[CLOSE] OSVDB ID : 22121 - Disclosed: 2005-12-29

Description:

Various ImageMagick utilities fail to correctly validate image file names. The issue is triggered when specially crafted shell commands are part of the file name provided. It is possible that the flaw may allow execution of arbitrary shell commands, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 59860 - Disclosed: 2009-11-10

Description:

Excel contains a flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is triggered by a specially crafted Excel document that contains a malformed FEATHEADER object.

[CLOSE] OSVDB ID : 66320 - Disclosed: 2010-06-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33876 - Disclosed: 2007-05-07

Description:

(Description Provided by CVE) : Advanced Guestbook 2.4.2 allows remote attackers to obtain sensitive information via an invalid (1) GB_TBL parameter to (a) lang/codes-english.php or (b) image.php, which reveal the database name; (2) an invalid GB_DB parameter to index.php, coupled with a ../index lang cookie, which reveals the installation path; or (3) a direct request to index.php with no parameters or cookies, which reveals the installation path.

[CLOSE] OSVDB ID : 57797 - Disclosed: 2009-09-09

Description:

Microsoft Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a series of TCP sessions with pending data, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 12931 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'ask_password.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 62000 - Disclosed: 2010-01-28

Description:

ccNewsletter Component for Joomla! contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'controller' parameter(when "option" is set to "com_ccnewsletter"). This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 53619 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : Windows HTTP Services (aka WinHTTP) in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008; and WinINet in Microsoft Internet Explorer 5.01 SP4, 6 SP1, 6 and 7 on Windows XP SP2 and SP3, 6 and 7 on Windows Server 2003 SP1 and SP2, 7 on Windows Vista Gold and SP1, and 7 on Windows Server 2008; allows remote web servers to capture and replay NTLM credentials, and execute arbitrary code, via vectors related to absence of a "credential-reflection protections" opt-in step, aka "Windows HTTP Services Credential Reflection Vulnerability" and "WinINet Credential Reflection Vulnerability."

[CLOSE] OSVDB ID : 34732 - Disclosed: 2007-05-14

Description:

A remote overflow exists in Samba. The application fails to properly verify user-suplied input when parsing RPC requests to the SPOOLSS RPC interface resulting in a heap-based overflow. With a specially crafted request to RFNPCNEX, an attacker can cause heap space to be overwritten and possible trigger the execution of arbitrary code resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 69685 - Disclosed: 2010-12-07

Description:

Exim is prone to a remote overflow condition. The string_format function fails to properly sanitize user-supplied input resulting in a heap buffer overflow. With a specially crafted request, a local attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 66387 - Disclosed: 2010-07-16

Description:

Windows contains a flaw that may allow an attacker to execute arbitrary code. The issue is triggered by a specially crafted .LNK or .PIF shortcut file which contains an icon resource that points to a malicious DLL file.

[CLOSE] OSVDB ID : 26834 - Disclosed: 2006-07-01

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (crash) by setting the Filter property of an ADODB.Recordset ActiveX object to certain values multiple times, which triggers a null dereference.

[CLOSE] OSVDB ID : 492 - Disclosed: 1990-01-01

Description:

DNS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the host's DNS name server allows zone transfers to replicate zone information between master and slave DNS servers. If zone transfers have not been restricted to authorized slave servers only, a remote attacker could disclose sensitive network information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 22893 - Disclosed: 2006-02-01

Description:

A memory corruption flaw exists in Mozilla products. The QueryInterface method of the built-in Location and Navigator objects fails to validate input data resulting in memory corruption. With a specially crafted web page or email, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28999 - Disclosed: 2006-07-28

Description:

JD-WordPress for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to wp-trackback.php not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 21345 - Disclosed: 2005-12-01

Description:

Perl contains a flaw that when handling a format string containing an explicit format parameter index that exceeds INT_MAX which can result in an illegal memory access. With a specially crafted request, an attacker can cause the crash of a Perl application resulting in a loss of availability.

[CLOSE] OSVDB ID : 56916 - Disclosed: 2009-08-11

Description:

Office Web Components is prone to an overflow condition. The ActiveX control fails to properly sanitize user-supplied input via the HTMLURL parameter resulting in a buffer overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 66956 - Disclosed: 2010-07-18

Description:

By default, Novatel MiFi ships with a default password, admin, which is publicly known and documented. This allows connected attackers to trivially access and modify the configuration.

[CLOSE] OSVDB ID : 46777 - Disclosed: 2008-07-08

Description:

Windows contains a flaw that may allow a malicious user to insert invalid records into a recursive DNS server cache. The issue is triggered by a flaw in the DNS protocol, which does not require sufficient randomness in selecting Query ID and UDP source port for queries to authoritative servers. It is possible that the flaw may allow an attacker to spoof a DNS response to a legitimate query resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23597 - Disclosed: 2006-03-02

Description:

Gallery contains a flaw that allows a remote attacker to delete files outside of the web path. The issue is due to the GallerySession.class not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the sessionId variable(s).

[CLOSE] OSVDB ID : 561 - Disclosed: 1999-01-01

Description:

Apache HTTP Server and Apache Tomcat contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker requests the /server-status directive from a remote host, which will disclose a wide variety of web server information including web traffic, CPU load, server version, current connections, and more.

[CLOSE] OSVDB ID : 64875 - Disclosed: 2010-03-18

Description:

PHPWind contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'skinco' parameter upon submission to the 'thread.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 26835 - Disclosed: 2006-07-02

Description:

(Description Provided by CVE) : Heap-based buffer overflow in HTML Help ActiveX control (hhctrl.ocx) in Microsoft Internet Explorer 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code by repeatedly setting the Image field of an Internet.HHCtrl.1 object to certain values, possibly related to improper escaping and long strings.

[CLOSE] OSVDB ID : 312 - Disclosed: 2002-09-12

Description:

By default, IceCap installs with a default password. The iceman account has no password which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 62210 - Disclosed: 2010-02-08

Description:

(Description Provided by CVE) : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

[CLOSE] OSVDB ID : 6308 - Disclosed: 2004-05-17

Description:

osCommerce contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the file_manager.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "filename" parameter.

[CLOSE] OSVDB ID : 24037 - Disclosed: 2006-03-22

Description:

Sendmail contains a flaw that may allow a remote attacker to gain elevated privileges. The issue is due to the sm_syslog() function which allows an attacker to pass crafted data to the setjmp(3) and longjmp(3) function causing memory corruption. This can be used to remotely execute arbitrary code without authentication.

[CLOSE] OSVDB ID : 10670 - Disclosed: 2004-09-14

Description:

ASP.NET contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when a specially crafted URL which takes advantage of character handling is used to directly access a file which otherwise requires authentication. It is possible that the flaw may allow unauthorized file access resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 578 - Disclosed: 2001-06-27

Description:

IOS contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when an attacker sends a specially crafted URL to the HTTP server. It is possible that the flaw may allow an attacker to gain administrative privileges resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 11031 - Disclosed: 2004-10-21

Description:

Deployment Solution contains a flaw that may allow a malicious user to gain full administrative access to clients on the network. The issue is due to the AClient.exe process not requesting any authentication from the server and is triggered when the attacker tricks a client into connecting to a malicious Deployment Solution server. It is possible that the flaw may allow the attacker to gain full administrative access and remote control of the client, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12548 - Disclosed: 2004-12-14

Description:

ASP-Rider contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'username' parameter in the 'verify.asp' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 25479 - Disclosed: 2006-05-15

Description:

RealVNC contains a flaw that may allow a malicious user to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password. The issue is triggered due to an error within the handling of VNC password authentication requests. This flaw may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 32397 - Disclosed: 2006-12-21

Description:

opentaps contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'SEARCH_STRING' variable upon submission to the keywordsearch script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 50622 - Disclosed: 2008-12-11

Description:

A use-after-free flaw exists in Internet Explorer. The data binding function fails to update the array length after releasing an object resulting in access to the deleted object's memory space. With a specially crafted web page, a context dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 390 - Disclosed: 2000-08-15

Description:

Microsoft IIS contains a flaw that may allow a remote attacker to view the source code of ASP/ASA scripts. The issue is due to the server not properly handling the "Translate: f" header, used by WebDAV and FrontPage2000. With a specially crafted header, an attacker can force the server to display script source code instead of processing the script normally. This may reveal sensitive information such as internal IP addresses, account names or passwords.

[CLOSE] OSVDB ID : 53664 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the Word 97 text converter in WordPad in Microsoft Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2 allows remote attackers to execute arbitrary code via a crafted Word 97 file that triggers memory corruption, related to use of inconsistent integer data sizes for an unspecified length field, aka "WordPad Word 97 Text Converter Stack Overflow Vulnerability."

[CLOSE] OSVDB ID : 52519 - Disclosed: 2009-03-11

Description:

Windows contains a flaw that may allow a malicious user to spoof a WPAD (Web Proxy Auto-Discovery) DNS record. The issue is caused by the DNS server allowing any client to register a WPAD entry in DNS. It is possible that the flaw may allow a malicious proxy to redirect Internet traffic resulting in a loss of integrity.

[CLOSE] OSVDB ID : 53663 - Disclosed: 2009-04-14

Description:

(Description Provided by CVE) : The WordPerfect 6.x Converter (WPFT632.CNV, 1998.1.27.0) in Microsoft Office Word 2000 SP3 and Microsoft Office Converter Pack does not properly validate the length of an unspecified string, which allows remote attackers to execute arbitrary code via a crafted WordPerfect 6.x file, related to an unspecified counter and control structures on the stack, aka "Word 2000 WordPerfect 6.x Converter Stack Corruption Vulnerability."

[CLOSE] OSVDB ID : 34700 - Disclosed: 2007-05-14

Description:

Samba contains a flaw that may allow a malicious user to execute arbitrary shell commands. The issue is triggered due to MS-RPC does not properly check user-supplied input when passing RPC messages from external scripts to '/bin/sh'. It is possible that the flaw may allow code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 4469 - Disclosed: 2003-04-07

Description:

Samba contains a flaw that may allow a remote attacke to execute arbitrary code. The issue is due to a flaw in trans2.c in which the call_trans2open() function user input is not properly sanitized. If an attacker supplied an overly long string to the pname variable, they may be able to overflow the buffer and execute arbitrary code with the privileges of the server.