[CLOSE] OSVDB ID : 54949 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Use-after-free vulnerability in Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code by repeatedly adding HTML document nodes and calling event handlers, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Objects Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 54950 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 7 for Windows XP SP2 and SP3; 7 for Server 2003 SP2; 7 for Vista Gold, SP1, and SP2; and 7 for Server 2008 SP2 allows remote attackers to execute arbitrary code via frequent calls to the getElementsByTagName function combined with the creation of an object during reordering of elements, followed by an onreadystatechange event, which triggers an access of an object that (1) was not properly initialized or (2) is deleted, aka "HTML Object Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 54951 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 8 for Windows XP SP2 and SP3; 8 for Server 2003 SP2; 8 for Vista Gold, SP1, and SP2; and 8 for Server 2008 SP2 does not properly handle objects in memory, which allows remote attackers to execute arbitrary code via "malformed row property references" that trigger an access of an object that (1) was not properly initialized or (2) is deleted, leading to memory corruption, aka "HTML Objects Memory Corruption Vulnerability" or "HTML Object Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 54940 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate changes to unspecified kernel objects, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Desktop Vulnerability."

[CLOSE] OSVDB ID : 54941 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate user-mode pointers in unspecified error conditions, which allows local users to gain privileges via a crafted application, aka "Windows Kernel Pointer Validation Vulnerability."

[CLOSE] OSVDB ID : 54942 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly validate an argument to an unspecified system call, which allows local users to gain privileges via a crafted application, aka "Windows Driver Class Registration Vulnerability."

[CLOSE] OSVDB ID : 54943 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The kernel in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP2 does not properly validate the user-mode input associated with the editing of an unspecified desktop parameter, which allows local users to gain privileges via a crafted application, aka "Windows Desktop Parameter Edit Vulnerability."

[CLOSE] OSVDB ID : 54939 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Buffer overflow in the Works for Windows document converters in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, Office 2007 SP1, and Works 8.5 and 9 allows remote attackers to execute arbitrary code via a crafted Works .wps file that triggers memory corruption, aka "File Converter Buffer Overflow Vulnerability."

[CLOSE] OSVDB ID : 54937 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The LDAP service in Active Directory on Microsoft Windows 2000 SP4 does not properly free memory for LDAP and LDAPS requests, which allows remote attackers to execute arbitrary code via a request that uses hexadecimal encoding, whose associated memory is not released, related to a "DN AttributeValue," aka "Active Directory Invalid Free Vulnerability." NOTE: this issue is probably a memory leak.

[CLOSE] OSVDB ID : 54938 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Memory leak in the LDAP service in Active Directory on Microsoft Windows 2000 SP4 and Server 2003 SP2, and Active Directory Application Mode (ADAM) on Windows XP SP2 and SP3 and Server 2003 SP2, allows remote attackers to cause a denial of service (memory consumption and service outage) via (1) LDAP or (2) LDAPS requests with unspecified OID filters, aka "Active Directory Memory Leak Vulnerability."

[CLOSE] OSVDB ID : 54936 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The RPC Marshalling Engine (aka NDR) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 does not properly maintain its internal state, which allows remote attackers to overwrite arbitrary memory locations via a crafted RPC message that triggers incorrect pointer reading, related to "IDL interfaces containing a non-conformant varying array" and FC_SMVARRAY, FC_LGVARRAY, FC_VARIABLE_REPEAT, and FC_VARIABLE_OFFSET, aka "RPC Marshalling Engine Vulnerability."

[CLOSE] OSVDB ID : 54952 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Open XML File Format Converter for Mac; and Microsoft Office Excel Viewer 2003 SP3 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Record Pointer Corruption Vulnerability."

[CLOSE] OSVDB ID : 54955 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Excel in Microsoft Office 2000 SP3 and Office XP SP3 allows remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "String Copy Stack-Based Overrun Vulnerability."

[CLOSE] OSVDB ID : 54956 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Excel in Microsoft Office 2000 SP3, Office XP SP3, Office 2003 SP3, and Office 2004 and 2008 for Mac; Excel in 2007 Microsoft Office System SP1 and SP2; Open XML File Format Converter for Mac; Microsoft Office Excel Viewer 2003 SP3; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a crafted Excel file with a malformed record object, aka "Field Sanitization Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 54958 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Excel in 2007 Microsoft Office System SP1 and SP2; Microsoft Office Excel Viewer; and Microsoft Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats SP1 and SP2 allow remote attackers to execute arbitrary code via a BIFF file with a malformed Qsir (0x806) record object, aka "Record Pointer Corruption Vulnerability."

[CLOSE] OSVDB ID : 54935 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Windows Search 4.0 for Microsoft Windows XP SP2 and SP3 and Server 2003 SP2 allows user-assisted remote attackers to inject arbitrary web script or HTML via a crafted file that appears in a preview in a search result, aka "Script Execution in Windows Search Vulnerability."

[CLOSE] OSVDB ID : 54932 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the EnumeratePrintShares function in Windows Print Spooler Service (win32spl.dll) in Microsoft Windows 2000 SP4 allows remote printer servers to execute arbitrary code via a a crafted ShareName in a response to an RPC request, related to "printing data structures," aka "Buffer Overflow in Print Spooler Vulnerability."

[CLOSE] OSVDB ID : 54933 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The Windows Printing Service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows local users to read arbitrary files via a crafted separator page, aka "Print Spooler Read File Vulnerability."

[CLOSE] OSVDB ID : 54934 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The Windows Print Spooler in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 SP2 allows remote authenticated users to gain privileges via a crafted RPC message that triggers loading of a DLL file from an arbitrary directory, aka "Print Spooler Load Library Vulnerability."

[CLOSE] OSVDB ID : 55049 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Unspecified vulnerability in rpc.nisd in Sun Solaris 8 through 10, and OpenSolaris before snv_104, allows remote authenticated users to cause a denial of service (NIS+ daemon hang) via unspecified vectors related to NIS+ callbacks.

[CLOSE] OSVDB ID : 54923 - Disclosed: 2009-06-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 54969 - Disclosed: 2009-06-09

Description:

DX Studio Pro Firefox plugin contains a flaw that may allow a context-dependent attacker to execute arbitrary commands. The issue is triggered when a specially crafted website is able to invoke the shell.execute method, due to insufficient input validation.

[CLOSE] OSVDB ID : 54968 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.

[CLOSE] OSVDB ID : 54967 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.

[CLOSE] OSVDB ID : 55018 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : admin.php in MRCGIGUY The Ticket System 2.0 does not properly restrict access, which allows remote attackers to (1) obtain sensitive configuration information via the editconfig action or (2) change the administrator's password via the id parameter in an editop action.

[CLOSE] OSVDB ID : 55128 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : GUPnP 0.12.7 allows remote attackers to cause a denial of service (crash) via an empty (1) subscription or (2) control message.

[CLOSE] OSVDB ID : 55414 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Use-after-free vulnerability in WebKit, as used in Apple Safari before 4.0, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Google Chrome 1.0.154.53, and possibly other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by setting an unspecified property of an HTML tag that causes child elements to be freed and later accessed when an HTML error occurs, related to "recursion in certain DOM event handlers."

[CLOSE] OSVDB ID : 56474 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : The WebDAV extension in Microsoft Internet Information Services (IIS) 5.0 on Windows 2000 SP4 does not properly decode URLs, which allows remote attackers to bypass authentication, and possibly read or create files, via a crafted HTTP request, aka "IIS 5.0 WebDAV Authentication Bypass Vulnerability," a different vulnerability than CVE-2009-1535.

[CLOSE] OSVDB ID : 56471 - Disclosed: 2009-06-09

Description:

(Description Provided by CVE) : Mozilla Firefox 3.0.10 and earlier on Linux allows remote attackers to cause a denial of service (application crash) via a URI for a large GIF image in the BACKGROUND attribute of a BODY element.

[CLOSE] OSVDB ID : 56647 - Disclosed: 2009-06-09

Description:

VehicleManager Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'toolbar_ext.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 56648 - Disclosed: 2009-06-09

Description:

MediaLibrary Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'toolbar_ext.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 56649 - Disclosed: 2009-06-09

Description:

The Ticket System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 56652 - Disclosed: 2009-06-09

Description:

RealEstateManager Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'toolbar_ext.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 56653 - Disclosed: 2009-06-09

Description:

BookLibrary Component For Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'toolbar_ext.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 56654 - Disclosed: 2009-06-09

Description:

AkoBook Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'gbid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 61422 - Disclosed: 2009-06-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 61662 - Disclosed: 2009-06-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 61664 - Disclosed: 2009-06-09

Description:

S-CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'plugin.php' script not properly sanitizing user-supplied input to the 'username' parameter and the 'username' cookie. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 61663 - Disclosed: 2009-06-09

Description:

S-CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'admin.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'plug' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 61661 - Disclosed: 2009-06-09

Description:

S-CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'plugin.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'file' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.