[CLOSE] OSVDB ID : 43730 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : BolinOS 4.6.1 allows remote attackers to obtain sensitive information via a direct request to system/actionspages/_b/contentFiles/gBphpInfo.php, which calls the phpinfo function.

[CLOSE] OSVDB ID : 43668 - Disclosed: 2008-03-25

Description:

phpAddressBook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'info' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43686 - Disclosed: 2008-03-25

Description:

ManageEngine EventLog Analyzer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'searchText' variable upon submission to the 'searchAction.do' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43713 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in dload.php in the my_gallery 2.3 plugin for e107 allows remote attackers to obtain sensitive information via a full pathname in the file parameter. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43740 - Disclosed: 2008-03-25

Description:

A remote overflow exists in MPlayer. MPlayer fails to sanitize the 'StreamCount' variable resulting in an integer overflow. With a specially crafted request, an attacker can execute arbitrary code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 43762 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a crafted PKCS#1 message, which triggers an integer underflow, signedness error, and a buffer overflow. NOTE: the researcher describes this as an integer overflow, but CVE uses the "underflow" term in cases of wraparound from unsigned subtraction.

[CLOSE] OSVDB ID : 43923 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : Directory traversal vulnerability in mod.php in TopperMod 1.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the to parameter.

[CLOSE] OSVDB ID : 43940 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : Directory traversal vulnerability in forum/irc/irc.php in the PJIRC 0.5 module for phpBB allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter.

[CLOSE] OSVDB ID : 43941 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : SQL injection vulnerability in the Bernard Gilly AlphaContent (com_alphacontent) 2.5.8 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

[CLOSE] OSVDB ID : 43944 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : SQL injection vulnerability in account/index.php in TopperMod 2.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via a non-alphanumeric first character the localita parameter, which bypasses a protection mechanism.

[CLOSE] OSVDB ID : 43949 - Disclosed: 2008-03-25

Description:

Aeries Browser Interface contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'loginproc.asp' script not properly sanitizing user-supplied input to the 'SchlCode' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 44166 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : SQL injection vulnerability in haberoku.php in Serbay Arslanhan Bomba Haber 2.0 allows remote attackers to execute arbitrary SQL commands via the haber parameter.

[CLOSE] OSVDB ID : 44167 - Disclosed: 2008-03-25

Description:

Clever Copy contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'postview.php' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 44729 - Disclosed: 2008-03-25

Description:

(Description Provided by CVE) : The server in Blackboard Academic Suite 7.x stores MD5 password hashes that are provided directly by clients, which makes it easier for remote attackers to access accounts via a modified client that skips the javascript/md5.js hash calculation, and instead sends an arbitrary MD5 string.

[CLOSE] OSVDB ID : 43692 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the DoLBURPRequest function in libnldap in ndsd in Novell eDirectory 8.7.3.9 and earlier, and 8.8.1 and earlier in the 8.8.x series, allows remote attackers to cause a denial of service (daemon crash or CPU consumption) or execute arbitrary code via a long delRequest LDAP Extended Request message, probably involving a long Distinguished Name (DN) field.

[CLOSE] OSVDB ID : 43690 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : The SOAP interface to the eMBox module in Novell eDirectory 8.7.3.9 and earlier, and 8.8.x before 8.8.2, relies on client-side authentication, which allows remote attackers to bypass authentication via requests for /SOAP URIs, and cause a denial of service (daemon shutdown) or read arbitrary files. NOTE: it was later reported that 8.7.3.10 (aka 8.7.3 SP10) is also affected.

[CLOSE] OSVDB ID : 43613 - Disclosed: 2008-03-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43614 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : The send_user_mode function in s_user.c in (1) Undernet ircu 2.10.12.12 and earlier, (2) snircd 1.3.4 and earlier, and unspecified other ircu derivatives allows remote attackers to cause a denial of service (daemon crash) via a malformed MODE command.

[CLOSE] OSVDB ID : 43722 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Directory traversal vulnerability in pb_inc/admincenter/index.php in PowerScripts PowerBook 1.21 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the page parameter. NOTE: in some environments, this can be leveraged for remote file inclusion by using a UNC share pathname or an ftp, ftps, or ssh2.sftp URL.

[CLOSE] OSVDB ID : 43918 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.

[CLOSE] OSVDB ID : 43919 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in PowerPHPBoard 1.00b allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the (1) settings[footer] parameter to footer.inc.php and the (2) settings[header] parameter to header.inc.php.

[CLOSE] OSVDB ID : 44578 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : VLC before 0.8.6f allow remote attackers to cause a denial of service (crash) via a crafted Cinepak file that triggers an out-of-bounds array access and memory corruption.

[CLOSE] OSVDB ID : 48876 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.

[CLOSE] OSVDB ID : 48877 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : The rst parser (parser/text_rst.py) in MoinMoin 1.6.1 does not check the ACL of an included page, which allows attackers to read unauthorized include files via unknown vectors.

[CLOSE] OSVDB ID : 43665 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Directory traversal vulnerability in admin/admin_xs.php in eXtreme Styles module (XS-Mod) 2.3.1 and 2.4.0 for phpBB allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the phpEx parameter. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43688 - Disclosed: 2008-03-24

Description:

Photo Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'amessage' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43744 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Directory traversal vulnerability in cgi-bin/his-webshop.pl in HIS Webshop 2.50 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.

[CLOSE] OSVDB ID : 44602 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Linksys SPA-2102 Phone Adapter 3.3.6 allows remote attackers to cause a denial of service (crash) via a long ping packet ("ping of death"). NOTE: the severity of this issue has been disputed since there are limited attack scenarios.

[CLOSE] OSVDB ID : 44669 - Disclosed: 2008-03-24

Description:

(Description Provided by CVE) : Absolute path traversal vulnerability in SugarCRM Sugar Community Edition 4.5.1 and 5.0.0 allows remote attackers to read arbitrary files via a full path in the URL parameter to modules/Feeds/Feed.php, which places the contents into a related cache file in the .cache/feeds directory.

[CLOSE] OSVDB ID : 51115 - Disclosed: 2008-03-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53023 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53024 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'locate.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53025 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'search_results.php' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53026 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'classifieds/index.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53027 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'classifieds/view.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53028 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'controlcenter/index.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53029 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'controlcenter/manager.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53030 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'controlcenter/pass.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53031 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'controlcenter/remember.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 53032 - Disclosed: 2008-03-24

Description:

Quick Classifieds contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'controlcenter/sign-up.php3' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.