| OSVDB ID | Disclosure Date | Title |
|---|
|
62658
Description:
PHP Trouble Ticket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'vedi_faq.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
PHP Trouble Ticket vedi_faq.php id Parameter SQL Injection
|
|
62612
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the Lotus Domino Web Access ActiveX control in IBM Lotus iNotes (aka Domino Web Access or DWA) 6.5, 7.0 before 7.0.4, 8.0, 8.0.2, and before 229.281 for Domino 8.0.2 FP4 allows remote attackers to execute arbitrary code via a long URL argument to an unspecified method, aka PRAD7JTNHJ.
|
2010-03-01
|
IBM Lotus Domino Web Access ActiveX Unspecified Overflow
|
|
62618
Description:
Baykus Yemek Tarifleri Scripti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'oku.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
Baykus Yemek Tarifleri Scripti oku.php id Parameter SQL Injection
|
|
62619
Description:
Baykus Yemek Tarifleri Scripti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'Admin/logpost.php' script not properly sanitizing user-supplied input to the 'ad' and 'pass' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
Baykus Yemek Tarifleri Scripti Admin/logpost.php Multiple Parameter SQL Injection
|
|
62620
Description:
YaNC Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'listid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
YaNC Component for Joomla! index.php listid Parameter SQL Injection
|
|
62627
Description:
ScriptsFeed Dating Software contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'searchmatch.php' script not properly sanitizing user-supplied input to the 'txtgender' 'txtlookgender' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
ScriptsFeed Dating Software searchmatch.php Multiple Parameter SQL Injection
|
|
62634
Description:
Pre Classified Listings ASP contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'address' parameter upon submission to the 'signup.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-01
|
Pre Classified Listings ASP signup.asp address Parameter XSS
|
|
62625
Description:
Blax Blog contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/girisyap.php' script not properly sanitizing user-supplied input to the 'kadi' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
Blax Blog admin/girisyap.php kadi Parameter SQL Injection Authentication Bypass
|
|
62624
Description:
Article Friendly contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'filename' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2010-03-01
|
Article Friendly index.php filename Parameter Traversal Local File Inclusion
|
|
62633
Description:
Docebo contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as create an arbitrary user with administrative privileges. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2010-03-01
|
Docebo Admin User Creation CSRF
|
|
62635
Description:
Pre Classified Listings ASP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'signup.asp' script not properly sanitizing user-supplied input to the 'email' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
Pre Classified Listings ASP signup.asp email Parameter SQL Injection
|
|
62636
Description:
Pre Classified Listings ASP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'detailad.asp' script not properly sanitizing user-supplied input to the 'siteid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-01
|
Pre Classified Listings ASP detailad.asp siteid Parameter SQL Injection
|
|
62783
Description:
(Description Provided by CVE) : Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
|
2010-03-01
|
IBM Informix Dynamic Server portmap.exe librpc.dll Authentication Functionality Multiple Overflows
|
|
62753
Description:
(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to hijack the authentication of unspecified victims via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
|
2010-03-01
|
IBM Lotus iNotes Get Filter and Referer Check Fixes Weakness CSRF
|
|
62754
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 allows remote attackers to inject arbitrary web script or HTML via vectors related to lack of "XSS/CSRF Get Filter and Referer Check fixes."
|
2010-03-01
|
IBM Lotus iNotes Get Filter and Referer Check Fixes Weakness XSS
|
|
62755
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the UltraLite functionality in IBM Lotus iNotes (aka Domino Web Access or DWA) before 229.281 for Domino 8.0.2 FP4 have unknown impact and attack vectors.
|
2010-03-01
|
IBM Lotus iNotes UltraLite Functionality Multiple Unspecified Issues
|
|
62802
Description:
Unknown / Incomplete
|
2010-03-01
|
Eshbel Priority marketgate/PriHtml.dll URI XSS
|
|
62845
Description:
(Description Provided by CVE) : The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
|
2010-03-01
|
KVM 83 x86 Emulator SMP Segment Register Selector Local Privilege Escalation
|
|
62907
Description:
(Description Provided by CVE) : Buffer overflow in qosmod in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
|
2010-03-01
|
IBM AIX bos.net.tcp.server qosmod Local Overflow
|
|
62908
Description:
(Description Provided by CVE) : Buffer overflow in qoslist in bos.net.tcp.server in IBM AIX 6.1 and VIOS 2.1 allows local users to gain privileges via unspecified vectors.
|
2010-03-01
|
IBM AIX bos.net.tcp.server qoslist Local Overflow
|
|
63198
Description:
Tracking Requirements & Use Cases (TRUC) contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'error' parameter upon submission to the 'login_reset_password_page.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-01
|
Tracking Requirements & Use Cases (TRUC) login_reset_password_page.php error Parameter XSS
|
|
63426
Description:
Unknown / Incomplete
|
2010-03-01
|
Ultimix Unspecified Issue
|
|
64814
Description:
Unknown / Incomplete
|
2010-03-01
|
Analytics360 Plugin for WordPress analytics360.php SQL Injection
|
|
64813
Description:
Unknown / Incomplete
|
2010-03-01
|
Discuz! eccredit.php uid Parameter XSS
|
|
65507
Description:
(Description Provided by CVE) : Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3, allow remote attackers to execute arbitrary code via a crafted parameter size.
|
2010-03-01
|
EMC Networker portmap.exe librpc.dll Authentication Functionality Multiple Overflows
|
