| OSVDB ID | Disclosure Date | Title |
|---|
|
66106
Description:
(Description Provided by CVE) : The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
|
2010-05-31
|
PHP parse_str Function Userspace Interuption Memory Corruption
|
|
66105
Description:
(Description Provided by CVE) : The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
|
2010-05-31
|
PHP preg_match Function Userspace Interuption Memory Corruption
|
|
66104
Description:
(Description Provided by CVE) : The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
|
2010-05-31
|
PHP unpack / pack Functions Userspace Interuption Memory Corruption
|
|
66103
Description:
(Description Provided by CVE) : The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
|
2010-05-31
|
PHP ZEND_FETCH_RW Opcodes Userspace Interuption Memory Corruption
|
|
66102
Description:
(Description Provided by CVE) : The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
|
2010-05-31
|
PHP ZEND_*CONCAT Opcodes Userspace Interuption Memory Corruption
|
|
66101
Description:
(Description Provided by CVE) : The (1) parse_str, (2) preg_match, (3) unpack, and (4) pack functions; the (5) ZEND_FETCH_RW, (6) ZEND_CONCAT, and (7) ZEND_ASSIGN_CONCAT opcodes; and the (8) ArrayObject::uasort method in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) or trigger memory corruption by causing a userspace interruption of an internal function or handler. NOTE: vectors 2 through 4 are related to the call time pass by reference feature.
|
2010-05-31
|
PHP ArrayObject::uasort Method Userspace Interuption Memory Corruption
|
|
65158
Description:
(Description Provided by CVE) : transports/appendfile.c in Exim before 4.72, when a world-writable sticky-bit mail directory is used, does not verify the st_nlink field of mailbox files, which allows local users to cause a denial of service or possibly gain privileges by creating a hard link to another user's file.
|
2010-05-31
|
Exim transports/appendfile.c Hardlink Handling Arbitrary File Overwrite
|
|
65159
Description:
(Description Provided by CVE) : transports/appendfile.c in Exim before 4.72, when MBX locking is enabled, allows local users to change permissions of arbitrary files or create arbitrary files, and cause a denial of service or possibly gain privileges, via a symlink attack on a lockfile in /tmp/.
|
2010-05-31
|
Exim transports/appendfile.c MBX Locking Race Condition Permission Modification
|
|
65044
Description:
Unknown / Incomplete
|
2010-05-31
|
Linux Kernel Ext4 fs/ext4/extents.c ext4_fallocate() Function RLIMIT_FSIZE File Size Restriction Bypass
|
|
65160
Description:
IBM Lotus Connections contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'create' and 'edit' parameters upon submission to the Community Component. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-05-31
|
IBM Lotus Connections Community Component Multiple Parameter XSS
|
|
65165
Description:
IBM Lotus Connections contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'verbiage' parameter upon submission to the Bookmarks Component. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-05-31
|
IBM Lotus Connections Bookmarks Component verbiage Parameter XSS
|
|
65164
Description:
(Description Provided by CVE) : The bookmarklet pop-up in the Bookmarks component in IBM Lotus Connections 2.5.x before 2.5.0.2 does not properly follow the "force SSL" setting, which might make it easier for remote attackers to obtain the cleartext of network communication by sniffing the network, or spoof arbitrary servers via a man-in-the-middle attack.
|
2010-05-31
|
IBM Lotus Connections Bookmarklet Popup Window Unspecified Force SSL Option Issue
|
|
65163
Description:
(Description Provided by CVE) : The Top Updates implementation in the Homepage component in IBM Lotus Connections 2.5.x before 2.5.0.2, when "forced SSL" is enabled, uses http for links, which has unspecified impact and remote attack vectors.
|
2010-05-31
|
IBM Lotus Connections Homepage Component Top Updates Force SSL Option Issue
|
|
65162
Description:
IBM Lotus Connections contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate an unspecified parameter upon submission to the Mobile Blogs Component. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-05-31
|
IBM Lotus Connections Mobile Blogs Component Unspecified XSS
|
|
65161
Description:
(Description Provided by CVE) : Open redirect vulnerability in the Mobile component in IBM Lotus Connections 2.5.x before 2.5.0.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors, related to "mobile edit actions," aka SPR ASRE83PPVH.
|
2010-05-31
|
IBM Lotus Connections Unspecified Arbitrary Redirect
|
|
65514
Description:
Unknown / Incomplete
|
2010-05-31
|
HTML Purifier Wrapper Element Infinite Loop DoS
|
|
65489
Description:
Unknown / Incomplete
|
2010-05-31
|
Retroshare File List Size Client DoS
|
|
65105
Description:
eFront contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'math_server' parameter upon submission to the Admin Systems Settings Section. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-05-31
|
eFront Admin System Settings Section math_server Parameter XSS
|
|
65106
Description:
eFront contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the creation of an administrative user. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2010-05-31
|
eFront Admin User Creation CSRF
|
|
65347
Description:
(Description Provided by CVE) : Dameng DM Database Server allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors related to the SP_DEL_BAK_EXPIRED procedure in wdm_dll.dll, which triggers memory corruption.
|
2010-05-31
|
DM Database Server SP_DEL_BAK_EXPIRED Procedure Remote Memory Corruption
|
|
65493
Description:
Unknown / Incomplete
|
2010-05-31
|
Retroshare SSL Password Exposure
|
|
65494
Description:
Unknown / Incomplete
|
2010-05-31
|
Retroshare PGP Password Exposure
|
|
65515
Description:
Unknown / Incomplete
|
2010-05-31
|
HTML Purifier index.php Direct Execution Issue
|
|
67420
Description:
(Description Provided by CVE) : mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
|
2010-05-31
|
PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_ok_read Function Arbitrary Memory Content Disclosure
|
|
67419
Description:
(Description Provided by CVE) : The php_mysqlnd_read_error_from_line function in the Mysqlnd extension in PHP 5.3 through 5.3.2 does not properly calculate a buffer length, which allows context-dependent attackers to trigger a heap-based buffer overflow via crafted inputs that cause a negative length value to be used.
|
2010-05-31
|
PHP Mysqlnd Extension php_mysqlnd_read_error_from_line Function Negative Buffer Length Value Overflow
|
|
67418
Description:
(Description Provided by CVE) : Stack-based buffer overflow in the php_mysqlnd_auth_write function in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) username or (2) database name argument to the (a) mysql_connect or (b) mysqli_connect function.
|
2010-05-31
|
PHP Mysqlnd Extension php_mysqlnd_auth_write Function Multiple Overflows
|
|
67421
Description:
(Description Provided by CVE) : mysqlnd_wireprotocol.c in the Mysqlnd extension in PHP 5.3 through 5.3.2 allows remote attackers to (1) read sensitive memory via a modified length value, which is not properly handled by the php_mysqlnd_ok_read function; or (2) trigger a heap-based buffer overflow via a modified length value, which is not properly handled by the php_mysqlnd_rset_header_read function.
|
2010-05-31
|
PHP Mysqlnd Extension mysqlnd_wireprotocol.c php_mysqlnd_rset_header_read Function Overflow
|
|
68382
Description:
(Description Provided by CVE) : The fr_dhcp_decode function in lib/dhcp.c in FreeRADIUS 2.1.9, in certain non-default builds, does not properly handle the DHCP Relay Agent Information option, which allows remote attackers to cause a denial of service (infinite loop and daemon outage) via a packet that has more than one sub-option. NOTE: some of these details are obtained from third party information.
|
2010-05-31
|
FreeRADIUS lib/dhcp.c fr_dhcp_decode Function Relay Agent Information Option Infinite Loop Remote DoS
|
|
66100
Description:
(Description Provided by CVE) : The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
2010-05-30
|
PHP trim / ltrim / rtrim Functions Userspace Interuption Arbitrary Memory Content Disclosure
|
|
66099
Description:
(Description Provided by CVE) : The (1) trim, (2) ltrim, (3) rtrim, and (4) substr_replace functions in PHP 5.2 through 5.2.13 and 5.3 through 5.3.2 allow context-dependent attackers to obtain sensitive information (memory contents) by causing a userspace interruption of an internal function, related to the call time pass by reference feature.
|
2010-05-30
|
PHP substr_replace Function Userspace Interuption Arbitrary Memory Content Disclosure
|
|
65432
Description:
Unknown / Incomplete
|
2010-05-30
|
ID Quantique Quantum State Phase-Remapping MitM Weakness
|
|
65006
Description:
Zeeways eBay Clone Auction Script contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'msg' parameter upon submission to the 'signinform.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-05-30
|
Zeeways eBay Clone Auction Script signinform.php msg Parameter XSS
|
|
65009
Description:
SugarCRM contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as create arbitrary users with administrative privileges. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2010-05-30
|
SugarCRM Admin Account Creation CSRF
|
|
65010
Description:
CMScout Search Site Module contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'search' parameter upon submission to the Search Site Module script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-05-30
|
CMScout Search Site Module search Parameter XSS
|
|
65118
Description:
Symphony CMS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'mode' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2010-05-30
|
Symphony CMS index.php mode Parameter Traversal Arbitrary File Access
|
|
65346
Description:
Unknown / Incomplete
|
2010-05-30
|
NETGEAR WG602v4 auth_authorize() Function Password Handling Remote Overflow
|
|
67946
Description:
(Description Provided by CVE) : The network-play implementation in Mednafen before 0.8.D might allow remote servers to execute arbitrary code via unspecified vectors, related to "stack manipulation" issues.
|
2010-05-30
|
Mednafen Network Support Unspecified Remote Memory Corruption
|
|
85845
Description:
Little CMS Color Engine (lcms) is prone to multiple overflow conditions. The program fails to properly sanitize user-supplied input resulting in multiple integer overflows. This may allow an attacker to potentially execute arbitrary code or cause a denial of service.
|
2010-05-30
|
Little CMS Color Engine (lcms) Multiple Unspecified Integer Overflows
|
|
65103
Description:
(Description Provided by CVE) : The ISAPI Filter plug-in in Websense Enterprise, Websense Web Security, and Websense Web Filter 6.3.3 and earlier, when used in conjunction with a Microsoft ISA or Microsoft Forefront TMG server, allows remote attackers to bypass intended filtering and monitoring activities for web traffic via an HTTP Via header.
|
2010-05-29
|
Websense Enterprise ISAPI Filter Plug-in HTTP Via Header Access Restriction Bypass
|
|
76881
Description:
Fusebox contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ProductList.cfm script not properly sanitizing user-supplied input to the 'CatDisplay' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-05-29
|
Fusebox ProductList.cfm CatDisplay Parameter SQL Injection
|
