| OSVDB ID | Disclosure Date | Title |
|---|
|
75509
Description:
Unknown / Incomplete
|
2011-04-12
|
Plogger plog-includes/plog-functions.php Path Disclosure
|
|
75510
Description:
Unknown / Incomplete
|
2011-04-12
|
Plogger plog-thumb.php Path Disclosure
|
|
75512
Description:
Unknown / Incomplete
|
2011-04-12
|
WebsiteBaker Multiple /modules/ Script Path Disclosure
|
|
75513
Description:
Unknown / Incomplete
|
2011-04-12
|
WebsiteBaker admin/users/add.php Multiple Parameter SQL Injection
|
|
75514
Description:
Unknown / Incomplete
|
2011-04-12
|
WebsiteBaker admin/groups/add.php group_name Parameter SQL Injection
|
|
80374
Description:
Unknown / Incomplete
|
2011-04-12
|
Tiki Wiki CMS LDAP Authentication Unspecified Issue
|
|
80611
Description:
Unknown / Incomplete
|
2011-04-12
|
VLC Media Player Underlying Libraries Unspecified Issue
|
|
74349
Description:
(Description Provided by CVE) : Unspecified vulnerability in HP NFS/ONCplus B.11.31.10 and earlier on HP-UX B.11.31 allows remote authenticated users to cause a denial of service via unknown vectors.
|
2011-04-11
|
HP-UX NFS/ONCplus Unspecified Remote DoS
|
|
74988
Description:
(Description Provided by CVE) : Yamaha RTX, RT, SRT, RTV, RTW, and RTA series routers with firmware 6.x through 10.x, and NEC IP38X series routers with firmware 6.x through 10.x, do not properly handle IP header options, which allows remote attackers to cause a denial of service (device reboot) via a crafted option that triggers access to an invalid memory location.
|
2011-04-11
|
Yamaha RT Series Routers IP Header Timestamp Option Parsing Remote DoS
|
|
73160
Description:
(Description Provided by CVE) : Unspecified vulnerability in the SNMP component on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to obtain sensitive information or modify data via vectors related to the Embedded Web Server (EWS).
|
2011-04-11
|
HP Photosmart Multiple Products Embedded Web Server SNMP Remote Information Disclosure
|
|
73161
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2011-04-11
|
HP Photosmart Multiple Products Unspecified XSS
|
|
71872
Description:
(Description Provided by CVE) : Directory traversal vulnerability in an unspecified servlet in the Inventory component in ZENworks Asset Management (ZAM) in Novell ZENworks Configuration Management 10.3 before 10.3.2, and 11, allows remote attackers to overwrite files, and subsequently execute arbitrary code, via directory traversal sequences in a filename field in an upload request.
|
2011-04-11
|
Novell ZENworks Configuration Management ZAM File Upload Traversal Remote Code Execution
|
|
73567
Description:
(Description Provided by CVE) : Red Hat Network (RHN) Satellite Server 5.3 and 5.4 does not properly rewrite unspecified URLs, which allows remote attackers to (1) obtain unspecified sensitive host information or (2) use the server as an inadvertent proxy to connect to arbitrary services and IP addresses via unspecified vectors.
|
2011-04-11
|
Red Hat Network Satellite Server Unspecified URL Rewrite Host Information Disclosure
|
|
73568
Description:
(Description Provided by CVE) : Red Hat Network (RHN) Satellite 5.3 and 5.4 exposes a dangerous, obsolete XML-RPC API, which allows remote authenticated users to access arbitrary files and cause a denial of service (failed yum operations) via vectors related to configuration and package group (comps.xml) files for channels.
|
2011-04-11
|
Red Hat Network Satellite Server comps.xml Channel File Obsolete XML-RPC API Arbitrary File Access
|
|
71684
Description:
IT Dashboard contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'value' parameter upon submission to the 'sites/all/modules/contrib/datatables/dataTables/media/examples_support/editable_ajax.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-04-11
|
IT Dashboard sites/all/modules/contrib/datatables/dataTables/media/examples_support/editable_ajax.php value Parameter XSS
|
|
72687
Description:
A memory corruption flaw exists in Microsoft Reader. The aud_file.dll library fails to sanitize user-supplied input certain audible audio content is written to a NULL byte, which will result in memory corruption. With a specially crafted AA file, a context-dependent attacker can execute arbitrary code.
|
2011-04-11
|
Microsoft Reader aud_file.dll Audible Audio File Handling Null Byte Memory Corruption
|
|
72695
Description:
Microsoft Reader is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted ITLS header piece, a remote attacker can potentially execute arbitrary code.
|
2011-04-11
|
Microsoft Reader ITLS Header Piece Handling Overflow
|
|
72696
Description:
Microsoft Reader is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an array overflow. With a specially crafted AOLL chunk, a remote attacker can potentially cause a denial of service or execute arbitrary code.
|
2011-04-11
|
Microsoft Reader AOLL Chunk Array Overflow
|
|
80373
Description:
Unknown / Incomplete
|
2011-04-11
|
Web Auction Output Cache Unspecified Cross-user Session Access
|
|
72685
Description:
Microsoft Reader is prone to an overflow condition. This issue is triggered by an integer overflow error in msreader.exe, when parsing certain eBook data a heap-based buffer overflow may occur. With a specially crafted LIT file, a context-dependent attacker can potentially execute arbitrary code.
|
2011-04-11
|
Microsoft Reader msreader.exe LIT File Handling Overflow
|
|
75580
Description:
(Description Provided by CVE) : The setup_cifs_sb function in fs/cifs/connect.c in the Linux kernel before 2.6.39 does not properly handle DFS referrals, which allows remote CIFS servers to cause a denial of service (system crash) by placing a referral at the root of a share.
|
2011-04-11
|
Linux Kernel CIFS Share Mounting DIFS Referral BUG_ON() Remote DoS
|
|
71691
Description:
Etki Video PRO contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the izle.asp script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
Etki Video PRO izle.asp id Parameter SQL Injection
|
|
71692
Description:
Etki Video PRO contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the kategori.asp script not properly sanitizing user-supplied input to the 'cat' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
Etki Video PRO kategori.asp cat Parameter SQL Injection
|
|
74986
Description:
Unknown / Incomplete
|
2011-04-11
|
Xceed Zip Compression Library ZIP File Handling Remote Overflow
|
|
71796
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'language' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance index.php language Parameter SQL Injection
|
|
71797
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the buy_services.php script not properly sanitizing user-supplied input to the 'language' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance buy_services.php language Parameter SQL Injection
|
|
71798
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the sell_services.php script not properly sanitizing user-supplied input to the 'language' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance sell_services.php language Parameter SQL Injection
|
|
71799
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the feedback_display.php script not properly sanitizing user-supplied input to the 'seller_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance feedback_display.php seller_id Parameter SQL Injection
|
|
71800
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the feedback_display_b.php script not properly sanitizing user-supplied input to the 'buyer_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance feedback_display_b.php buyer_id Parameter SQL Injection
|
|
71801
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the project_details.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance project_details.php id Parameter SQL Injection
|
|
71802
Description:
PHP-Lance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the categories.php script not properly sanitizing user-supplied input to the 'catid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-11
|
PHP-Lance categories.php catid Parameter SQL Injection
|
|
72686
Description:
Unknown / Incomplete
|
2011-04-11
|
Microsoft Reader msreader.exe Integer Underflow LIT File Handling Overflow
|
|
71694
Description:
PHP-Jokesite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the new_jokes.php script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-10
|
PHP-Jokesite new_jokes.php cat_id Parameter SQL Injection
|
|
71695
Description:
PHP-Jokesite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the top_ten_jokes.php script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-10
|
PHP-Jokesite top_ten_jokes.php cat_id Parameter SQL Injection
|
|
71696
Description:
PHP-Jokesite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the top_emailed_jokes.php script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-10
|
PHP-Jokesite top_emailed_jokes.php cat_id Parameter SQL Injection
|
|
71697
Description:
PHP-Jokesite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the creat_postcard.php script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-04-10
|
PHP-Jokesite creat_postcard.php cat_id Parameter SQL Injection
|
|
71786
Description:
Unknown / Incomplete
|
2011-04-09
|
Elxis CMS components/com_eforum/eforum.php Arbitrary File Upload PHP Code Execution
|
|
71705
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the MP4_ReadBox_skcr function in libmp4.c in the MP4 demultiplexer in VideoLAN VLC media player 1.x before 1.1.9 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted MP4 file.
|
2011-04-09
|
VLC Media Player modules/demux/mp4/libmp4.c MP4_ReadBox_skcr() Function Overflow
|
|
74995
Description:
(Description Provided by CVE) : acl.c in Tinyproxy before 1.8.3, when an Allow configuration setting specifies a CIDR block, permits TCP connections from all IP addresses, which makes it easier for remote attackers to hide the origin of web traffic by leveraging the open HTTP proxy server.
|
2011-04-09
|
tinyproxy Netmask Generation ACL Restriction Bypass
|
|
72120
Description:
DirectAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the MySQL database backupfiles are created in the 'mysql_backups' folder, which has no access restrictions, disclosing its contents to a remote attacker.
|
2011-04-09
|
DirectAdmin mysql_backups Folder MySQL Database Backup Local Disclosure
|
