[CLOSE] OSVDB ID : 51638 - Disclosed: 2009-01-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in error.asp in BBSXP 5.13 and earlier allows remote attackers to inject arbitrary web script or HTML via the message parameter.

[CLOSE] OSVDB ID : 51639 - Disclosed: 2009-01-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.

[CLOSE] OSVDB ID : 52014 - Disclosed: 2009-01-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53534 - Disclosed: 2009-01-23

Description:

(Description Provided by CVE) : Niels Provos Systrace before 1.6f on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 64-bit syscall with a syscall number that corresponds to a policy-compliant 32-bit syscall.

[CLOSE] OSVDB ID : 53535 - Disclosed: 2009-01-23

Description:

(Description Provided by CVE) : Niels Provos Systrace 1.6f and earlier on the x86_64 Linux platform allows local users to bypass intended access restrictions by making a 32-bit syscall with a syscall number that corresponds to a policy-compliant 64-bit syscall, related to race conditions that occur in monitoring 64-bit processes.

[CLOSE] OSVDB ID : 91641 - Disclosed: 2009-01-23

Description:

Libxslt contains an indexing flaw in the 'exsltStrReplaceFunction' function in libexslt/strings.c that is triggered when calling str:replace with an empty replacement element. With a specially crafted XSL stylesheet, an attacker can crash an application linked against the library.

[CLOSE] OSVDB ID : 51914 - Disclosed: 2009-01-22

Description:

(Description Provided by CVE) : The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.

[CLOSE] OSVDB ID : 53550 - Disclosed: 2009-01-22

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the qtdemux_parse_samples function in gst/qtdemux/qtdemux.c in GStreamer Good Plug-ins (aka gst-plugins-good) 0.10.9 through 0.10.11, and GStreamer Plug-ins (aka gstreamer-plugins) 0.8.5, might allow remote attackers to execute arbitrary code via crafted Time-to-sample (aka stts) atom data in a malformed QuickTime media .mov file.

[CLOSE] OSVDB ID : 53242 - Disclosed: 2009-01-22

Description:

(Description Provided by CVE) : Stack-based buffer overflow in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allows remote attackers to execute arbitrary code via a long OvOSLocale cookie, a variant of CVE-2008-0067.

[CLOSE] OSVDB ID : 51510 - Disclosed: 2009-01-22

Description:

FTPShell Server 4.3 suffers from buffer overflow vulnerability that can be exploited remotely or localy. It fails to perform adequate boundry condition of the input .key file, allowing us to overwrite the EAX and EDX registers. When trying to install licence with less than 8000 bytes we get a message: "It appears that your key file is corrupt or invalid.", but when installing a licence with 8000 bytes we get a message: "Your licence key has been succesfully loaded. Please restart the program." Note: When you restart the program, it will always crash untill you repair it or reinstall it.

[CLOSE] OSVDB ID : 51641 - Disclosed: 2009-01-22

Description:

(Description Provided by CVE) : Asp Project Management 1.0 allows remote attackers to bypass authentication and gain administrative access by setting the crypt cookie to 1.

[CLOSE] OSVDB ID : 51642 - Disclosed: 2009-01-22

Description:

Pardal CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'comentar.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51794 - Disclosed: 2009-01-22

Description:

OwnRS CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'autor.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51921 - Disclosed: 2009-01-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 52015 - Disclosed: 2009-01-22

Description:

(Description Provided by CVE) : Stack-based buffer overflow in VUPlayer 2.49 allows remote attackers to execute arbitrary code via a long .asf URI in the HREF attribute of a REF element in a .asx file.

[CLOSE] OSVDB ID : 53243 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in OvCgi/Toolbar.exe in HP OpenView Network Node Manager (OV NNM) 7.01, 7.51, and 7.53 allow remote attackers to execute arbitrary code via (1) a long OvAcceptLang cookie, which triggers the error in ov.dll and ovwww.dll, or (2) a long Accept-Language HTTP header, which triggers the error in ovwww.dll or libovwww.so.4.

[CLOSE] OSVDB ID : 51561 - Disclosed: 2009-01-21

Description:

BazaarBuilder Shopping Cart Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the cid parameter when the option parameter is set to com_prod and the task parameter is set to products. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 52317 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : The Certificate Authority Proxy Function (CAPF) service in Cisco Unified Communications Manager 5.x before 5.1(3e) and 6.x before 6.1(3) allows remote attackers to cause a denial of service (voice service outage) by sending malformed input over a TCP session in which the "client terminates prematurely."

[CLOSE] OSVDB ID : 52558 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the kernel in OpenSolaris snv_100 through snv_102 on the Sun UltraSPARC T2 and T2+ sun4v platforms allows local users to cause a denial of service (panic) via unknown vectors.

[CLOSE] OSVDB ID : 52316 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Cisco Security Manager 3.1 and 3.2 before 3.2.2, when Cisco IPS Event Viewer (IEV) is used, exposes TCP ports used by the MySQL daemon and IEV server, which allows remote attackers to obtain "root access" to IEV via unspecified use of TCP sessions to these ports.

[CLOSE] OSVDB ID : 51569 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in Tor before 0.2.0.33 has unspecified impact and remote attack vectors that trigger heap corruption.

[CLOSE] OSVDB ID : 53378 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Mozilla Firefox 3.0.5 allows remote attackers to trick a user into visiting an arbitrary URL via an onclick action that moves a crafted element to the current mouse position, related to a "Status Bar Obfuscation" and "Clickjacking" attack.

[CLOSE] OSVDB ID : 53191 - Disclosed: 2009-01-21

Description:

Trend Micro Internet Security and Trend Micro OfficeScan contain flaws that may allow a local denial of service. The 'ApiThread()' function in the Personal Firewall Service (TmPfw.exe) part of the Network Security Component (NSC) modules fails to properly sanitize user-supplied input, which will result in loss of availability for the service (default port 40000/TCP).

[CLOSE] OSVDB ID : 53192 - Disclosed: 2009-01-21

Description:

Trend Micro Internet Security and Trend Micro OfficeScan are prone to multiple overflow conditions. The 'ApiThread()' function in the Personal Firewall Service (TmPfw.exe) part of the Network Security Component (NSC) modules fails to properly sanitize user-supplied input resulting in heap-based buffer overflows. With specially crafted packets sent to port 40000/TCP, a local attacker can potentially execute arbitrary code with SYSTEM privileges.

[CLOSE] OSVDB ID : 53193 - Disclosed: 2009-01-21

Description:

Trend Micro Internet Security and Trend Micro OfficeScan contain a flaw related to how the Trend Micro Network Security Component (NSC) modules attempt to restrict unauthorized users from changing firewall settings. The issue is triggered when a local attacker instead of using the password restricted management interface, directly sends requests to the Trend Micro Personal Firewall service (TmPfw.exe) on port 40000/tcp. This may allow an attacker to bypass the password restriction, which is implemented in the GUI only, and configure firewall settings.

[CLOSE] OSVDB ID : 51923 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in mod_auth_mysql.c in the mod-auth-mysql (aka libapache2-mod-auth-mysql) module for the Apache HTTP Server 2.x, when configured to use a multibyte character set that allows a \ (backslash) as part of the character encoding, allows remote attackers to execute arbitrary SQL commands via unspecified inputs in a login request.

[CLOSE] OSVDB ID : 51524 - Disclosed: 2009-01-21

Description:

A remote overflow exists in Apple QuickTime Player. The media player fails to properly bounds check user input resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 51525 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QTVR movie file with crafted THKD atoms.

[CLOSE] OSVDB ID : 51526 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and execute arbitrary code via an AVI movie file with an invalid nBlockAlign value in the _WAVEFORMATEX structure.

[CLOSE] OSVDB ID : 51527 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted MP3 audio file.

[CLOSE] OSVDB ID : 51528 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a crafted H.263 encoded movie file that triggers memory corruption.

[CLOSE] OSVDB ID : 51529 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Integer signedness error in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a Cinepak encoded movie file with a crafted MDAT atom that triggers a heap-based buffer overflow.

[CLOSE] OSVDB ID : 51530 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Apple QuickTime before 7.6 allows remote attackers to cause a denial of service (application termination) and possibly execute arbitrary code via a QuickTime movie file containing invalid image width data in JPEG atoms within STSD atoms.

[CLOSE] OSVDB ID : 51531 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in Apple QuickTime MPEG-2 Playback Component before 7.60.92.0 on Windows allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a crafted MPEG-2 movie.

[CLOSE] OSVDB ID : 51920 - Disclosed: 2009-01-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 51604 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Sun Java System Application Server (AS) 8.1 and 8.2 allows remote attackers to read the Web Application configuration files in the (1) WEB-INF or (2) META-INF directory via a malformed request.

[CLOSE] OSVDB ID : 51726 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Buffer overflow in klim5.sys in Kaspersky Anti-Virus for Workstations 6.0 and Anti-Virus 2008 allows local users to gain privileges via an IOCTL 0x80052110 call.

[CLOSE] OSVDB ID : 51795 - Disclosed: 2009-01-21

Description:

Sigsiu Online Business Index 2 (SOBI2) Component for Mambo / Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'bid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51796 - Disclosed: 2009-01-21

Description:

Chess Club Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'game_id variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51797 - Disclosed: 2009-01-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in the beamospetition (com_beamospetition) 1.0.12 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via the pet parameter in a sign action.