| OSVDB ID | Disclosure Date | Title |
|---|
|
53521
Description:
Unknown / Incomplete
|
2009-03-26
|
blog+ includes/block_left.php row_mysql_blocks_left[file] Parameter Traversal Local File Inclusion
|
|
53520
Description:
Unknown / Incomplete
|
2009-03-26
|
blog+ includes/block_right.php row_mysql_blocks_right[file] Parameter Traversal Local File Inclusion
|
|
53519
Description:
Unknown / Incomplete
|
2009-03-26
|
blog+ includes/window_down.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
|
|
53524
Description:
Unknown / Incomplete
|
2009-03-26
|
blog+ includes/window_top.php row_mysql_bloginfo[theme] Parameter Traversal Local File Inclusion
|
|
53580
Description:
(Description Provided by CVE) : Unspecified vulnerability in Sun OpenSolaris snv_100 through snv_101 allows local users, with privileges in a non-global zone, to execute arbitrary code in the global zone when a global-zone user is using mdb on a non-global zone process.
|
2009-03-26
|
OpenSolaris Non-global Zone MDB Handling Local Privilege Escalation
|
|
54108
Description:
Unknown / Incomplete
|
2009-03-26
|
iodine src/iodine.c handle_null_request() Function NULL Dereference DoS
|
|
53130
Description:
(Description Provided by CVE) : The SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (device reload or hang) via a crafted HTTPS packet.
|
2009-03-25
|
Cisco IOS SSLVPN Feature Crafted HTTPS Packet Remote DoS
|
|
53131
Description:
(Description Provided by CVE) : Memory leak in the SSLVPN feature in Cisco IOS 12.3 through 12.4 allows remote attackers to cause a denial of service (memory consumption and device crash) by disconnecting an SSL session in an abnormal manner, leading to a Transmission Control Block (TCB) leak.
|
2009-03-25
|
Cisco IOS SSLVPN Feature Abnormal SSL Session Termination Remote Memory Consumption DoS
|
|
53136
Description:
(Description Provided by CVE) : The (1) Airline Product Set (aka ALPS), (2) Serial Tunnel Code (aka STUN), (3) Block Serial Tunnel Code (aka BSTUN), (4) Native Client Interface Architecture (NCIA) support, (5) Data-link switching (aka DLSw), (6) Remote Source-Route Bridging (RSRB), (7) Point to Point Tunneling Protocol (PPTP), (8) X.25 for Record Boundary Preservation (RBP), (9) X.25 over TCP (XOT), and (10) X.25 Routing features in Cisco IOS 12.2 and 12.4 allows remote attackers to cause a denial of service (device reload) via a series of crafted TCP packets.
|
2009-03-25
|
Cisco IOS Multiple Functionality Crafted TCP Packet Sequence Remote DoS
|
|
53135
Description:
(Description Provided by CVE) : The (1) Cisco Unified Communications Manager Express; (2) SIP Gateway Signaling Support Over Transport Layer Security (TLS) Transport; (3) Secure Signaling and Media Encryption; (4) Blocks Extensible Exchange Protocol (BEEP); (5) Network Admission Control HTTP Authentication Proxy; (6) Per-user URL Redirect for EAPoUDP, Dot1x, and MAC Authentication Bypass; (7) Distributed Director with HTTP Redirects; and (8) TCP DNS features in Cisco IOS 12.0 through 12.4 do not properly handle IP sockets, which allows remote attackers to cause a denial of service (outage or resource consumption) via a series of crafted TCP packets.
|
2009-03-25
|
Cisco IOS Multiple Functionality IP Socket Handling Remote DoS
|
|
53137
Description:
(Description Provided by CVE) : Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when configured with (1) IP Service Level Agreements (SLAs) Responder, (2) Session Initiation Protocol (SIP), (3) H.323 Annex E Call Signaling Transport, or (4) Media Gateway Control Protocol (MGCP) allows remote attackers to cause a denial of service (blocked input queue on the inbound interface) via a crafted UDP packet.
|
2009-03-25
|
Cisco IOS Multiple Functionality Crafted UDP Packet Remote DoS
|
|
53129
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.
|
2009-03-25
|
Cisco IOS Mobile IP NAT Traversal MIPv6 Packet Handling Remote DoS
|
|
53127
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.
|
2009-03-25
|
Cisco IOS Mobile IP NAT Traversal Home Agent (HA) Implementation ICMP Packet Handling Remote DoS
|
|
53134
Description:
(Description Provided by CVE) : Memory leak in the Cisco Tunneling Control Protocol (cTCP) encapsulation feature in Cisco IOS 12.4, when an Easy VPN (aka EZVPN) server is enabled, allows remote attackers to cause a denial of service (memory consumption and device crash) via a sequence of TCP packets.
|
2009-03-25
|
Cisco IOS Cisco Tunneling Control Protocol (cTCP) Easy VPN (EZVPN) Server Memory Consumption Remote DoS
|
|
53133
Description:
(Description Provided by CVE) : Unspecified vulnerability in Cisco IOS 12.0 through 12.4, when SIP voice services are enabled, allows remote attackers to cause a denial of service (device crash) via a valid SIP message.
|
2009-03-25
|
Cisco IOS Voice Services Unspecified SIP Message Handling Remote DoS
|
|
53132
Description:
(Description Provided by CVE) : The SCP server in Cisco IOS 12.2 through 12.4, when Role-Based CLI Access is enabled, does not enforce the CLI view configuration for file transfers, which allows remote authenticated users with an attached CLI view to (1) read or (2) overwrite arbitrary files via an SCP command.
|
2009-03-25
|
Cisco IOS SCP Server Role-based CLI Access Attached CLI View Remote File Manipulation
|
|
53126
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the home agent (HA) implementation in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via an ICMP packet, aka Bug ID CSCso05337.
|
2009-03-25
|
Cisco IOS Mobile IPv6 Subsystem Home Agent (HA) Implementation ICMP Packet Handling Remote DoS
|
|
53128
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the (1) Mobile IP NAT Traversal feature and (2) Mobile IPv6 subsystem in Cisco IOS 12.3 through 12.4 allow remote attackers to cause a denial of service (input queue wedge and interface outage) via MIPv6 packets, aka Bug ID CSCsm97220.
|
2009-03-25
|
Cisco IOS Mobile IPv6 Subsystem MIPv6 Packet Handling Remote DoS
|
|
53648
Description:
(Description Provided by CVE) : Heap-based buffer overflow in Adobe Acrobat Reader 9 before 9.1, 8 before 8.1.4, and 7 before 7.1.1 allows remote attackers to execute arbitrary code via a PDF file with a malformed JBIG2 symbol dictionary segment, a different vulnerability than CVE-2009-1061 and CVE-2009-1062.
|
2009-03-25
|
Adobe Acrobat Reader PDF JBIG2 Symbol Dictionary Segment Handling Overflow
|
|
58988
Description:
Unknown / Incomplete
|
2009-03-25
|
Apache Hadoop Chukwa HICC Portal Unspecified XSS
|
|
52864
Description:
(Description Provided by CVE) : The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid encoded length.
|
2009-03-25
|
OpenSSL ASN1_STRING_print_ex() Function BMPString / UniversalString Handling DoS
|
|
52865
Description:
(Description Provided by CVE) : The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid but was actually invalid.
|
2009-03-25
|
OpenSSL CMS_verify() Function Malformed Signed Attribute Content Digest Validity Spoofing
|
|
52866
Description:
(Description Provided by CVE) : OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the public key of a certificate, as demonstrated by an RSA public key.
|
2009-03-25
|
OpenSSL Malformed ASN1 Structure Handling DoS
|
|
52925
Description:
PSCS VPOP3 Email Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'sess_folder' variables upon submission to 'homeplus.html'. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-03-25
|
PSCS VPOP3 Email Server homeplus.html sess_folder Parameter XSS
|
|
52894
Description:
Unknown / Incomplete
|
2009-03-25
|
Tokenauth Module for Drupal Form API RSS Feed Admin Authentication Bypass
|
|
52886
Description:
Unknown / Incomplete
|
2009-03-25
|
Vote Up/Down Module for Drupal Unspecified CSRF
|
|
52893
Description:
Unknown / Incomplete
|
2009-03-25
|
Wikitools Module for Drupal Unspecified XSS
|
|
53079
Description:
(Description Provided by CVE) : The txMozillaXSLTProcessor::TransformToDoc function in Mozilla Firefox before 3.0.8 and SeaMonkey before 1.1.16 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XML file with a crafted XSLT transform.
|
2009-03-25
|
Mozilla Multiple Products txMozillaXSLTProcessor::TransformToDoc Function Crafted XSLT Transform XML File Handling DoS
|
|
52926
Description:
PSCS VPOP3 Email Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'reason' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-03-25
|
PSCS VPOP3 Email Server index.php reason Parameter XSS
|
|
53582
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
|
2009-03-25
|
com_admin Component for Joomla! Unspecified XSS
|
|
53203
Description:
(Description Provided by CVE) : Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
|
2009-03-25
|
GNU screen /tmp/screen-exchange Temporary File Symlink Arbitrary File Overwrite
|
|
53491
Description:
Unknown / Incomplete
|
2009-03-25
|
PHPizabi index.php File Upload Arbitrary PHP Code Execution
|
|
53583
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
|
2009-03-25
|
com_search Component for Joomla! Unspecified XSS
|
|
53584
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Joomla! 1.5 through 1.5.9 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) com_admin component, (2) com_search component when "Gather Search Statistics" is enabled, and (3) the category view in the com_content component.
|
2009-03-25
|
com_content Component for Joomla! Category View XSS
|
|
53585
Description:
(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in the com_media component for Joomla! 1.5.x through 1.5.9 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
2009-03-25
|
Joomla! com_media Component Authentication Hijack CSRF
|
|
53617
Description:
(Description Provided by CVE) : GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
|
2009-03-25
|
GNU screen/tmp/screen-exchange Temporary File Local Information Disclosure
|
|
52870
Description:
phpMyAdmin contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate an unspecified cookie upon submission to the libraries/display_export.lib.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-03-24
|
phpMyAdmin libraries/display_export.lib.php pma_db_filename_template Cookie XSS
|
|
53076
Description:
(Description Provided by CVE) : Static code injection vulnerability in setup.php in phpMyAdmin 2.11.x before 2.11.9.5 and 3.x before 3.1.3.1 allows remote attackers to inject arbitrary PHP code into a configuration file via the save action.
|
2009-03-24
|
phpMyAdmin setup.php save Action Arbitrary PHP Code Injection
|
|
52869
Description:
Media Entertainment Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the view.php script not properly sanitizing user-supplied input to the id parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-03-24
|
Media Entertainment Script view.php id Parameter SQL Injection
|
|
53226
Description:
(Description Provided by CVE) : Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename variable).
|
2009-03-24
|
phpMyAdmin BLOB Streaming Feature bs_disp_as_mime_type.php file_path Parameter Traversal Arbitrary File Access
|
