[CLOSE] OSVDB ID : 76887 - Disclosed: 2010-06-20

Description:

NetArt Media iBoutique contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'page' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Additionally, if a failed query is performed, the program will render the user's input without sanitizing it. This causes the resulting error message to potentially be used as a cross-site scripting (XSS) vector.

[CLOSE] OSVDB ID : 65644 - Disclosed: 2010-06-19

Description:

Plone CMS contains a flaw that allows a remote cross site scripting (XSS) attack. Users who can create content can exploit this flaw to circumvent the normal HTML filtering. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65726 - Disclosed: 2010-06-19

Description:

RSComments Component for Joomla! contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'website' and 'name' parameters upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65693 - Disclosed: 2010-06-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65789 - Disclosed: 2010-06-19

Description:

(Description Provided by CVE) : Stack-based buffer overflow in MoreAmp allows remote attackers to execute arbitrary code via a long line in a song list (.maf file).

[CLOSE] OSVDB ID : 65926 - Disclosed: 2010-06-19

Description:

CMS RedAks contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /search/ Controller script not properly sanitizing user-supplied input to the 'search_area' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76890 - Disclosed: 2010-06-19

Description:

Elite Gaming Ladders contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the standings.php script not properly sanitizing user-supplied input to the 'ladder[id]' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 66659 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65721 - Disclosed: 2010-06-18

Description:

JForum contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'username' parameter upon submission to the 'jforum.page' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65722 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65723 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65655 - Disclosed: 2010-06-18

Description:

WebKit contains an unspecified flaw. No further details have been provided by Apple.

[CLOSE] OSVDB ID : 65657 - Disclosed: 2010-06-18

Description:

WebKit contains a use-after-free error in JavaScriptCore that is triggered when handling page transitions. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 65764 - Disclosed: 2010-06-18

Description:

DotNetNuke contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the unspecified functionality. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 72673 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65632 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65763 - Disclosed: 2010-06-18

Description:

DotNetNuke contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when error occurs during installation or upgrade, which will disclose version information to a remote attacker.

[CLOSE] OSVDB ID : 65760 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66216 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65690 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65687 - Disclosed: 2010-06-18

Description:

(Description Provided by CVE) : Open&Compact FTP Server (Open-FTPD) 1.2 and earlier allows remote attackers to bypass authentication by sending (1) LIST, (2) RETR, (3) STOR, or other commands without performing the required login steps first.

[CLOSE] OSVDB ID : 65642 - Disclosed: 2010-06-18

Description:

Banner Management contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'trackads.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 65718 - Disclosed: 2010-06-18

Description:

Listbingo Component for Joomla! contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'title' and 'address2' parameters upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65660 - Disclosed: 2010-06-18

Description:

(Description Provided by CVE) : H264WebCam 3.7 allows remote attackers to cause a denial of service (crash) via a long URI in a GET request, which triggers a NULL pointer dereference. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 65758 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65689 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65720 - Disclosed: 2010-06-18

Description:

Listbingo Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'search_from_price' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 65761 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65762 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65765 - Disclosed: 2010-06-18

Description:

DotNetNuke contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the invalid HTML tags upon submission to the blacklist function. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65766 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65767 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65975 - Disclosed: 2010-06-18

Description:

(Description Provided by CVE) : Buffer overflow in Dan Pascu python-cjson 1.0.5, when UCS-4 encoding is enabled, allows context-dependent attackers to cause a denial of service (application crash) or possibly have unspecified other impact via vectors involving crafted Unicode input to the cjson.encode function.

[CLOSE] OSVDB ID : 66220 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66222 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66217 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66218 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66221 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 66223 - Disclosed: 2010-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65835 - Disclosed: 2010-06-17

Description:

(Description Provided by CVE) : Citrix XenServer 5.0 Update 2 and earlier, and 5.5 Update 1 and earlier, when using a pvops kernel, allows guest users to cause a denial of service in the host via unspecified vectors that trigger "incorrectly set flags."