| OSVDB ID | Disclosure Date | Title |
|---|
|
63148
Description:
Unknown / Incomplete
|
2010-03-22
|
Mxserver UDP Packet Handling Remote Overflow
|
|
63165
Description:
(Description Provided by CVE) : The flood-protection feature in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser and inkjet printers and MarkNet devices allows remote attackers to cause a denial of service (TCP outage) by making many passive FTP connections and then aborting these connections.
|
2010-03-22
|
Lexmark Multiple Products FTP Service Exception Handler Flood Protection Remote DoS
|
|
63164
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the base, IPDS DLE, Forms DLE, Barcode DLE, Prescribe DLE, and Printcryption DLE components on certain Lexmark laser printers and multi-function printers allows remote attackers to execute arbitrary code or cause a denial of service (device hang) via a long argument to a PJL INQUIRE command.
|
2010-03-22
|
Lexmark Multiple Products PJL INQUIRE Command Handling Remote Overflow
|
|
63170
Description:
Unknown / Incomplete
|
2010-03-22
|
Cafu Client Printed Chat Message Format String
|
|
63322
Description:
(Description Provided by CVE) : JavaScriptCore.dll, as used in Apple Safari 4.0.5 on Windows XP SP3, allows remote attackers to cause a denial of service (application crash) via an HTML document composed of many successive occurrences of the <object> substring.
|
2010-03-22
|
Apple Safari on Windows JavaScriptCore.dll HTML Document Object Substring Occurrence DoS
|
|
63633
Description:
(Description Provided by CVE) : Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.
|
2010-03-22
|
Linux Kernel net/bluetooth/l2cap.c sysfs File Size Bluetooth Socket Saturation Remote DoS
|
|
63634
Description:
(Description Provided by CVE) : Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.
|
2010-03-22
|
Linux Kernel net/bluetooth/rfcomm/core.c sysfs File Size Bluetooth Socket Saturation Remote DoS
|
|
63635
Description:
(Description Provided by CVE) : Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.
|
2010-03-22
|
Linux Kernel net/bluetooth/rfcomm/sock.c sysfs File Size Bluetooth Socket Saturation Remote DoS
|
|
63636
Description:
(Description Provided by CVE) : Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) net/bluetooth/rfcomm/core.c, (3) net/bluetooth/rfcomm/sock.c, and (4) net/bluetooth/sco.c.
|
2010-03-22
|
Linux Kernel net/bluetooth/sco.c sysfs File Size Bluetooth Socket Saturation Remote DoS
|
|
63670
Description:
Teamsite Hack Plugin for WoltLab Burning Board contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'userid' parameter upon submission to the 'ts_other.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-22
|
Teamsite Hack Plugin for WoltLab Burning Board ts_other.php userid Parameter XSS
|
|
63819
Description:
(Description Provided by CVE) : Opera 10.50 allows remote attackers to obtain sensitive information via crafted XSLT constructs, which cause Opera to return cached contents of other pages.
|
2010-03-22
|
Opera Crafted XSLT Construct Cached Content Information Disclosure
|
|
63887
Description:
Unknown / Incomplete
|
2010-03-22
|
FUDforum Unsalted Password Storage Weakness
|
|
64548
Description:
Pay Per Watch & Bid Auktions System contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id_auk' parameter upon submission to the 'auktion.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-22
|
Pay Per Watch & Bid Auktions System auktion.php id_auk Parameter XSS
|
|
65492
Description:
Unknown / Incomplete
|
2010-03-22
|
Retroshare Unspecified xprogressbar Display Issue
|
|
63118
Description:
Heimdal contains a flaw that may allow a remote denial of service. The issue is triggered by an incorrect length check when decrypting connections, and will result in loss of availability for the service.
|
2010-03-21
|
Heimdal Data Decryption Length Check DoS
|
|
63119
Description:
Heimdal contains a flaw that may allow a remote denial of service. The issue is triggered when the HMAC implementation clears too much memory, and will result in loss of availability for the service.
|
2010-03-21
|
Heimdal HMAC Implementation Memory Clearing DoS
|
|
63122
Description:
notsoPureEdit contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'templates/template.php' script not properly sanitizing user input supplied to the 'content' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-03-21
|
notsoPureEdit templates/template.php content Parameter Remote File Inclusion
|
|
63126
Description:
Teamsite Hack plugin for WoltLab Burning Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'ts_other.php' script not properly sanitizing user-supplied input to the 'userid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-21
|
Teamsite Hack Plugin for WoltLab Burning Board ts_other.php userid Parameter SQL Injection
|
|
63623
Description:
WebMaid CMS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'cContactus.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'com' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2010-03-21
|
WebMaid CMS cContactus.php com Parameter Traversal Arbitrary File Access
|
|
63624
Description:
WebMaid CMS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'cGuestbook.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'com' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2010-03-21
|
WebMaid CMS cGuestbook.php com Parameter Traversal Arbitrary File Access
|
|
63625
Description:
WebMaid CMS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'cArticle.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'com' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2010-03-21
|
WebMaid CMS cArticle.php com Parameter Traversal Arbitrary File Access
|
|
63626
Description:
WebMaid CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'template/babyweb/index.php' script not properly sanitizing user input supplied to the 'template', 'menu', 'events', and 'SITEROOT' parameters. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-03-21
|
WebMaid CMS template/babyweb/index.php Multiple Parameter Remote File Inclusion
|
|
63627
Description:
WebMaid CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'template/calm/footer.php' script not properly sanitizing user input supplied to the 'modules' and 'copyright' parameters. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-03-21
|
WebMaid CMS template/calm/footer.php Multiple Parameter Remote File Inclusion
|
|
63628
Description:
WebMaid CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'template/calm/top.php' script not properly sanitizing user input supplied to the 'menu' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-03-21
|
WebMaid CMS template/calm/top.php menu Parameter Remote File Inclusion
|
|
63629
Description:
WebMaid CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the template/wm025/footer.php script not properly sanitizing user input supplied to the 'modules', 'copyright' and 'menu' parameters. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-03-21
|
WebMaid CMS template/wm025/footer.php Multiple Parameter Remote File Inclusion
|
|
64831
Description:
Unknown / Incomplete
|
2010-03-21
|
BlackBerry Hotspot Browsing Forced Rogue AP Access Weakness
|
|
63473
Description:
Microsoft Internet Explorer allows remote attackers to have an unspecified impact via a specially crafted XML document that references a crafted web site in the SRC attribute of an image element
|
2010-03-20
|
Microsoft IE XML Document Image Element SRC Attribute Unspecified Issue
|
|
63131
Description:
Pay Per Watch & Bid Auktions System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'auktion.php' script not properly sanitizing user-supplied input to the 'id_auk' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-20
|
Pay Per Watch & Bid Auktions System auktion.php id_auk Parameter SQL Injection
|
|
63375
Description:
Unknown / Incomplete
|
2010-03-20
|
eTimeTrack Biometric Device Management Null Password Weakness
|
|
64856
Description:
Unknown / Incomplete
|
2010-03-20
|
MX Simulator Server Unspecified Remote Overflow
|
|
64847
Description:
Unknown / Incomplete
|
2010-03-20
|
RemoteHelp HTTP Server Format String Remote DoS
|
|
65502
Description:
Unknown / Incomplete
|
2010-03-20
|
Microsoft IE Unspecified DoS
|
|
63145
Description:
vBulletin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'query' parameter upon submission to the 'search.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-19
|
vBulletin search.php query Parameter XSS
|
|
63246
Description:
Linux Kernel 2.6x contains a flaw that may allow a remote denial of service. The issue is triggered when the "l2cap_config_rsp()" function in net/bluetooth/l2cap.c receives a specially crafted packet, which will result in loss of availability (e.g., kernel crash) for the platform.
|
2010-03-19
|
Linux Kernel net/bluetooth/l2cap.c l2cap_config_rsp() Function Remote DoS
|
|
70483
Description:
Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when the 'igb_receive_skb 'function in 'drivers/net/igb/igb_main.c' in the Intel Gigabit Ethernet subsystem has SR-IOV and promiscuous mode enabled without any VLANs registered. This may allow a remote attacker to cause a NULL pointer dereference and panic denial of service via a VLAN tagged frame.
|
2010-03-19
|
Linux Kernel igb Subsystem drivers/net/igb/igb_main.c igb_receive_skb Function VLAN Tagged Frame NULL Dereference Remote DoS
|
|
63099
Description:
Limny contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'q', 'theme', 'language', 'tags', 'category', 'name', 'pageslinksby', 'itemsseperator', 'datetimetype', 'numberofposts', 'numebrofpages', 'showsummaryinfullview', "postlinksby", "postsseperator", 'email', 'content', 'summary' and 'text' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-03-19
|
Limny index.php Multiple Parameter SQL Injection
|
|
63100
Description:
Limny contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'q', 'theme', 'language', 'tags', 'category', 'name', 'pageslinksby', 'itemsseperator', 'datetimetype', 'pageslinksby', 'itemsseperator', 'datetimetype', 'email', 'content', 'text' and 'summary' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-19
|
Limny index.php Multiple Parameter XSS
|
|
63101
Description:
Unknown / Incomplete
|
2010-03-19
|
Limny modules/user/forgotpw.php Comfirmation Code Prediction Weakness
|
|
63102
Description:
Unknown / Incomplete
|
2010-03-19
|
Limny modules/user/signup.php Verification Code Prediction Weakness
|
|
63103
Description:
Limny contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the "block[title]" and "block[content]" parameters upon submission to the 'themes/gray/block.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-03-19
|
Limny themes/gray/block.php Multiple Parameter XSS
|
