| OSVDB ID | Disclosure Date | Title |
|---|
|
52461
Description:
(Description Provided by CVE) : The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.
|
2009-03-03
|
Linux Kernel 32bit/64bit audit_syscall_entry Function 32/64 Bit Syscall Cross-handling Audit Configuration Restriction Bypass
|
|
52462
Description:
(Description Provided by CVE) : The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
|
2009-03-03
|
Linux Kernel seccomp Subsystem kernel/seccomp.c __secure_computing Function 32/64 Bit Syscall Cross-handling Access Restriction Bypass
|
|
55427
Description:
BlindBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'comment.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-03-03
|
BlindBlog comment.php id Parameter SQL Injection
|
|
55428
Description:
Unknown / Incomplete
|
2009-03-03
|
BlindBlog admin.login.php Authentication Bypass
|
|
55429
Description:
Unknown / Incomplete
|
2009-03-03
|
BlindBlog /admin/admin.php act Parameter Traversal Arbitrary File Access
|
|
52403
Description:
Unknown / Incomplete
|
2009-03-03
|
ZABBIX PHP Frontend include/validate.inc.php extlang Parameter Arbitrary PHP Code Execution
|
|
53653
Description:
(Description Provided by CVE) : nm-applet.conf in GNOME NetworkManager before 0.7.0.99 contains an incorrect deny setting, which allows local users to discover (1) network connection passwords and (2) pre-shared keys via calls to the GetSecrets method in the dbus request handler.
|
2009-03-03
|
GNOME NetworkManager nm-applet.conf dbus Request Handler GetSecrets Method Local Information Disclosure
|
|
52351
Description:
Jogjacamp JProfile Gold contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id_news' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-03
|
Jogjacamp JProfile Gold index.php id_news Parameter SQL Injection
|
|
52341
Description:
Unknown / Incomplete
|
2009-03-03
|
GhostScripter Amazon Shop add_review.php lang Parameter Traversal Local File Inclusion
|
|
52322
Description:
(Description Provided by CVE) : Insecure method vulnerability in the ImeraIEPlugin ActiveX control (ImeraIEPlugin.dll 1.0.2.54) in Imera TeamLinks Client allows remote attackers to force the download and execution of arbitrary URLs via modified DownloadProtocol, DownloadHost, DownloadPort, and DownloadURI parameters.
|
2009-03-03
|
Imera ImeraIEPlugin.Pilot.1 ActiveX (ImeraIEPlugin.dll) DownloadHost Property Arbitrary Code Execution
|
|
52698
Description:
(Description Provided by CVE) : Buffer overflow in FileZilla Server before 0.9.31 allows remote attackers to cause a denial of service via unspecified vectors related to SSL/TLS packets.
|
2009-03-03
|
FileZilla Server SSL/TLS Packet Handling Overflow DoS
|
|
52342
Description:
Unknown / Incomplete
|
2009-03-03
|
GhostScripter Amazon Shop index.php lang Parameter Traversal Local File Inclusion
|
|
52343
Description:
Unknown / Incomplete
|
2009-03-03
|
GhostScripter Amazon Shop cart.php asin Parameter Traversal Local File Inclusion
|
|
52344
Description:
Unknown / Incomplete
|
2009-03-03
|
GhostScripter Amazon Shop info.php asin Parameter Traversal Local File Inclusion
|
|
52404
Description:
Unknown / Incomplete
|
2009-03-03
|
ZABBIX PHP Frontend users.php CSRF
|
|
52405
Description:
ZABBIX PHP Frontend contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'locales.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'srclang' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2009-03-03
|
ZABBIX PHP Frontend locales.php srclang Parameter Traversal Local File Inclusion
|
|
53654
Description:
(Description Provided by CVE) : GNOME NetworkManager before 0.7.0.99 does not properly verify privileges for dbus (1) modify and (2) delete requests, which allows local users to change or remove the network connections of arbitrary users via unspecified vectors related to org.freedesktop.NetworkManagerUserSettings and at_console.
|
2009-03-03
|
GNOME NetworkManager dbus Multiple Arbitrary Network Connection Manipulation
|
|
54707
Description:
Dogfood CRM contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by insufficient data validation in the spell.php script. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2009-03-03
|
Dogfood CRM Mail spell.php Remote Command Execution
|
|
64538
Description:
Unknown / Incomplete
|
2009-03-03
|
Easy Chat Server chat.ghp Long Password Remote Overflow
|
|
52413
Description:
(Description Provided by CVE) : Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly communicate with restricted intranet sites, via a crafted web page that causes a client to send HTTP requests with a modified Host header.
|
2009-03-02
|
Blue Coat ProxySG Transparent Interception Mode HTTP Host Header Dependancy Media Access Control Bypass
|
|
52767
Description:
Unknown / Incomplete
|
2009-03-02
|
Fujitsu Jasmine2000 Enterprise Edition WebLink Unspecified Overflow
|
|
52768
Description:
Unknown / Incomplete
|
2009-03-02
|
Fujitsu Jasmine2000 Enterprise Edition WebLink Unspecified DoS
|
|
52769
Description:
Unknown / Incomplete
|
2009-03-02
|
Fujitsu Jasmine2000 Enterprise Edition WebLink Unspecified XSS
|
|
52476
Description:
Graugon PHP Article Publisher contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'c' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-02
|
Graugon PHP Article Publisher index.php c Parameter SQL Injection
|
|
52477
Description:
Graugon PHP Article Publisher contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-02
|
Graugon PHP Article Publisher view.php id Parameter SQL Injection
|
|
52478
Description:
(Description Provided by CVE) : admin.php in Graugon PHP Article Publisher 1.0 allows remote attackers to bypass authentication and obtain administrative access by setting the g_admin cookie to 1.
|
2009-03-02
|
Graugon PHP Article Publisher Crafted g_admin Cookie Admin Authentication Bypass
|
|
53116
Description:
(Description Provided by CVE) : Multiple buffer overflows in GNU MPFR 2.4.0 allow context-dependent attackers to cause a denial of service (crash) via the (1) mpfr_snprintf and (2) mpfr_vsnprintf functions.
|
2009-03-02
|
GNU MPFR printf.c mpfr_snprintf() / mpfr_vsnprintf() Functions Overflow
|
|
57852
Description:
Unknown / Incomplete
|
2009-03-02
|
Squid Unspecified Remote DoS
|
|
52347
Description:
Unknown / Incomplete
|
2009-03-02
|
Cambium Group CMS Web Form Arbitrary Mail Relay
|
|
52301
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
|
2009-03-02
|
NovaNET on Windows nnwindtb.dll DtbClsLogin Function Overflow DoS
|
|
52302
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the DtbClsLogin function in NovaStor NovaNET 12 allows remote attackers to (1) execute arbitrary code on Linux platforms via a long username field during backup domain authentication, related to libnnlindtb.so; or (2) cause a denial of service (daemon crash) on Windows platforms via a long username field during backup domain authentication, related to nnwindtb.dll. NOTE: some of these details are obtained from third party information.
|
2009-03-02
|
NovaNET on Linux libnnlindtb.so DtbClsLogin Function Overflow
|
|
52303
Description:
Unknown / Incomplete
|
2009-03-02
|
eXtplorer index.php lang Parameter Traversal Local File Inclusion
|
|
52353
Description:
(Description Provided by CVE) : admin/save_user.asp in Digital Interchange Document Library 1.0.1 does not require administrative authentication, which allows remote attackers to read or modify the administrator's credentials via unspecified vectors. NOTE: some of these details are obtained from third party information.
|
2009-03-02
|
Document Library save_user.asp Admin Credentials Disclosure
|
|
52346
Description:
(Description Provided by CVE) : Multiple heap-based buffer overflows in Media Commands 1.0 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a long string in a (1) M3U, (2) M3l, (3) TXT, and (4) LRC playlist file.
|
2009-03-02
|
Media Commands Multiple Playlist File Handling Overflow
|
|
52338
Description:
DigiStore Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'pid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-02
|
DigiStore Component for Joomla! index.php pid Parameter SQL Injection
|
|
52355
Description:
Blogsa contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'searchText' parameters upon submission to the 'Widgets.aspx' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-03-02
|
Blogsa Widgets.aspx searchText Parameter XSS
|
|
52543
Description:
(Description Provided by CVE) : The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a denial of service (network bandwidth and CPU consumption) via a crafted legacy unicast mDNS query packet that triggers a multicast packet storm.
|
2009-03-02
|
avahi-daemon avahi-core/server.c originates_from_local_legacy_unicast_socket Function mDNS Query Packet Handling DoS
|
|
54037
Description:
RitsBlog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'jobs.php' script not properly sanitizing user-supplied input to the 'p' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-03-02
|
RitsBlog jobs.php p Parameter SQL Injection
|
|
54038
Description:
Unknown / Incomplete
|
2009-03-02
|
RitsBlog index.php body Parameter XSS
|
|
55363
Description:
Unknown / Incomplete
|
2009-03-02
|
Cambium Group CMS Unspecified XSS
|
