| OSVDB ID | Disclosure Date | Title |
|---|
|
51111
Description:
Unknown / Incomplete
|
2008-03-30
|
TheGreenBow VPN Client Tgbike.exe Cleartext Local Credentials Disclosure
|
|
43926
Description:
(Description Provided by CVE) : Buffer overflow in InspIRCd before 1.1.18, when using the namesx and uhnames modules, allows remote attackers to cause a denial of service (daemon crash) via a large number of channel users with crafted nicknames, idents, and long hostnames.
|
2008-03-29
|
InspIRCd namesx / uhnames Modules Channel Users Handling Remote Overflow DoS
|
|
43927
Description:
(Description Provided by CVE) : WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (memory corruption and daemon crash) or possibly execute arbitrary code via a long URI in HTTP requests to TCP port 801. NOTE: some of these details are obtained from third party information.
|
2008-03-29
|
SLMail Pro Web Service (webcontainer.exe) URI Handling Memory Corruption DoS
|
|
43928
Description:
(Description Provided by CVE) : Stack consumption vulnerability in WebContainer.exe 1.0.0.336 and earlier in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (daemon crash) via a long request header in an HTTP request to TCP port 801. NOTE: some of these details are obtained from third party information.
|
2008-03-29
|
SLMail Pro Web Service (webcontainer.exe) HTTP Parameter Handling Overflow DoS
|
|
43929
Description:
(Description Provided by CVE) : Unspecified vulnerability in SLMail.exe in SLMail Pro 6.3.1.0 and earlier allows remote attackers to cause a denial of service (UDP service outage) via a large packet to UDP port 54. NOTE: some of these details are obtained from third party information.
|
2008-03-29
|
SLMail Pro UDP Packet Handling Overflow DoS
|
|
43925
Description:
(Description Provided by CVE) : Directory traversal vulnerability in 2X TFTP service (TFTPd.exe) 3.2.0.0 and earlier in 2X ThinClientServer 5.0_sp1-r3497 and earlier allows remote attackers to read or overwrite arbitrary files via a ... (dot dot dot) in the filename.
|
2008-03-29
|
2X ThinClientServer 2XTFTPd Service Traversal Arbitrary File Access
|
|
43908
Description:
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user accesses session data, which will disclose MySQL username and password information resulting in a loss of confidentiality.
|
2008-03-29
|
phpMyAdmin Session Data Credential / Secret Key Disclosure
|
|
43979
Description:
(Description Provided by CVE) : Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier, allows remote attackers to execute arbitrary code via an SWF file with a modified DeclareFunction2 Actionscript tag, which prevents an object from being instantiated properly.
|
2008-03-29
|
Adobe Flash Player DeclareFunction2 Embedded Actionscript Handling Arbitrary Code Execution (CanSecWest 2008 PWN2OWN)
|
|
48905
Description:
Unknown / Incomplete
|
2008-03-29
|
GreenSQL Console Unspecified CSRF
|
|
44018
Description:
Unknown / Incomplete
|
2008-03-29
|
Microsoft Windows Vista SP1 Page Protection Unspecified Bypass
|
|
48867
Description:
(Description Provided by CVE) : Unspecified vulnerability in phpns before 2.1.3 has unknown impact and attack vectors related to "activation permissions."
|
2008-03-29
|
phpns Activation Permissions Unspecified Issue
|
|
53212
Description:
Unknown / Incomplete
|
2008-03-29
|
SiteKiosk about URL File Download Restriction Bypass
|
|
43838
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
|
2008-03-29
|
Wireshark X.509sat Dissector Unspecified DoS
|
|
43839
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2 might also lead to a hang.
|
2008-03-29
|
Wireshark Roofnet Dissector Unspecified DoS
|
|
43840
Description:
(Description Provided by CVE) : The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
|
2008-03-29
|
Wireshark LDAP Dissector Unspecified DoS
|
|
43841
Description:
(Description Provided by CVE) : The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
|
2008-03-29
|
Wireshark SCCP Dissector Decode As Feature Unspecified DoS
|
|
43885
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in PHPkrm before 1.5.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2008-03-29
|
PHPkrm Unspecified XSS
|
|
43930
Description:
EfesTECH Video contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'default.asp' script not properly sanitizing user-supplied input to the 'catID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-03-29
|
EfesTECH Video default.asp catID Parameter SQL Injection
|
|
44463
Description:
(Description Provided by CVE) : Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue is due to an incomplete fix for CVE-2007-4965.
|
2008-03-29
|
Python imageop.c Crafted Images Multiple Overflows
|
|
54984
Description:
WebKit contains a typecasting flaw in the 'ConstDeclNode::handleSlowCase' function in JavaScriptCore/kjs/nodes.cpp when attempting to assign a JavaScript exception to a variable declared as a constant. With a specially crafted web page, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.
|
2008-03-29
|
WebKit 'ConstDeclNode::handleSlowCase' Function JavaScript Exception Handling Memory Corruption
|
|
52663
Description:
Unknown / Incomplete
|
2008-03-28
|
Microsoft IE Crafted Pop-up Directional Address Bar Spoofing
|
|
52662
Description:
Unknown / Incomplete
|
2008-03-28
|
Mozilla Firefox Crafted Pop-up Directional Address Bar Spoofing
|
|
43978
Description:
(Description Provided by CVE) : CDS Invenio 0.92.1 and earlier allows remote authenticated users to delete email notification alerts of arbitrary users via a modified internal UID.
|
2008-03-28
|
CDS Invenio Arbitrary User Email Notification Alerts Manipulation
|
|
51301
Description:
(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote attackers to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter to Sources/Themes.php. NOTE: CVE and multiple third parties dispute this issue because the files contain a protection mechanism against direct request.
|
2008-03-28
|
Simple Machines Forum (SMF) Multiple Script Remote File Inclusion
|
|
43845
Description:
(Description Provided by CVE) : Unspecified vulnerability in the SSH server in HP OpenVMS TCP/IP Services on OpenVMS on the Alpha platform with 5.4 before ECO 7, and on the Integrity and Alpha platforms with 5.5 before ECO 3 and 5.6 before ECO 2, allows remote attackers to obtain unspecified access via unknown vectors.
|
2008-03-28
|
OpenVMS SSH TCP/IP Services Unspecified Remote Privilege Escalation
|
|
43800
Description:
ManageEngine Applications Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'query' parameter upon submission to the Search.do script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2008-03-28
|
ManageEngine Applications Manager Search.do query Parameter XSS
|
|
43787
Description:
(Description Provided by CVE) : SQL injection vulnerability in eggBlog before 4.0.1 allows remote attackers to execute arbitrary SQL commands via an unspecified cookie. NOTE: this might overlap CVE-2008-0159.
|
2008-03-28
|
eggBlog _lib/user.php eb_login Function Cookie Handling SQL Injection
|
|
43963
Description:
(Description Provided by CVE) : SQL injection vulnerability in content/user.php in AuraCMS 2.2.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the country parameter.
|
2008-03-28
|
AuraCMS content/user.php country Parameter SQL Injection
|
|
48859
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in VeriSign Kontiki Delivery Management System (DMS) 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the action parameter to zodiac/servlet/zodiac.
|
2008-03-28
|
Kontiki Delivery Management System zodiac/servlet/zodiac action Parameter XSS
|
|
51236
Description:
Unknown / Incomplete
|
2008-03-28
|
XChat System Memory Cleartext Password Weakness
|
|
52807
Description:
MyAlbum Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'album' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-03-28
|
MyAlbum Component for Joomla! index.php album Parameter SQL Injection
|
|
74027
Description:
(Description Provided by CVE) : Open Ticket Request System (OTRS) before 2.2.7 sends e-mail containing a Bcc header field that lists the Blind Carbon Copy recipients, which allows remote attackers to obtain potentially sensitive e-mail address information by reading this field.
|
2008-03-28
|
OTRS (Open Ticket Request System) Bcc Header Field Email Recipient Remote Disclosure
|
|
44273
Description:
(Description Provided by CVE) : The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.
|
2008-03-27
|
GNU M4 maketemp / mkstemp Macros Output String Arbitrary File Processing
|
|
43837
Description:
(Description Provided by CVE) : Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
|
2008-03-27
|
FreeBSD libc strfmon() Multiple Overflows
|
|
44467
Description:
(Description Provided by CVE) : The JavaScript engine in Mozilla Firefox before 2.0.0.14, Thunderbird before 2.0.0.14, and SeaMonkey before 1.1.10 allows remote attackers to cause a denial of service (garbage collector crash) and possibly have other impacts via a crafted web page. NOTE: this is due to an incorrect fix for CVE-2008-1237.
|
2008-03-27
|
Mozilla Multiple Products Javascript Garbage Collector DoS
|
|
43981
Description:
(Description Provided by CVE) : Sympa before 5.4 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message with a malformed value of the Content-Type header and unspecified other headers. NOTE: some of these details are obtained from third party information.
|
2008-03-27
|
Sympa Malformed Content-Type Header Handling Remote DoS
|
|
43888
Description:
(Description Provided by CVE) : policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.
|
2008-03-27
|
policyd-weight for Postfix Socket Handling Unspecified Arbitrary File Manipulation
|
|
43767
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
|
2008-03-27
|
Elastic Path manager/getImportFileRedirect.jsp file Parameter Traversal Arbitrary File Access
|
|
43768
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
|
2008-03-27
|
Elastic Path importData.jsp file Variable Traversal Arbitrary File Upload
|
|
43769
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Elastic Path (EP) 4.1 and 4.1.1 allow remote attackers to (1) download arbitrary files via a .. (dot dot) in the file parameter to manager/getImportFileRedirect.jsp, (2) upload arbitrary files via a "..\" (dot dot backslash) in the file parameter to importData.jsp, and (3) list directory contents via a .. (dot dot) in the dir parameter to manager/fileManager.jsp.
|
2008-03-27
|
Elastic Path manager/fileManager.jsp dir Variable Traversal Arbitrary Directory Listing
|
