[CLOSE] OSVDB ID : 4048 - Disclosed: 2004-02-24

Description:

XMB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'tpp' and 'ascdesc' parameters in the forumdisplay.php module are not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 56910 - Disclosed: 2009-08-11

Description:

(Description Provided by CVE) : The Active Template Library (ATL) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via vectors related to erroneous free operations after reading a variant from a stream and deleting this variant, aka "ATL Object Type Mismatch Vulnerability."

[CLOSE] OSVDB ID : 53182 - Disclosed: 2009-04-03

Description:

(Description Provided by CVE) : Microsoft Office PowerPoint 2000 SP3, 2002 SP3, and 2003 SP3, and PowerPoint in Microsoft Office 2004 for Mac, allows remote attackers to execute arbitrary code via a PowerPoint file with an OutlineTextRefAtom containing an an invalid index value that triggers memory corruption, as exploited in the wild in April 2009 by Exploit:Win32/Apptom.gen, aka "Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 3337 - Disclosed: 2002-04-18

Description:

ColdFusion allows a remote attacker to learn the physical path of the web server. By requesting a URL with a DOS device file name such as "nul" or "prn", the server will return an error page that includes the physical path the web server runs from. This can be used to launch more focused attacks.

[CLOSE] OSVDB ID : 33481 - Disclosed: 2007-02-23

Description:

(Description Provided by CVE) : Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.

[CLOSE] OSVDB ID : 16074 - Disclosed: 2005-05-03

Description:

Mac OS X contains a flaw that allows a remote attacker to access files outside of the Bluetooth file and object exchange services directory path. The issue is due to Bluetooth OBEX not properly sanitizing user input, specifically traversal style attacks (../../).

[CLOSE] OSVDB ID : 26652 - Disclosed: 2006-06-19

Description:

Cisco CallManager contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed upon submission to the ccmuser/logon.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 1986 - Disclosed: 2001-11-14

Description:

Cisco IOS on 12000 series routers with does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries. It is possible that this flaw may allow unauthorized traffic to traverse the network.

[CLOSE] OSVDB ID : 24120 - Disclosed: 2006-03-25

Description:

ssCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable upon submission to the search.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 49230 - Disclosed: 2008-10-15

Description:

Microsoft Outlook Web Access (OWA) contains a flaw that allows attackers to arbitrarily redirect users via a URL in the URL parameter.

[CLOSE] OSVDB ID : 60521 - Disclosed: 2009-11-26

Description:

(Description Provided by CVE) : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

[CLOSE] OSVDB ID : 53626 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008 allows remote attackers to execute arbitrary code via a web page that triggers presence of an object in memory that was (1) not properly initialized or (2) deleted, aka "Uninitialized Memory Corruption Vulnerability."

[CLOSE] OSVDB ID : 5647 - Disclosed: 1994-01-01

Description:

Web Servers contain a flaw that may allow a remote attacker to arbitrary manipulate files. The issue is triggered when the HTTP method 'MOVE' is allowed. It is possible that the flaw may allow arbitrary file manipulation resulting in a loss of integrity.

[CLOSE] OSVDB ID : 77241 - Disclosed: 2003-01-17

Description:

By default, Siemens SIMATIC ProTool installs with a default password. The admin account has a password of "100" which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 3323 - Disclosed: 2001-05-01

Description:

Microsoft IIS contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable server. The issue is due to the .printer ISAPI (Internet Services Application Programming Interface) Internet Printing Protocol (IPP) filter, handled by \WINNT\System32\msw3prt.dll, containing a buffer overflow. When a buffer of 420 bytes is sent within the HTTP Host: header of a .printer ISAPI request, the buffer is overflowed allowing the attacker to overwrite the EIP register and execute arbitrary code with SYSTEM access.

[CLOSE] OSVDB ID : 95 - Disclosed: 1995-01-01

Description:

(Description Provided by CVE) : ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.

[CLOSE] OSVDB ID : 3399 - Disclosed: 2000-06-07

Description:

ColdFusion Web Server's administrative login page allows a remote attacker to launch a denial of service. The issue is due to a lack of sanity checks on user submitted content passed to the password field. If a password of 40,000 characters is provided, the web server may crash.

[CLOSE] OSVDB ID : 1294 - Disclosed: 2000-04-20

Description:

ZoneAlarm contains a flaw that may allow a remote attacker to bypass the ruleset. The issue is due to ZoneAlarm not monitoring and alerting UDP traffic with a source port of 67. This allows an attacker to bypass the firewall to reach protected hosts without setting off warnings on the firewall.

[CLOSE] OSVDB ID : 56982 - Disclosed: 2008-11-22

Description:

(Description Provided by CVE) : member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

[CLOSE] OSVDB ID : 14578 - Disclosed: 2005-03-05

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when sending a TCP packet with the SYN flag set and the same destination and source address and port, which causes the system to consume all available CPU resources, resulting in a loss of availability.

[CLOSE] OSVDB ID : 2117 - Disclosed: 1994-01-01

Description:

This host is running a web server that displayed no content. It appears as if each server was enabled, but was not configured or given web pages to serve. While this does not pose an immediate risk, this server appears to serve no purpose and may provide avenues of attack if vulnerabilities are published in the future. It should be noted that this web server may have a specific purpose that could not be determined during testing. This conclusion is due to a lack of content or a default "under construction" page displayed when requesting the root of the IP address, as well as not finding any known directories or links to content stored on these servers.

[CLOSE] OSVDB ID : 65141 - Disclosed: 2010-06-04

Description:

Adobe Flash Player contains a flaw in the ActionScript Virtual Machine 2 (AVM2). The issue is triggered when incorrectly calculating a pointer while handling the 'newfunction' instruction. With a specially crafted SWF file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 49736 - Disclosed: 2000-08-15

Description:

Windows contains a flaw that may allow a malicious remote user to execute arbitrary code. The issue is triggered by a flaw that allows an attacker to replay the NTLM credentials of a client user. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18011 - Disclosed: 2003-07-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 26882 - Disclosed: 2006-06-28

Description:

By default, Wireless Control System installs with a default password. The "root" account has a password of "public" which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 54797 - Disclosed: 2009-05-28

Description:

(Description Provided by CVE) : Unspecified vulnerability in the QuickTime Movie Parser Filter in quartz.dll in DirectShow in Microsoft DirectX 7.0 through 9.0c on Windows 2000 SP4, Windows XP SP2 and SP3, and Windows Server 2003 SP2 allows remote attackers to execute arbitrary code via a crafted QuickTime media file, as exploited in the wild in May 2009, aka "DirectX NULL Byte Overwrite Vulnerability."

[CLOSE] OSVDB ID : 38669 - Disclosed: 2007-11-12

Description:

Boinc Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search_string' variables upon submission to the forum_text_search_action.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 34846 - Disclosed: 2007-03-14

Description:

A memory corruption flaw exists in Mac OS X. The diskimages-helper application fails to disk images resulting in memory corruption. With a specially crafted disk image file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 40070 - Disclosed: 2008-01-08

Description:

A buffer overflow exists in Windows. The TCP/IP implementation fails to validate IGMPv3 and MLDv2 packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbtrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8398 - Disclosed: 2004-08-09

Description:

A remote overflow exists in AOL Instant Messenger. Instant Messenger fails to correctly limit the size of the value passed to the goaway function in the away feature resulting in a buffer overflow. A malicous user can create a specially crafted URI link that uses the 'aim:' handler and a long message value for the goaway parameter and post the link to a webpage or email. When a victim clicks on this link, or views an html document that invokes this link (such as <iframe>), the code included in the malicious URI may overwrite a Structured Exception Handler pointer which may be used to insert arbitrary code onto the stack. Once on the stack, the arbitrary code could then be executed resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23597 - Disclosed: 2006-03-02

Description:

Gallery contains a flaw that allows a remote attacker to delete files outside of the web path. The issue is due to the GallerySession.class not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the sessionId variable(s).

[CLOSE] OSVDB ID : 41073 - Disclosed: 2008-02-03

Description:

A buffer overflow exists in Facebook Photo Uploader ActiveX control. ImageUploader4.1.ocx fails to validate string data sent to the ExtractIptc() property resulting in a stack overflow. With a specially crafted web site, a context dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 55555 - Disclosed: 2009-07-02

Description:

Rentventory contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'product' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 1210 - Disclosed: 2000-01-27

Description:

Microsoft IIS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the webhits.dll library not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "CiWebHitsFile" variable. By supplying a crafted request to an htw script, it is possible to read arbitrary files on the system.

[CLOSE] OSVDB ID : 41495 - Disclosed: 2008-02-08

Description:

A buffer overflow exists in Acrobat and Reader. The Collab.collectEmailInfo() JavaScript method fails to validate string length resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 25837 - Disclosed: 2006-05-31

Description:

Snort contains a flaw that may allow a remote attacker to bypass IDS detection. The issue is triggered by adding a carriage return to the end of a URL, directly before the HTTP protocol declaration. It is possible that the flaw may allow bypass detection of "uricontent" rules resulting in a loss of integrity.

[CLOSE] OSVDB ID : 66441 - Disclosed: 2008-04-12

Description:

By default, Siemens SIMATIC installs with a default password for accessing the SQL database. The 'WinCCConnect' and 'WinCCAdmin' accounts have a password of '2WSXcder' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 14047 - Disclosed: 2005-02-22

Description:

vBulletin contains a flaw that may allow a malicious user to inject and execute arbitrary PHP code, because nested input passed to the "template" parameter in "misc.php" isn't properly verified and can be exploited. The issue is triggered when the "Add Template Name in HTML Comments" option is enabled. It is possible that the flaw may allow the injection and execution of arbitrary PHP code resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 32701 - Disclosed: 2007-01-15

Description:

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because Access.app/Contents/Resources/kcproxy is setuid root, but writable by members of the Admin group. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 22418 - Disclosed: 2006-01-04

Description:

The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because 'dm-crypt' does not zero out the 'struct crypt_config' structure before it is freed, potentially leaking cryptographic key information, resulting in a loss of confidentiality.