| OSVDB ID | Disclosure Date | Title |
|---|
|
66063
Description:
(Description Provided by CVE) : feh before 1.8, when the --wget-timestamp option is enabled, might allow remote attackers to execute arbitrary commands via shell metacharacters in a URL.
|
2010-06-25
|
feh --wget-timestamps URL Handling Shell Metacharacter Arbitrary Command Execution
|
|
66119
Description:
(Description Provided by CVE) : Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via an invalid offset in an unspecified undocumented opcode in ActionScript Virtual Machine 2, related to getouterscope, a different vulnerability than CVE-2010-2165, CVE-2010-2166, CVE-2010-2171, CVE-2010-2175, CVE-2010-2176, CVE-2010-2177, CVE-2010-2178, CVE-2010-2180, CVE-2010-2182, CVE-2010-2184, CVE-2010-2187, and CVE-2010-2188.
|
2010-06-25
|
Adobe Flash Player ActionScript Virtual Machine newFrameState Method Remote Overfow
|
|
66014
Description:
Unknown / Incomplete
|
2010-06-25
|
EDItran Communications Platform editcp Crafted TCP Packet Remote Overflow
|
|
76886
Description:
JExtensions JE Story Submit Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'view' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-25
|
JExtensions JE Story Submit Component for Joomla! index.php view Parameter SQL injection
|
|
67264
Description:
Unknown / Incomplete
|
2010-06-24
|
Google Chrome Video Handling Multiple Unspecified Memory Corruption
|
|
67265
Description:
Unknown / Incomplete
|
2010-06-24
|
Google Chrome Omnibox Loading Subresource Display Unspecified Issue
|
|
67263
Description:
Unknown / Incomplete
|
2010-06-24
|
Google Chrome x509-user-cert response Unspecified Stale Pointer Issue
|
|
65845
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in IBM Rational ClearQuest before 7.1.1.02 have unknown impact and attack vectors, as demonstrated by an AppScan report.
|
2010-06-24
|
IBM Rational ClearQuest Multiple Unspecified Issues
|
|
65809
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the paste.httpexceptions implementation in Paste before 1.7.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving a 404 status code, related to (1) paste.urlparser.StaticURLParser, (2) paste.urlparser.PkgResourcesParser, (3) paste.urlmap.URLMap, and (4) HTTPNotFound.
|
2010-06-24
|
Paste paste.httpexceptions 404 Message XSS
|
|
65730
Description:
Unknown / Incomplete
|
2010-06-24
|
Masquerade Module for Drupal Unspecified Action CSRF
|
|
65746
Description:
2daybiz Web Template contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'keyword' parameter upon submission to the 'category.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-06-24
|
2daybiz Web Template category.php keyword Parameter XSS
|
|
65747
Description:
2daybiz Web Template contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'password' parameter upon submission to the 'memberlogin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-06-24
|
2daybiz Web Template memberlogin.php password Parameter XSS
|
|
65748
Description:
2daybiz Web Template contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'customize.php' script not properly sanitizing user-supplied input to the 'tid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Web Template customize.php tid Parameter SQL Injection
|
|
65728
Description:
2daybiz Real Estate Portal Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'viewpropertydetails.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Real Estate Portal Script viewpropertydetails.php id Parameter SQL Injection
|
|
65770
Description:
Limny contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'q' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-06-24
|
Limny index.php q Parameter XSS
|
|
65712
Description:
2daybiz Matrimonial Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'customprofile.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Matrimonial Script customprofile.php id Parameter SQL Injection
|
|
65759
Description:
2daybiz B2B Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'companyinfo.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz B2B Portal companyinfo.php id Parameter SQL Injection
|
|
65713
Description:
2daybiz Freelance Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'project_details.php' script not properly sanitizing user-supplied input to the 'pid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Freelance Script project_details.php pid Parameter SQL Injection
|
|
65714
Description:
2daybiz Job Site Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view_current_job.php' script not properly sanitizing user-supplied input to the 'jid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Job Site Script view_current_job.php jid Parameter SQL Injection
|
|
65715
Description:
2daybiz Job Site Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'show_search_more.php' script not properly sanitizing user-supplied input to the 'job_iid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Job Site Script show_search_more.php job_iid Parameter SQL Injection
|
|
65716
Description:
2daybiz Job Site Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'show_search_result.php' script not properly sanitizing user-supplied input to the 'left_cat' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Job Site Script show_search_result.php left_cat Parameter SQL Injection
|
|
66203
Description:
OneCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
OneCMS search.php search Parameter SQL Injection
|
|
66204
Description:
OneCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
OneCMS index.php id Parameter SQL Injection
|
|
66205
Description:
OneCMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'Short1' parameter upon submission to the 'admin/admin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-06-24
|
OneCMS admin/admin.php Short1 Parameter XSS
|
|
65711
Description:
2daybiz Photo Sharing Script contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'search' parameter upon submission to the 'freesearch.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-06-24
|
2daybiz Photo Sharing Script freesearch.php search Parameter XSS
|
|
65710
Description:
2daybiz Photo Sharing Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'freesearch.php' script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Photo Sharing Script freesearch.php search Parameter SQL Injection
|
|
67297
Description:
(Description Provided by CVE) : Red Hat libvirt, possibly 0.6.1 through 0.8.2, looks up disk backing stores without referring to the user-defined main disk format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
|
2010-06-24
|
libvirt on Red Hat Linux Main Disk Format Disk Backing Store Lookup Guest OS Arbitrary File Access
|
|
67298
Description:
(Description Provided by CVE) : Red Hat libvirt, possibly 0.7.2 through 0.8.2, recurses into disk-image backing stores without extracting the defined disk backing-store format, which might allow guest OS users to read arbitrary files on the host OS, and possibly have unspecified other impact, via unknown vectors.
|
2010-06-24
|
libvirt on Red Hat Linux Disk Backing-store Format Disk-image Backing Stores Recursion Guest OS Arbitrary File Access
|
|
67299
Description:
(Description Provided by CVE) : Red Hat libvirt, possibly 0.6.0 through 0.8.2, creates new images without setting the user-defined backing-store format, which allows guest OS users to read arbitrary files on the host OS via unspecified vectors.
|
2010-06-24
|
libvirt on Red Hat Linux New Image Creation User-defined Backing-store Format Weakness Guest OS Arbitrary File Access
|
|
65738
Description:
(Description Provided by CVE) : Off-by-one error in Novell iManager 2.7, 2.7.3, and 2.7.3 FTF2 allows remote attackers to cause a denial of service (daemon crash) via a long tree parameter in a login request to nps/servlet/webacc.
|
2010-06-24
|
Novell iManager /nps/servlet/webacc/ Tree Parameter Off-by-One Remote DoS
|
|
65757
Description:
(Description Provided by CVE) : The S2 Security NetBox 2.5, 3.3, and 4.0, as used in the Linear eMerge 50 and 5000 and the Sonitrol eAccess, stores sensitive information under the web root with insufficient access control, which allows remote attackers to download node logs, photographs of persons, and backup files via unspecified HTTP requests.
|
2010-06-24
|
S2 NetBox Unspecified HTTP Request Directory Access Restriction Bypass
|
|
65877
Description:
(Description Provided by CVE) : Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6 and 3.7, when use_suexec is enabled, uses world-readable permissions for the localconfig files, which allows local users to read sensitive configuration fields, as demonstrated by the database password field and the site_wide_secret field.
|
2010-06-24
|
Bugzilla Install/Filesystem.pm localconfig Permission Weakness Multiple Configuration Field Local Disclosure
|
|
65800
Description:
activeCollab contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'module', 'action' and 'controller' parameters. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2010-06-24
|
activeCollab index.php Multiple Parameter Traversal Local File Inclusion
|
|
65802
Description:
2daybiz Video Community Portal Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'user-profile.php' script not properly sanitizing user-supplied input to the 'userid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Video Community Portal Script user-profile.php userid Parameter SQL Injection
|
|
65803
Description:
Unknown / Incomplete
|
2010-06-24
|
Cimy Counter Plugin for WordPress wp-content/plugins/cimy-counter/cc_redirect.php fn Parameter Arbitrary Site Redirect
|
|
65857
Description:
2daybiz Multi Level Marketing Software contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'username' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-06-24
|
2daybiz Multi Level Marketing Software index.php username Parameter SQL Injection
|
|
65878
Description:
(Description Provided by CVE) : Search.pm in Bugzilla 2.17.1 through 3.2.6, 3.3.1 through 3.4.6, 3.5.1 through 3.6, and 3.7 allows remote attackers to obtain potentially sensitive time-tracking information via a crafted search URL, related to a "boolean chart search."
|
2010-06-24
|
Bugzilla Search.pm Boolean Chart Search Crafted URL Time-tracking Remote Information Disclosure
|
|
65904
Description:
(Description Provided by CVE) : Install/Filesystem.pm in Bugzilla 3.5.1 through 3.6.1 and 3.7 through 3.7.1, when use_suexec is enabled, uses world-readable permissions within (1) .bzr/ and (2) data/webdot/, which allows local users to obtain potentially sensitive data by reading files in these directories, a different vulnerability than CVE-2010-0180.
|
2010-06-24
|
Bugzilla Install/Filesystem.pm Multiple Directory Permission Weakness Local Information Disclosure
|
|
65963
Description:
AdaptCMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/smarty/libs/init.php' script not properly sanitizing user input supplied to the 'sitepath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-06-24
|
AdaptCMS inc/smarty/libs/init.php sitepath Parameter Remote File Inclusion
|
|
65976
Description:
Unknown / Incomplete
|
2010-06-24
|
Monkey HTTP Daemon Multiple Unspecified DoS
|
