSS
|
|
36743
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx lang.php PATH_INFO Variable XSS
|
|
36744
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx themes.php PATH_INFO Variable XSS
|
|
36745
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx setup.php PATH_INFO Variable XSS
|
|
36746
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx siteworx.php PATH_INFO Variable XSS
|
|
36747
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx packages.php PATH_INFO Variable XSS
|
|
36748
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx backup.php PATH_INFO Variable XSS
|
|
36749
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx import.php PATH_INFO Variable XSS
|
|
36750
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx scriptworx.php PATH_INFO Variable XSS
|
|
36751
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx resellers.php PATH_INFO Variable XSS
|
|
36752
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in InterWorx Hosting Control Panel (InterWorx-CP) Server Admin Level (NodeWorx) 3.0.2 (1) allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to index.php; and allow remote authenticated users to inject arbitrary web script or HTML via the PATH_INFO to (2) nodeworx.php, (3) users.php, (4) lang.php, (5) themes.php, (6) setup.php, (7) siteworx.php, (8) packages.php, (9) backup.php, (10) import.php, (11) scriptworx.php, (12) resellers.php, (13) reseller-packages.php, (14) http.php, (15) mail.php, (16) ftp.php, (17) mysql.php, (18) sshd.php, (19) nfs.php, (20) cron.php, (21) ip.php, (22) firewall.php, (23) updates.php, (24) rrd.php, or (25) cluster.php.
|
2007-08-30
|
InterWorx-CP NodeWorx reseller-packages.php PATH_INFO Variable XSS
|
