| OSVDB ID | Disclosure Date | Title |
|---|
|
56768
Description:
(Description Provided by CVE) : Unspecified vulnerability in IBM Tivoli Key Lifecycle Manager (TKLM) 1.0 has unknown impact and attack vectors, related to a "password security vulnerability."
|
2009-07-31
|
IBM Tivoli Key Lifecycle Manager TKLMAdmin Default Account
|
|
56715
Description:
Unknown / Incomplete
|
2009-07-31
|
SquirrelMail Multiple Plugins Trojaned Distribution
|
|
56750
Description:
(Description Provided by CVE) : Unspecified vulnerability in the com.android.phone process in Android 1.0, 1.1, and 1.5 allows remote attackers to cause a denial of service (network disconnection) via a crafted SMS message, as demonstrated by Collin Mulliner and Charlie Miller at Black Hat USA 2009.
|
2009-07-31
|
Google Android SMS com.android.phone Malformed SMS Message Remote DoS
|
|
56739
Description:
Unknown / Incomplete
|
2009-07-31
|
Linux Kernel current->clear_child_tid Process Handling Memory Corruption
|
|
56753
Description:
Unknown / Incomplete
|
2009-07-31
|
Epson Stylus SX100 Drivers Permission Weakness Local Privilege Escalation
|
|
56780
Description:
Windows contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a specially crafted call is submitted to win32k.sys's NtUSerConsoleControl function. This flaw may lead to a loss of Integrity.
|
2009-07-31
|
Microsoft Windows win32k.sys NtUserConsoleControl Function Memory Manipulation Local Privilege Escalation
|
|
81343
Description:
A memory corruption flaw exists in OpenJPEG. The tcd_free_encode() function in tcd.c fails to sanitize user-supplied input when decoding tile information from a Gray16 TIFF file resulting in memory corruption. This may allow a context-dependent attacker to execute arbitrary code.
|
2009-07-31
|
OpenJPEG tcd.c tcd_free_encode() Function Gray16 TIFF Image Tile Information Handling Remote Memory Corruption
|
|
56638
Description:
XOOPS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "op" variable upon submission to the viewpmsg.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-31
|
XOOPS modules/pm/viewpmsg.php op Parameter XSS
|
|
56650
Description:
Unknown / Incomplete
|
2009-07-31
|
yoyaku_v41 Unspecified Arbitrary Remote Command Injection
|
|
56639
Description:
AJ Matrix contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-07-31
|
AJ Matrix index.php id Parameter SQL Injection
|
|
56761
Description:
(Description Provided by CVE) : Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in a nickname field, related to the (1) silc_client_add_client, (2) silc_client_update_client, and (3) silc_client_nickname_format functions.
|
2009-07-31
|
SILC Client lib/silcclient/client_entries.c Format String
|
|
61993
Description:
XOOPS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate input from the query string upon submission to the 'modules/profile/user.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-07-31
|
XOOPS modules/profile/user.php Query String XSS
|
|
56763
Description:
wp-Table for WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'wptable-tinymce.php' script not properly sanitizing user input supplied to the 'ABSPATH' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
wp-Table Plugin for WordPress wptable-tinymce.php ABSPATH Parameter Remote File Inclusion
|
|
56734
Description:
Unknown / Incomplete
|
2009-07-30
|
Asbolute Software Computrace LoJack for Laptops Call Home Process Subversion
|
|
56778
Description:
(Description Provided by CVE) : Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to obtain sensitive information via vectors involving saving an SWF file to a hard drive, related to a "local sandbox vulnerability."
|
2009-07-30
|
Adobe Multiple Products SWF File Saving Unspecified Information Disclosure
|
|
56777
Description:
(Description Provided by CVE) : Integer overflow in the ActionScript Virtual Machine 2 (AVM2) abcFile parser in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an AVM2 file with a large intrf_count value that triggers a dereference of an out-of-bounds pointer.
|
2009-07-30
|
Adobe Multiple Products AVM2 intf_count Integer Overflow
|
|
56776
Description:
(Description Provided by CVE) : Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors involving URL parsing.
|
2009-07-30
|
Adobe Multiple Products URL Parsing Heap-based Overflow
|
|
56775
Description:
(Description Provided by CVE) : Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to trick a user into (1) selecting a link or (2) completing a dialog, related to a "clickjacking vulnerability."
|
2009-07-30
|
Adobe Multiple Products Unspecified Clickjacking
|
|
56774
Description:
(Description Provided by CVE) : Stack-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
|
2009-07-30
|
Adobe Multiple Products Unspecified Stack-based Overflow
|
|
56773
Description:
(Description Provided by CVE) : Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors, related to a "null pointer vulnerability."
|
2009-07-30
|
Adobe Multiple Products Unspecified Null Pointer Arbitrary Code Execution
|
|
56772
Description:
(Description Provided by CVE) : Heap-based buffer overflow in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unspecified vectors.
|
2009-07-30
|
Adobe Multiple Products Shockwave Flash Processing Object Re-use Arbitrary Code Execution
|
|
56771
Description:
(Description Provided by CVE) : Unspecified vulnerability in Adobe Flash Player before 9.0.246.0 and 10.x before 10.0.32.18, and Adobe AIR before 1.5.2, allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via unknown vectors, related to a "privilege escalation vulnerability."
|
2009-07-30
|
Adobe Flash Player on Mac OS X Unspecified Local Privilege Escalation
|
|
56616
Description:
Reset Backend Password Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to unspecified parameter(s). This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-07-30
|
Reset Backend Password Extension for TYPO3 Unspecified SQL Injection
|
|
56724
Description:
A remote overflow exists in Network Security Services (NSS). Network Security Services (NSS) and products containing it fail to properly parse a long domain name in the subject's Common Name (CN) field of an X.509 certificate resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.
|
2009-07-30
|
Mozilla Multiple Products Regex Parser X.509 Certificate Common Name (CN) Field Handling Overflow
|
|
56617
Description:
CoolURI Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to unspecified parameter(s). This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-07-30
|
CoolURI Extension for TYPO3 Unspecified SQL Injection
|
|
56660
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/left_rightslideopen/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the sitemap parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.
|
2009-07-30
|
dit.cms menus/left_rightslideopen/index.php sitemap Parameter Traversal Local File Inclusion
|
|
56661
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/side_pullout/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the sitemap parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.
|
2009-07-30
|
dit.cms menus/side_pullout/index.php sitemap Parameter Traversal Local File Inclusion
|
|
56662
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/slide_slideopen/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the sitemap parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.
|
2009-07-30
|
dit.cms menus/side_slideopen/index.php sitemap Parameter Traversal Local File Inclusion
|
|
56663
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/top_dropdown/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the sitemap parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.
|
2009-07-30
|
dit.cms menus/top_dropdown/index.php sitemap Parameter Traversal Local File Inclusion
|
|
56664
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/topside/index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the sitemap parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.
|
2009-07-30
|
dit.cms menus/topside/index.php sitemap Parameter Traversal Local File Inclusion
|
|
56665
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/left_rightslideopen/index.php script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from from the targeted host or an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
dit.cms menus/left_rightslideopen/index.php path Parameter Remote File Inclusion
|
|
56666
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/side_pullout/index.php script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from from the targeted host or an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
dit.cms menus/side_pullout/index.php path Parameter Remote File Inclusion
|
|
56667
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'menus/side_slideopen/index.php' script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from from the targeted host or an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
dit.cms menus/side_slideopen/index.php path Parameter Remote File Inclusion
|
|
56668
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the menus/simple/index.php script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from from the targeted host or an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
dit.cms menus/simple/index.php path Parameter Remote File Inclusion
|
|
56669
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'menus/top_dropdown/index.php' script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from from the targeted host or an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
dit.cms menus/top_dropdown/index.php path Parameter Remote File Inclusion
|
|
56670
Description:
dit.cms contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'menus/topside/index.php' script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from from the targeted host or an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.
|
2009-07-30
|
dit.cms menus/topside/index.php path Parameter Remote File Inclusion
|
|
56620
Description:
Miniweb contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the URI or 'begin' parameters upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-30
|
Miniweb index.php Multiple Parameter XSS
|
|
56621
Description:
Miniweb contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the URI upon submission to the directory/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-30
|
Miniweb directory/index.php URI XSS
|
|
56622
Description:
Miniweb contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the URI upon submission to the eventscalendar/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-30
|
Miniweb eventscalendar/index.php URI XSS
|
|
56623
Description:
Miniweb contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the URI upon submission to the faqmanager/index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-07-30
|
Miniweb faqmanager/index.php URI XSS
|
