| OSVDB ID | Disclosure Date | Title |
|---|
|
55589
Description:
Joomla! contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the HTTP_REFERER header. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-06-30
|
Joomla! HTTP_REFERER Header XSS
|
|
55590
Description:
Joomla! Frontend contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the PHP_SELF variable URI. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-06-30
|
Joomla! Frontend PHP_SELF Variable URI XSS
|
|
55591
Description:
(Description Provided by CVE) : Joomla! before 1.5.12 does not perform a JEXEC check in unspecified files, which allows remote attackers to obtain the installation path via unspecified vectors.
|
2009-06-30
|
Joomla! JEXEC Check Unspecified Path Disclosure
|
|
55562
Description:
Unknown / Incomplete
|
2009-06-30
|
NetBSD hack gethdate() Function PATH Environment Variable Local Overflow
|
|
55563
Description:
Unknown / Incomplete
|
2009-06-30
|
NetBSD hack main() Function GENOCIDED Environment Variable Local Overflow
|
|
55593
Description:
(Description Provided by CVE) : The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and has (2) a default password of admin for the admin account in the telnet interface; which makes it easier for remote attackers to obtain access.
|
2009-06-30
|
Huawei D100 Administrator Web Interface Default Password
|
|
55594
Description:
The Huawei D100 router does not restrict attempts to authenticate to the administrator account. This allows an attacker to conduct a brute force attack against the privileged account without any mechanism to stop or limit such guesses.
|
2009-06-30
|
Huawei D100 Admin Account Brute Force Attack Weakness
|
|
55595
Description:
(Description Provided by CVE) : The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by (1) reading a cookie file, by (2) sniffing the network for HTTP headers, and possibly by using unspecified other vectors.
|
2009-06-30
|
Huawei D100 Cookie Cleartext Admin Credential Disclosure
|
|
55596
Description:
(Description Provided by CVE) : The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
|
2009-06-30
|
Huawei D100 /en/lan_status_adv.asp Direct Request Information Disclosure
|
|
55597
Description:
(Description Provided by CVE) : The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
|
2009-06-30
|
Huawei D100 /en/wlan_basic_cfg.asp Direct Request Information Disclosure
|
|
55598
Description:
(Description Provided by CVE) : The Huawei D100 allows remote attackers to obtain sensitive information via a direct request to (1) lan_status_adv.asp, (2) wlan_basic_cfg.asp, or (3) lancfg.asp in en/, related to use of JavaScript to protect against reading file contents.
|
2009-06-30
|
Huawei D100 /en/lancfg.asp Direct Request Information Disclosure
|
|
55600
Description:
By default, the Huawei D100 modem ships with wireless capability turned on. The default configuration does not enable wireless encryption and is set to broadcast the SSID. These three configuration options allow an attacker to trivially find and associate to the device, as well as sniff unencrypted traffic from other clients.
|
2009-06-30
|
Huawei D100 Wi-Fi Default Configuration Multiple Weaknesses
|
|
55479
Description:
PunBB Vote For Us Module contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'voteforus.php' script not properly sanitizing user-supplied input to the 'out' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-30
|
PunBB Vote For Us Module voteforus.php out Parameter SQL Injection
|
|
55478
Description:
PunBB Affiliation Module contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the affiliates.php script not properly sanitizing user-supplied input to the in and out parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-30
|
PunBB Affiliation Module affiliates.php Multiple Parameter SQL Injection
|
|
55519
Description:
(Description Provided by CVE) : The NFSv4 server kernel module in Sun Solaris 10, and OpenSolaris before snv_119, does not properly implement the nfs_portmon setting, which allows remote attackers to access shares, and read, create, and modify arbitrary files, via unspecified vectors.
|
2009-06-30
|
Solaris NFSv4 Server Kernel Module nfs_portmon Tunable Shared Resource Restriction Bypass
|
|
55549
Description:
(Description Provided by CVE) : Unspecified vulnerability in the udp subsystem in the kernel in Sun Solaris 10, and OpenSolaris snv_90 through snv_108, when Solaris Trusted Extensions is enabled, allows remote attackers to cause a denial of service (panic) via unspecified vectors involving the crgetlabel function, related to a "TX panic." NOTE: this issue exists because of a regression in earlier kernel patches.
|
2009-06-30
|
Solaris Kernel udp(7p) Subsystem Trusted Extensions crgetlabel Function Unspecified DoS
|
|
55584
Description:
Member Awards Mod for Simple Machines Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'Sources/Profile.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-30
|
Member Awards Mod for Simple Machines Forum Sources/Profile.php id Parameter SQL Injection
|
|
55514
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in phpMyAdmin before 3.2.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted SQL bookmark.
|
2009-06-30
|
phpMyAdmin Crafted SQL Bookmark XSS
|
|
55505
Description:
(Description Provided by CVE) : admin.php in phpMyBlockchecker 1.0.0055 allows remote attackers to bypass authentication and gain administrative access by setting the PHPMYBCAdmin cookie to LOGGEDIN.
|
2009-06-30
|
phpMyBlockchecker PHPMYBCAdmin Cookie Manipulation Admin Authentication Bypass
|
|
55507
Description:
(Description Provided by CVE) : Stack-based buffer overflow in TFM MMPlayer 2.0, and possibly 2.0.0.30, allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
|
2009-06-30
|
MMPlayer M3U File Handling Overflow
|
|
55516
Description:
(Description Provided by CVE) : Unrestricted file upload vulnerability in member/uploads_edit.php in dedecms 5.3 allows remote attackers to execute arbitrary code by uploading a file with a double extension in the filename, then accessing this file via unspecified vectors, as demonstrated by a .jpg.php filename.
|
2009-06-30
|
dedecms member/uploads_edit.php Unrestricted File Upload Arbitrary Code Execution
|
|
55517
Description:
Empire CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the default URI in 'e/tool/gbook/' not properly sanitizing user-supplied input to the 'bid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-30
|
Empire CMS e/tool/gbook/ URI bid Parameter SQL Injection
|
|
55538
Description:
CWGuestBook Module for MDPro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'modules.php' script not properly sanitizing user-supplied input to the 'rid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-30
|
CWGuestBook Module for MDPro modules.php rid Parameter SQL Injection
|
|
55750
Description:
Related Sites Plugin for Wordpress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'BTE_RW_webajax.php' script not properly sanitizing user-supplied input to the 'guid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-06-30
|
Related Sites Plugin for Wordpress BTE_RW_webajax.php guid Parameter SQL Injection
|
|
55751
Description:
FormMailer contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'formmailer.admin.inc.php' script not properly sanitizing user input supplied to the 'BASE_DIR[jax_formmailer]' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-06-30
|
FormMailer formmailer.admin.inc.php BASE_DIR[jax_formmailer] Parameter Remote File Inclusion
|
|
56831
Description:
Application for Incident Response Teams (AIRT) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "status" variable upon submission to the incident.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-06-30
|
Application for Incident Response Teams (AIRT) incident.php status Parameter XSS
|
|
56832
Description:
Application for Incident Response Teams (AIRT) contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions for user additions. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2009-06-30
|
Application for Incident Response Teams (AIRT) users.php User Addition CSRF
|
|
61932
Description:
Simple Internet Publishing System (SIPS) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'search.php' script not properly sanitizing user input supplied to the 'config[sipssys]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-06-30
|
Simple Internet Publishing System (SIPS) search.php config[sipssys] Parameter Remote File Inclusion
|
|
61933
Description:
Simple Internet Publishing System (SIPS) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'readmore.php' script not properly sanitizing user input supplied to the 'config[sipssys]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-06-30
|
Simple Internet Publishing System (SIPS) readmore.php config[sipssys] Parameter Remote File Inclusion
|
|
61934
Description:
Simple Internet Publishing System (SIPS) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input supplied to the 'config[sipssys]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-06-30
|
Simple Internet Publishing System (SIPS) index.php config[sipssys] Parameter Remote File Inclusion
|
|
61935
Description:
Simple Internet Publishing System (SIPS) contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'search/submit.php' script not properly sanitizing user input supplied to the 'config[sipssys]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-06-30
|
Simple Internet Publishing System (SIPS) search/submit.php config[sipssys] Parameter Remote File Inclusion
|
|
66768
Description:
Unknown / Incomplete
|
2009-06-30
|
PHP Reference Return Value Handling Memory Corruption
|
|
87482
Description:
Jetty contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via error handler exception messages before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-06-30
|
Jetty Error Handler Exception Message XSS
|
|
87658
Description:
phpTrafficA contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input to the 'password' field on the login page. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-06-30
|
phpTrafficA Login Page password Field SQL Injection
|
|
83375
Description:
OOo4Kids contains a flaw that may allow a denial of service. The issue is triggered when opening a document containing a macro, and will result in loss of availability for the program.
|
2009-06-29
|
OOo4Kids Document Macro Handling DoS
|
|
55448
Description:
DM Albums Plugin for WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'wp-content/plugins/dm-albums/template/album.php' script not properly sanitizing user input supplied to the 'SECURITY_FILE' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-06-29
|
DM Albums Plugin for WordPress wp-content/plugins/dm-albums/template/album.php SECURITY_FILE Parameter Remote File Inclusion
|
|
55449
Description:
An overflow exists in HT-MP3Player. The HT-MP3Player fails to correctly handle long strings in .ht3 files resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2009-06-29
|
HT-MP3Player HT3 File Handling Overflow
|
|
55484
Description:
(Description Provided by CVE) : Directory traversal vulnerability in index.php in Clicknet CMS 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the side parameter.
|
2009-06-29
|
Clicknet CMS index.php side Parameter Traversal Arbitrary PHP Source Disclosure
|
|
55450
Description:
(Description Provided by CVE) : Directory traversal vulnerability in download.php in Audio Article Directory allows remote attackers to read arbitrary files via directory traversal sequences in the file parameter.
|
2009-06-29
|
Audio Article Directory download.php file Parameter Traversal Arbitrary File Access
|
|
55451
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Cross-Domain Controller (CDC) servlet in Sun Java System Access Manager 6 2005Q1, 7 2005Q4, and 7.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2009-06-29
|
Sun Java System Access Manager Cross-Domain Controller (CDC) Unspecified XSS
|
