| OSVDB ID | Disclosure Date | Title |
|---|
|
58680
Description:
Unknown / Incomplete
|
2009-02-28
|
Puppet content Tag Mastered File Content Local Disclosure
|
|
57558
Description:
Content Management Made Easy (CMME) contains an unspecified flaw. No further details have been provided.
|
2009-02-28
|
Content Management Made Easy (CMME) Unspecified Issue
|
|
52365
Description:
CMSCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'maindatafunctions.php' script not properly sanitizing user-supplied input to the 'MenuLevel1' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-02-28
|
CMSCart maindatafunctions.php MenuLevel1 Parameter SQL Injection
|
|
53415
Description:
LinPHA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "imgid" variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-02-28
|
LinPHA actions/image_resized_view.php imgid Parameter XSS
|
|
53416
Description:
LinPHA contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "friend_full_name" variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-02-28
|
LinPHA admin.php friend_full_name Parameter XSS
|
|
53417
Description:
LinPHA contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions for the admin.php script. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2009-02-28
|
LinPHA admin.php Account Manipulation CSRF
|
|
52484
Description:
Unknown / Incomplete
|
2009-02-27
|
PHP Zip File Relative Path Handling DoS
|
|
52485
Description:
Unknown / Incomplete
|
2009-02-27
|
PHP explode() Empty String Handling Unspecified Issue
|
|
52486
Description:
(Description Provided by CVE) : The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
|
2009-02-27
|
PHP json_decode() Function Malformed String Handling Remote DoS
|
|
52487
Description:
Unknown / Incomplete
|
2009-02-27
|
PHP xml_error_string() Function Message Handling Off-by-one
|
|
54306
Description:
B2B Online Shop Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin.asp' script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
B2B Online Shop Creator admin.asp Multiple Parameter SQL Injection
|
|
54310
Description:
Webstore Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
Webstore Creator admin.asp Multiple Parameter SQL Injection
|
|
54308
Description:
B2B Horizontal Marketplace Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
B2B Horizontal Marketplace Creator admin.asp Multiple Parameter SQL Injection
|
|
54304
Description:
B2B Reverse Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
B2B Reverse Auction Creator admin.asp Multiple Parameter SQL Injection
|
|
54303
Description:
B2B Forward Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
B2B Forward Auction Creator admin.asp Multiple Parameter SQL Injection
|
|
54302
Description:
C2C Forward Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
C2C Forward Auction Creator admin.asp Multiple Parameter SQL Injection
|
|
54305
Description:
C2C Reverse Auction Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
C2C Reverse Auction Creator admin.asp Multiple Parameter SQL Injection
|
|
54309
Description:
B2C StoreBuilder Designer contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.asp script not properly sanitizing user-supplied input to the 'User ID' and 'Password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-02-27
|
B2C StoreBuilder Designer admin.asp Multiple Parameter SQL Injection
|
|
52529
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in BitDefender Internet Security 2009 allows user-assisted remote attackers to inject arbitrary web script or HTML via the filename of a virus-infected file, as demonstrated by a filename inside a (1) rar or (2) zip archive file.
|
2009-02-27
|
BitDefender Internet Security Crafted Archive Filename Handling XSS
|
|
53476
Description:
(Description Provided by CVE) : Unspecified vulnerability in Movable Type Pro and Community Solution 4.x before 4.24 has unknown impact and attack vectors, possibly related to the password recovery mechanism.
|
2009-02-27
|
Movable Type Unspecified Author Profile Data Disclosure
|
|
55438
Description:
Afian Document Manager contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the /css/includer.php script not properly sanitizing user input supplied to the 'files' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system. In addition, supplying an invalid file name will reveal the installation path of the software.
|
2009-02-27
|
Afian Document Manager /css/includer.php files Parameter Local File Inclusion
|
|
52300
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Protected Node module 5.x before 5.x-1.4 and 6.x before 6.x-1.5, a module for Drupal, allows remote authenticated users with "administer site configuration" permissions to inject arbitrary web script or HTML via the Password page info field, which is not properly handled by the protected_node_enterpassword function in protected_node.module.
|
2009-02-27
|
Protected Node Module for Drupal index.php protected_node_info Parameter XSS
|
|
52352
Description:
(Description Provided by CVE) : Stack-based buffer overflow in BreakPoint Software Hex Workshop 4.23, 6.0.1.4603, and other 6.x and earlier versions allows remote attackers to execute arbitrary code via a crafted Intel Hex Code (.hex) file. NOTE: some of these details are obtained from third party information.
|
2009-02-27
|
Hex Workshop Intel HEX Code File Handling Overflow
|
|
68693
Description:
(Description Provided by CVE) : Race condition in the FTPHandler class in ftpserver.py in pyftpdlib before 0.5.2 allows remote attackers to cause a denial of service (daemon outage) by establishing and then immediately closing a TCP connection, leading to the getpeername function having an ENOTCONN error, a different vulnerability than CVE-2010-3494.
|
2009-02-27
|
pyftpdlib ftpserver.py FTPHandler Class Race Condition TCP Connection Termination getpeername Function ENOTCONN Error Remote DoS
|
|
52503
Description:
APC PowerChute Business Edition contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'referrer' parameter upon submission to the 'security/applet' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-02-26
|
APC PowerChute Business Edition security/applet referrer Parameter XSS
|
|
55809
Description:
(Description Provided by CVE) : Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
|
2009-02-26
|
BarnOwl zcrypt.c GetZephyrVarKeyFile() Function zcrypt Message Handling Overflow
|
|
55810
Description:
(Description Provided by CVE) : Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
|
2009-02-26
|
BarnOwl zwrite.c Multiple Function Zephyr CC: List Reply Overflow
|
|
55811
Description:
(Description Provided by CVE) : Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
|
2009-02-26
|
BarnOwl Multiple Unspecified Overflows
|
|
55812
Description:
(Description Provided by CVE) : Multiple buffer overflows in (a) BarnOwl before 1.0.5 and (b) owl 2.1.11 allow remote attackers to execute arbitrary code via vectors involving (1) a crafted zcrypt message, related to zcrypt.c; (2) a reply command on a message with a Zephyr Cc: list, related to zwrite.c; and unspecified other use of the products.
|
2009-02-26
|
BarnOwl owl_zephyr_delsub Double-free Unspecified Issue
|
|
52827
Description:
(Description Provided by CVE) : OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
|
2009-02-26
|
OpenSC Low Level APDU Command PIN Requirement Bypass
|
|
52828
Description:
(Description Provided by CVE) : OpenSC before 0.11.7 allows physically proximate attackers to bypass intended PIN requirements and read private data objects via a (1) low level APDU command or (2) debugging tool, as demonstrated by reading the 4601 or 4701 file with the opensc-explorer or opensc-tool program.
|
2009-02-26
|
OpenSC Debugging Tools PIN Requirement Bypass
|
|
55172
Description:
Unknown / Incomplete
|
2009-02-26
|
Kmail on Ubuntu kmail/kmcommands.cpp KMUrlClickedCommand::execute() Function MIME Type URL Handling Weakness
|
|
52380
Description:
Unknown / Incomplete
|
2009-02-26
|
JOnAS ListMBeanDetails.do select Parameter XSS
|
|
52402
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.23 on z/OS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2009-02-26
|
IBM WebSphere Application Server (WAS) /ibm/console/ URI XSS
|
|
85206
Description:
Comodo Internet Security contains a flaw related to the antivirus component that may allow for a denial of service. The issue is triggered when a user opens an unspecified malformed file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).
|
2009-02-26
|
Comodo Internet Security Antivirus Component Unspecified File Handling DoS (2009-5126)
|
|
53559
Description:
Unknown / Incomplete
|
2009-02-26
|
POP Peeper UIDL Response Remote Overflow
|
|
53576
Description:
Unknown / Incomplete
|
2009-02-26
|
SHOUTcast Web Interface User-agent Field XSS
|
|
52286
Description:
Viewfield Module for Drupal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'description' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-02-26
|
Viewfield Module for Drupal index.php description Parameter XSS
|
|
52293
Description:
Unknown / Incomplete
|
2009-02-26
|
Coppermine Photo Gallery BBCode IMG Tag CSRF
|
|
52285
Description:
Taxonomy Theme Module for Drupal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-02-26
|
Taxonomy Theme Module for Drupal index.php name Parameter XSS
|
