Software Vulnerability
Main
Software Alerts
Software and Script Bug ExploitsSoftware Vulnerability
Random Feeds
Archives
| Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |Sat, 29 Aug 09
k-meleon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3008
K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
Sat, 29 Aug 09
hot_links_sql-php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7121
Cross-site scripting (XSS) vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search bar.
Sat, 29 Aug 09
hot_links_sql-php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7120
SQL injection vulnerability in Mr. CGI Guy Hot Links SQL-PHP 3 and earlier allows remote attackers to execute arbitrary SQL commands via the news.php parameter.
Sat, 29 Aug 09
webid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7119
SQL injection vulnerability in item.php in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Sat, 29 Aug 09
webid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7118
WeBid auction script 0.5.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain SQL query logs via a direct request for logs/cron.log.
Sat, 29 Aug 09
webid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7117
eledicss.php in WeBid auction script 0.5.4 allows remote attackers to modify arbitrary cascading style sheets (CSS) files via a certain request with the file parameter set to style.css. NOTE: this can probably be leveraged for cross-site scripting (XSS) attacks.
Sat, 29 Aug 09
webid
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7116
SQL injection vulnerability in the admin panel (admin/) in WeBid auction script 0.5.4 allows remote attackers to execute arbitrary SQL commands via the username.
Sat, 29 Aug 09
f5d7632-4, wireless_g_router
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7115
The web interface to the Belkin Wireless G router and ADSL2 modem F5D7632-4V6 with firmware 6.01.08 allows remote attackers to bypass authentication and gain administrator privileges via a direct request to (1) statusprocess.exe, (2) system_all.exe, or (3) restore.exe in cgi-bin/. NOTE: the setup_dns.exe vector is already covered by CVE-2008-1244.
Sat, 29 Aug 09
ifdate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7114
SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.
Sat, 29 Aug 09
scanner_file_utility
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7113
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 uses a small space of predictable user identification numbers for access control, which allows remote attackers to upload documents via a brute force attack.
Sat, 29 Aug 09
scanner_file_utility
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7112
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to cause a denial of service (hang or crash) via invalid field length values in a malformed (1) document or (2) request.
Sat, 29 Aug 09
scanner_file_utility
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7111
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 does not restrict the filenames or extensions of uploaded files, which makes it easier for remote attackers to execute arbitrary code or overwrite files by leveraging CVE-2008-7110 and CVE-2008-7109.
Sat, 29 Aug 09
kyocera_mita
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7110
Directory traversal vulnerability in the Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to upload files to arbitrary locations via a .. (dot dot) in a request.
Sat, 29 Aug 09
scanner_file_utility
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7109
The Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary files to the client system via a modified program that does not prompt the user for a password.
Sat, 29 Aug 09
phpcart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7108
Multiple cross-site scripting (XSS) vulnerabilities in Carmosa phpCart 3.4 through 4.6.4 allow remote attackers to inject arbitrary web script or HTML via the (1) quantity or (2) Add Engraving fields to the default URI; (3) Quantity field to phpcart.php; (4) Name, (5) Company, (6) Address, (7) City, and (8) Province/State fields in a checkout action to phpcart.php; and other unspecified vectors.
Sat, 29 Aug 09
smart_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7107
easdrv.sys in ESET Smart Security 3.0.667.0 allows local users to cause a denial of service (crash) via a crafted IOCTL 0x222003 request to the \\.\easdrv device interface.
Fri, 28 Aug 09
aironet_ap1100, aironet_ap1200
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2861
The Over-the-Air Provisioning (OTAP) functionality on Cisco Aironet Lightweight Access Point 1100 and 1200 devices does not properly implement access-point association, which allows remote attackers to spoof a controller and cause a denial of service (service outage) via crafted remote radio management (RRM) packets, aka "SkyJack" or Bug ID CSCtb56664.
Fri, 28 Aug 09
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2054
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2a)su1 allows remote attackers to cause a denial of service (file-descriptor exhaustion and SIP outage) via a flood of TCP packets, aka Bug ID CSCsx23689.
Fri, 28 Aug 09
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2053
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2a)su1, and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (file-descriptor exhaustion and SCCP outage) via a flood of TCP packets, aka Bug ID CSCsx32236.
Fri, 28 Aug 09
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2052
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), 7.0 before 7.0(2), and 7.1 before 7.1(2) allows remote attackers to cause a denial of service (TCP services outage) via a large number of TCP connections, related to "tracking of network connections," aka Bug ID CSCsq22534.
Fri, 28 Aug 09
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2051
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x, 5.x before 5.1(3g), 6.x before 6.1(4), and 7.x before 7.1(2) allows remote attackers to cause a denial of service (voice-services outage) via a malformed SIP INVITE message that triggers an improper call to the sipSafeStrlen function, aka Bug ID CSCsz40392.
Fri, 28 Aug 09
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2050
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) before 6.1(1) allows remote attackers to cause a denial of service (voice-services outage) via a malformed header in a SIP message, aka Bug ID CSCsi46466.
Thu, 27 Aug 09
buildbot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2967
Multiple cross-site scripting (XSS) vulnerabilities in Buildbot 0.7.6 through 0.7.11p2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, different vulnerabilities than CVE-2009-2959.
Thu, 27 Aug 09
affinium_campaign
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7094
Campaign/CampaignListener in the listener server in Unica Affinium Campaign 7.2.1.0.55 allows remote attackers to cause a denial of service (server crash) via a crafted length field that triggers (1) connection exhaustion or (2) memory allocation failure.
Thu, 27 Aug 09
affinium_campaign
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7093
Multiple directory traversal vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to (1) create arbitrary directories or files via a .. (dot dot) in the folder name in the new folder functionality or (2) list arbitrary files via a crafted request to Campaign/CampaignListener.
Thu, 27 Aug 09
affinium_campaign
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7092
Multiple cross-site scripting (XSS) vulnerabilities in Unica Affinium Campaign 7.2.1.0.55 allow remote attackers to inject arbitrary web script or HTML via a Javascript event in the (1) url, (2) PageName, and (3) title parameters in a CustomBookMarkLink action to Campaign/Campaign; (4) a Javascript event in the displayIcon parameter to Campaign/updateOfferTemplateSubmit.do (aka the templates web page); (5) crafted input to Campaign/CampaignListener (aka the listener server), which is not prop...
Thu, 27 Aug 09
pligg_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7091
Multiple SQL injection vulnerabilities in Pligg 9.9 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to vote.php, which is not properly handled in libs/link.php; (2) id parameter to trackback.php; (3) an unspecified parameter to submit.php; (4) requestTitle variable in a query to story.php; (5) requestID and (6) requestTitle variables in recommend.php; (7) categoryID parameter to cloud.php; (8) title parameter to out.php; (9) username parameter to ...
Thu, 27 Aug 09
pligg_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7090
Multiple directory traversal vulnerabilities in Pligg 9.9 and earlier allow remote attackers to (1) determine the existence of arbitrary files via a .. (dot dot) in the $tb_url variable in trackback.php, or (2) include arbitrary files via a .. (dot dot) in the template parameter to settemplate.php.
Thu, 27 Aug 09
pligg_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7089
Cross-site scripting (XSS) vulnerability in Pligg 9.9 and earlier allows remote attackers to inject arbitrary web script or HTML via the keyword parameter in a search action to user.php and other unspecified vectors.
Thu, 27 Aug 09
photopost_vbgallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7088
Unrestricted file upload vulnerability in upload.php in PhotoPost vBGallery 2.4.2 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in a certain path. NOTE: this may be the same vulnerability as CVE-2008-0251, but this is not clear due to lack of details from the vendor.
Thu, 27 Aug 09
openpro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7087
PHP remote file inclusion vulnerability in search_wA.php in OpenPro 1.3.1 allows remote attackers to execute arbitrary PHP code via a URL in the LIBPATH parameter.
Thu, 27 Aug 09
maian_greetings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7086
Maian Greetings 2.1 allows remote attackers to bypass authentication and gain administrative privileges by setting the mecard_admin_cookie cookie to admin.
Thu, 27 Aug 09
hockeystats_online
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7085
Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.
Thu, 27 Aug 09
velocity_security_management_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7084
Directory traversal vulnerability in the web server 1.0 in Velocity Security Management System allows remote attackers to read arbitrary files via a .. (dot dot) in the URI.
Wed, 26 Aug 09
kaspersky_anti-virus, kaspersky_internet_security
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2966
avp.exe in Kaspersky Internet Security 9.0.0.459 and Anti-Virus 9.0.0.463 allows remote attackers to cause a denial of service (CPU consumption and network connectivity loss) via an HTTP URL request that contains a large number of dot "." characters.
Wed, 26 Aug 09
scopia
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2965
Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.
Wed, 26 Aug 09
squirrelmail
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2964
Multiple cross-site request forgery (CSRF) vulnerabilities in SquirrelMail 1.4.19 and earlier allow remote attackers to hijack the authentication of unspecified victims via features such as send message and change preferences, related to (1) functions/mailbox_display.php, (2) src/addrbook_search_html.php, (3) src/addressbook.php, (4) src/compose.php, (5) src/folders.php, (6) src/folders_create.php, (7) src/folders_delete.php, (8) src/folders_rename_do.php, (9) src/folders_rename_getname.php, ...
Wed, 26 Aug 09
toolbar_uninstaller
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2963
Unspecified vulnerability in the update feature in Toolbar Uninstaller 1.0.2 allows remote attackers to force the download and execution of arbitrary files via attack vectors related to a "malformed update url and a malformed update website."
Wed, 26 Aug 09
kol_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2961
Stack-based buffer overflow in Thaddy de Konng KOL Player 1.0 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a .MP3 playlist file.
Wed, 26 Aug 09
cuteflow
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2960
CuteFlow 2.10.3 and 2.11.0_c does not properly restrict access to pages/edituser.php, which allows remote attackers to modify usernames and passwords via a direct request.
Wed, 26 Aug 09
buildbot
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2959
Cross-site scripting (XSS) vulnerability in the waterfall web status view (status/web/waterfall.py) in Buildbot 0.7.6 through 0.7.11p1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Wed, 26 Aug 09
micro_blogging_twitter_clone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7083
Multiple SQL injection vulnerabilities in ReVou Micro Blogging Twitter clone allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
Wed, 26 Aug 09
mybb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7082
MyBB (aka MyBulletinBoard) 1.4.3 includes the sensitive my_post_key parameter in URLs to moderation.php with the (1) mergeposts, (2) split, and (3) deleteposts actions, which allows remote attackers to steal the token and bypass the cross-site request forgery (CSRF) protection mechanism to hijack the authentication of moderators by reading the token from the HTTP Referer header.
Wed, 26 Aug 09
icy_box_nas
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7081
userHandler.cgi in RaidSonic ICY BOX NAS firmware 2.3.2.IB.2.RS.1 allows remote attackers to bypass authentication and gain administrator privileges by setting the login parameter to admin. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Wed, 26 Aug 09
php_classifieds_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7080
Team PHP PHP Classifieds Script stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for admin/backup/datadump.sql.
Wed, 26 Aug 09
showtime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7079
Buffer overflow in Nero ShowTime 5.0.15.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long entry in a .M3U playlist file. NOTE: this issue might be related to CVE-2008-0619.
Wed, 26 Aug 09
rumpus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7078
Multiple buffer overflows in Rumpus before 6.0.1 allow remote attackers to (1) cause a denial of service (segmentation fault) via a long HTTP verb in the HTTP component; and allow remote authenticated users to execute arbitrary code via a long argument to the (2) MKD, (3) XMKD, (4) RMD, and other unspecified commands in the FTP component.
Wed, 26 Aug 09
sailplanner
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7077
Multiple SQL injection vulnerabilities in SailPlanner 0.3a allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.
Wed, 26 Aug 09
stararticles
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7076
Unrestricted file upload vulnerability in user.modify.profile.php in Kalptaru Infotech Ltd. Star Articles 6.0 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile photo, then accessing it via a direct request to the file in authorphoto/.
Wed, 26 Aug 09
stararticles
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7075
Multiple SQL injection vulnerabilities in Kalptaru Infotech Ltd. Star Articles 6.0 allow remote attackers to inject arbitrary SQL commands via (1) the subcatid parameter to article.list.php; or the artid parameter to (2) article.print.php, (3) article.comments.php, (4) article.publisher.php, or (5) article.download.php; and (6) the PATH_INFO to article.download.php. NOTE: some of these details are obtained from third party information.
Wed, 26 Aug 09
CVE-2008-7074 (i.scribe)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7074
Format string vulnerability in MemeCode Software i.Scribe 1.88 through 2.00 before Beta9 allows remote SMTP servers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a server response, which is not properly handled "when displaying the signon message."
Wed, 26 Aug 09
pie_web, rss_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7073
PHP remote file inclusion vulnerability in lib/action/rss.php in RSS module 0.1 for Pie Web M{a,e}sher, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the lib parameter.
Wed, 26 Aug 09
chipmunk_topsites
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7072
Cross-site scripting (XSS) vulnerability in index.php in Chipmunk Topsites allows remote attackers to inject arbitrary web script or HTML via the start parameter.
Wed, 26 Aug 09
chipmunk_topsites
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7071
SQL injection vulnerability in authenticate.php in Chipmunk Topsites allows remote attackers to execute arbitrary SQL commands via the username parameter, related to login.php. NOTE: some of these details are obtained from third party information.
Wed, 26 Aug 09
kvirc
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7070
Argument injection vulnerability in the URI handler in KVIrc 3.4.2 Shiny allows remote attackers to execute arbitrary commands via a " (quote) followed by command line switches in a (1) irc:///, (2) irc6:///, (3) ircs:///, or (4) and ircs6:/// URI. NOTE: this might be due to an incomplete fix for CVE-2007-2951.
Wed, 26 Aug 09
accms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7069
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
Wed, 26 Aug 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7068
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can modify or add database entries but does not have permissions to truncate the file.
Wed, 26 Aug 09
page_tree_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7067
PHP remote file inclusion vulnerability in admin/plugins/Online_Users/main.php in PageTree CMS 0.0.2 BETA 0001 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[PT_Config][dir][data] parameter.
Wed, 26 Aug 09
openforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7066
OpenForum 0.66 Beta allows remote attackers to bypass authentication and reset passwords of other users via a direct request with the update parameter set to 1 and modified user and password parameters.
Wed, 26 Aug 09
gigaset_c450_ip, gigaset_c475_ip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7065
Siemens C450 IP and C475 IP VoIP devices allow remote attackers to cause a denial of service (disconnected calls and device reboot) via a crafted SIP packet to UDP port 5060.
Wed, 26 Aug 09
quicksilver_forums
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7064
Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.
Wed, 26 Aug 09
faq_manager_pro
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7063
Ocean12 FAQ Manager Pro stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for admin/o12faq.mdb.
Wed, 26 Aug 09
lovecms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7062
Unrestricted file upload vulnerability in admin/index.php in Download Manager module 1.0 for LoveCMS 1.6.2 Final allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in uploads/.
Tue, 25 Aug 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2955
Google Chrome 1.0.154.48 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Tue, 25 Aug 09
ie, internet_explorer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2954
Microsoft Internet Explorer 6.0.2900.2180 and earlier allows remote attackers to cause a denial of service (CPU consumption and application hang) via JavaScript code with a long string value for the hash property (aka location.hash), a related issue to CVE-2008-5715.
Tue, 25 Aug 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2952
Unspecified vulnerability in the pollwakeup function in Sun Solaris 10, and OpenSolaris before snv_51, allows local users to cause a denial of service (panic) via unknown vectors.
Tue, 25 Aug 09
phenotype_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2951
Phenotype CMS before 2.9 does not use a random salt value for password encryption, which makes it easier for context-dependent attackers to determine cleartext passwords.
Tue, 25 Aug 09
pre_real_estate_listings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7052
Unrestricted file upload vulnerability in profile.php in Pre Projects Pre Real Estate Listings allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
Tue, 25 Aug 09
aj_article
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7051
AJ Square AJ Article allows remote attackers to bypass authentication and access administrator functionality via a direct request to (1) user.php, (2) articles.php, (3) articlesuspend.php, (4) site.php, (5) statistics.php, (6) mail.php, (7) category.php, (8) subcategory.php, (9) changepassword.php, (10) polling.php, and (11) logo.php in admin/.
Tue, 25 Aug 09
wowraidmanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7050
The password_check function in auth/auth_phpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, (1) does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and (2) returns true instead of false when an authentication failure occurs, which allows remote attackers to bypass authentication and gain privileges with an arbitrary password.
Tue, 25 Aug 09
natterchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7049
Multiple SQL injection vulnerabilities in login.asp in NatterChat 1.1 and 1.12 allow remote attackers to execute arbitrary SQL commands via the (1) txtUsername parameter (aka Username) and (2) txtPassword parameter (aka Password) in a form generated by home.asp. NOTE: due to lack of details, it is not clear whether this is related to CVE-2004-2206.
Tue, 25 Aug 09
natterchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7048
Multiple cross-site scripting (XSS) vulnerabilities in NatterChat 1.12 allow remote attackers to inject arbitrary web script or HTML via the (1) txtUsername parameter to registerDo.asp, as invoked from register.asp, or (2) txtRoomName parameter to room_new.asp. NOTE: these issues might be resultant from XSS in SQL error messages.
Tue, 25 Aug 09
natterchat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7047
NatterChat 1.1 allows remote attackers to bypass authentication and gain administrator privileges to read or delete rooms and messages via a direct request to admin/home.asp.
Tue, 25 Aug 09
free_polling_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7046
AJ Square Free Polling Script (AJPoll) allows remote attackers to bypass authentication and create new polls via a direct request to admin/include/newpoll.php, a different vector than CVE-2008-7045. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 25 Aug 09
free_polling_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7045
AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to bypass authentication and reset poll votes via a direct request to admin/resetvote.php.
Tue, 25 Aug 09
free_polling_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7044
SQL injection vulnerability in admin/include/newpoll.php in AJ Square Free Polling Script (AJPoll) Database version allows remote attackers to execute arbitrary SQL commands via the ques parameter.
Tue, 25 Aug 09
fresh_email_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7043
Cross-site scripting (XSS) vulnerability in register.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to inject arbitrary web script or HTML via the Email parameter. NOTE: this can be leveraged to modify cookies and conduct session fixation attacks.
Tue, 25 Aug 09
fresh_email_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7042
PHP remote file inclusion vulnerability in url.php in FreshScripts Fresh Email Script 1.0 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the tmp_sid parameter.
Tue, 25 Aug 09
aj_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7041
AJ Classifieds allows remote attackers to bypass authentication and gain administrator privileges via a direct request to admin/home.php.
Tue, 25 Aug 09
simple_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7040
SQL injection vulnerability in ahah/sf-profile.php in the Yellow Swordfish Simple Forum module for Wordpress allows remote attackers to execute arbitrary SQL commands via the u parameter. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Tue, 25 Aug 09
gelatocms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7039
Cross-site scripting (XSS) vulnerability in admin/comments.php in Gelato CMS 0.95 allows remote attackers to inject arbitrary web script or HTML via the content parameter in a comment. NOTE: some of these details are obtained from third party information.
Tue, 25 Aug 09
my_egallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7038
SQL injection vulnerability in the My_eGallery module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the gid parameter in a showgall action to modules.php. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Tue, 25 Aug 09
itn_news_gadget
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7037
The Sidebar gadget in ITN News Gadget (aka ITN Hub Gadget) 1.06 for Windows Vista, and possibly other versions before 1.23, allows remote web servers or man-in-the-middle attackers to execute arbitrary commands via script in a short_title response.
Tue, 25 Aug 09
devtracker, e-xoops, bcoos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7036
Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.
Tue, 25 Aug 09
phpraider
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7035
Cross-site scripting (XSS) vulnerability in an unspecified component in Simple Machines phpRaider 1.0.7 allows remote attackers to inject arbitrary web script or HTML via the resistance field. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Tue, 25 Aug 09
phpecho_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7034
PHP remote file inclusion vulnerability in kernel/smarty/Smarty.class.php in PHPEcho CMS 2.0 rc3 allows remote attackers to execute arbitrary PHP code via a URL in unspecified vectors that modify the _smarty_compile_path variable in the fetch function.
Tue, 25 Aug 09
com_simpleshop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7033
SQL injection vulnerability in the Simple Shop Galore (com_simpleshop) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the section parameter in a section action to index.php, a different vulnerability than CVE-2008-2568. NOTE: this issue was disclosed by an unreliable researcher, so the details might be incorrect.
Tue, 25 Aug 09
big-ip
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7032
Web Management Console Cross-site request forgery (CSRF) vulnerability in the web management console in F5 BIG-IP 9.4.3 allows remote attackers to hijack the authentication of administrators for requests that create new administrators and execute shell commands, as demonstrated using tmui/Control/form.
Tue, 25 Aug 09
wac_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7031
Heap-based buffer overflow in Foxit Remote Access Server (aka WAC Server) 2.0 Build 3503 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via long SSH packets, a different vulnerability than CVE-2008-0151.
Tue, 25 Aug 09
real_estate_web
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7030
Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.
Tue, 25 Aug 09
aliboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7029
Unrestricted file upload vulnerability in usercp.php in AlilG Application AliBoard Beta allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in uploads/avatars/.
Tue, 25 Aug 09
tikiwiki
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2003-1574
TikiWiki 1.6.1 allows remote attackers to bypass authentication by entering a valid username with an arbitrary password, possibly related to the Internet Explorer "Remember Me" feature. NOTE: some of these details are obtained from third party information.
Sat, 22 Aug 09
ds_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2927
SQL injection vulnerability in DetailFile.php in DigitalSpinners DS CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the nFileId parameter.
Sat, 22 Aug 09
php_competition_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2926
Multiple SQL injection vulnerabilities in PHP Competition System BETA 0.84 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) day parameter to show_matchs.php and (2) pageno parameter to persons.php.
Sat, 22 Aug 09
neon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2474
neon before 0.28.6, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Sat, 22 Aug 09
neon
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2473
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large number of nested entity references, a similar issue to CVE-2003-1564.
Sat, 22 Aug 09
ios_xr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2056
Cisco IOS XR 3.8.1 and earlier allows remote authenticated users to cause a denial of service (process crash) via vectors involving a BGP UPDATE message with many AS numbers prepended to the AS path.
Sat, 22 Aug 09
flex
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1879
Cross-site scripting (XSS) vulnerability in index.template.html in the express-install templates in the SDK in Adobe Flex before 3.4, when the installed Flash version is older than a specified requiredMajorVersion value, allows remote attackers to inject arbitrary web script or HTML via the query string.
Sat, 22 Aug 09
ios_xr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1154
Cisco IOS XR 3.8.1 and earlier allows remote attackers to cause a denial of service (process crash) via a long BGP UPDATE message, as demonstrated by a message with many AS numbers in the AS Path Attribute.
Sat, 22 Aug 09
rpg_board
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7028
RPG.Board 0.8 Beta2 and earlier allows remote attackers to bypass authentication and gain privileges by setting the keep4u cookie to a certain value.
Sat, 22 Aug 09
php_filemanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7027
Libra File Manager 1.18 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user and pass cookies to 1.
Sat, 22 Aug 09
efront
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7026
Unrestricted file upload vulnerability in filesystem3.class.php in eFront 3.5.1 build 2710 and earlier allows remote attackers to execute arbitrary code by uploading a file with an executable extension as an avatar, then accessing it via a direct request to the file in (1) student/avatars/ or (2) professor/avatars/.
Sat, 22 Aug 09
zonealarm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7025
TrueVector in Check Point ZoneAlarm 8.0.020.000, with vsmon.exe running, allows remote HTTP proxies to cause a denial of service (crash) and disable the HIDS module via a crafted response.
Sat, 22 Aug 09
gemini_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7024
admin.php in Arz Development The Gemini Portal 4.7 and earlier allows remote attackers to bypass authentication and gain administrator privileges by setting the user cookie to "admin" and setting the name parameter to "users."
Sat, 22 Aug 09
aruba_mobility_controller, arubaos
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7023
Aruba Mobility Controller running ArubaOS 3.3.1.16, and possibly other versions, installs the same default X.509 certificate for all installations, which allows remote attackers to bypass authentication. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the product's security documentation.
Sat, 22 Aug 09
chilkat_imap_activex_control
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7022
Insecure method vulnerability in ChilkatMail_v7_9.dll in the Chilkat Software IMAP ActiveX control (ChilkatMail2.ChilkatMailMan2.1) allows remote attackers to execute arbitrary programs via the LoadXmlEmail method.
Sat, 22 Aug 09
jobs_portal_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7021
Unrestricted file upload vulnerability in editlogo.php in AvailScript Jobs Portal Script allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as an image or logo, then accessing it via a direct request to the file in an unspecified directory.
Sat, 22 Aug 09
safeboot_device_encryption
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7020
McAfee SafeBoot Device Encryption 4 build 4750 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer after use, which allows local users to obtain sensitive information by reading the physical memory locations associated with this buffer.
Sat, 22 Aug 09
esqlanelapse
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7019
Esqlanelapse 2.6.1 and 2.6.2 allows remote attackers to bypass authentication and gain privileges via modified (1) enombre and (2) euri cookies.
Sat, 22 Aug 09
easy_php_calendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7018
Cross-site scripting (XSS) vulnerability in NashTech Easy PHP Calendar 6.3.25 allows remote attackers to inject arbitrary web script or HTML via the Details field (descr parameter) in an Add New Event action in an unspecified request as generated by an add action in index.php.
Sat, 22 Aug 09
cacert
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7017
Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.
Sat, 22 Aug 09
tnftpd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7016
tnftpd before 20080929 splits large command strings into multiple commands, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via unknown vectors, probably involving a crafted ftp:// link to a tnftpd server.
Sat, 22 Aug 09
djcalendar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2925
Directory traversal vulnerability in DJcalendar.cgi in DJCalendar allows remote attackers to read arbitrary files via a .. (dot dot) in the TEMPLATE parameter.
Sat, 22 Aug 09
videos_broadcast_yourself
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2924
Multiple SQL injection vulnerabilities in Videos Broadcast Yourself 2 allow remote attackers to execute arbitrary SQL commands via the (1) UploadID parameter to videoint.php, and possibly the (2) cat_id parameter to catvideo.php and (3) uid parameter to cviewchannels.php.
Sat, 22 Aug 09
php-lance
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2923
Multiple directory traversal vulnerabilities in BitmixSoft PHP-Lance 1.52 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to show.php and (2) in parameter to advanced_search.php.
Sat, 22 Aug 09
pixaria_gallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2922
Absolute path traversal vulnerability in pixaria.image.php in Pixaria Gallery 2.0.0 through 2.3.5 allows remote attackers to read arbitrary files via a base64-encoded file parameter.
Sat, 22 Aug 09
php_news
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2921
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
Sat, 22 Aug 09
elvinbts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2920
Multiple cross-site scripting (XSS) vulnerabilities in Elvin 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) component and (2) priority parameters to buglist.php; and the (3) Username (4) E-mail, (5) Pass, and (6) Confirm pass fields to createaccount.php.
Sat, 22 Aug 09
orca
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2919
Cross-site scripting (XSS) vulnerability in Boonex Orca 2.0 and 2.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the topic title field.
Sat, 22 Aug 09
thegreenbow_vpn_client
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2918
The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
Sat, 22 Aug 09
mpeg_encoder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2917
Stack-based buffer overflow in ImTOO MPEG Encoder 3.1.53 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted string in a (1) .cue or (2) .m3u playlist file.
Sat, 22 Aug 09
vietcong2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2916
Format string vulnerability in the CNS_AddTxt function in logs.dll in 2K Games Vietcong 2 1.10 and earlier might allow remote attackers to execute arbitrary code via format string specifiers in the nickname.
Sat, 22 Aug 09
gift_delivery_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2915
SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
Sat, 22 Aug 09
xzero_community_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2914
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 22 Aug 09
xzero_community_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2913
Cross-site scripting (XSS) vulnerability in index.php in XZero Community Classifieds 4.97.8 allows remote attackers to inject arbitrary web script or HTML via the URI. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Sat, 22 Aug 09
opensolaris
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2912
The (1) sendfile and (2) sendfilev functions in Sun Solaris 8 through 10, and OpenSolaris before snv_110, allow local users to cause a denial of service (panic) via vectors related to vnode function calls.
Sat, 22 Aug 09
ntop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2732
The checkHTTPpassword function in http.c in ntop 3.3.10 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an Authorization HTTP header that lacks a : (colon) character in the base64-decoded string.
Sat, 22 Aug 09
adium, pidgin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2694
The msn_slplink_process_msg function in libpurple/protocols/msn/slplink.c in libpurple, as used in Pidgin (formerly Gaim) before 2.5.9 and Adium 1.3.5 and earlier, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) by sending multiple crafted SLP (aka MSNSLP) messages to trigger an overwrite of an arbitrary memory location. NOTE: this issue reportedly exists because of an incomplete fix for CVE-2009-1376.
Sat, 22 Aug 09
firewall_services_module
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0638
The Cisco Firewall Services Module (FWSM) 2.x, 3.1 before 3.1(16), 3.2 before 3.2(13), and 4.0 before 4.0(6) for Cisco Catalyst 6500 switches and Cisco 7600 routers allows remote attackers to cause a denial of service (traffic-handling outage) via a series of malformed ICMP messages.
Fri, 21 Aug 09
kmplayer
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2896
Buffer overflow in KMplayer 2.9.4.1433 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long string in a subtitle (.srt) playlist file. NOTE: some of these details are obtained from third party information.
Fri, 21 Aug 09
ultimate_regnow_affiliate
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2895
SQL injection vulnerability in rss.php in Ultimate Regnow Affiliate (URA) 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter.
Fri, 21 Aug 09
ebay_clone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2894
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
Fri, 21 Aug 09
xzero_community_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2893
Multiple cross-site scripting (XSS) vulnerabilities in index.php in XZero Community Classifieds 4.97.8 allow remote attackers to inject arbitrary web script or HTML via (1) the postevent parameter in a post action or (2) the _xzcal_y parameter.
Fri, 21 Aug 09
free_image_hosting_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2892
Multiple SQL injection vulnerabilities in header.php in Scripteen Free Image Hosting Script 2.3 allow remote attackers to execute arbitrary SQL commands via a (1) cookid or (2) cookgid cookie.
Fri, 21 Aug 09
riddles
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2891
SQL injection vulnerability in list.php in PHP Scripts Now Riddles allows remote attackers to execute arbitrary SQL commands via the catid parameter.
Fri, 21 Aug 09
riddles
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2890
Cross-site scripting (XSS) vulnerability in results.php in PHP Scripts Now Riddles allows remote attackers to inject arbitrary web script or HTML via the searchquery parameter.
Fri, 21 Aug 09
hangman
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2889
Cross-site scripting (XSS) vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to inject arbitrary web script or HTML via the letters parameter.
Fri, 21 Aug 09
hangman
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2888
SQL injection vulnerability in index.php in PHP Scripts Now Hangman allows remote attackers to execute arbitrary SQL commands via the n parameter.
Fri, 21 Aug 09
president_bios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2887
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
Fri, 21 Aug 09
president_bios
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2886
SQL injection vulnerability in bios.php in PHP Scripts Now President Bios allows remote attackers to execute arbitrary SQL commands via the rank parameter.
Fri, 21 Aug 09
CVE-2009-2885 (world's_tallest_buildings)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2885
SQL injection vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to execute arbitrary SQL commands via the rank parameter.
Fri, 21 Aug 09
CVE-2009-2884 (world's_tallest_buildings)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2884
Cross-site scripting (XSS) vulnerability in bios.php in PHP Scripts Now World's Tallest Buildings allows remote attackers to inject arbitrary web script or HTML via the rank parameter.
Fri, 21 Aug 09
saphplesson
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2883
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.
Fri, 21 Aug 09
matchmaking
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2882
Multiple cross-site scripting (XSS) vulnerabilities in PG MatchMaking allow remote attackers to inject arbitrary web script or HTML via the show parameter to (1) browse_ladies.php and (2) browse_men.php, the (3) gender parameter to search.php, and the (4) id parameter to services.php.
Fri, 21 Aug 09
basilic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2881
Multiple SQL injection vulnerabilities in Basilic 1.5.13 allow remote attackers to execute arbitrary SQL commands via the idAuthor parameter to (1) index.php and possibly (2) allpubs.php in publications/.
Thu, 20 Aug 09
fuel_of_war, unreal_tournament
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7015
Unreal engine 3, as used in Unreal Tournament 3 1.3, Frontlines: Fuel of War 1.1.1, and other products, allows remote attackers to cause a denial of service (server exit) via a packet with a large length value that triggers a memory allocation failure.
Thu, 20 Aug 09
fhttpd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7014
fhttpd 0.4.2 allows remote attackers to cause a denial of service (crash) via an Authorization HTTP header with an invalid character after the Basic value.
Thu, 20 Aug 09
baidu_hi_im
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7013
NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.
Thu, 20 Aug 09
file_transfer_appliance_fta
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7012
courier/1000@/api_error_email.html (aka "error reporting page") in Accellion File Transfer Appliance FTA_7_0_178, and possibly other versions before FTA_7_0_189, allows remote attackers to send spam e-mail via modified description and client_email parameters.
Thu, 20 Aug 09
dead_mans_hand, pariah, postal, shadow_ops, unreal_tournament, warpath
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7011
The Unreal engine, as used in Unreal Tournament 3 1.3, Unreal Tournament 2003 and 2004, Dead Man's Hand, Pariah, WarPath, Postal2, and Shadow Ops, allows remote authenticated users to cause a denial of service (server exit) via multiple file downloads from the server, which triggers an assertion failure when the Closing flag in UnChan.cpp is set.
Thu, 20 Aug 09
exchange_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7010
Skalfa Software SkaLinks Exchange Script 1.5 allows remote attackers to add new administrators and gain privileges via a direct request to admin/register.php.
Thu, 20 Aug 09
zonealarm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7009
Buffer overflow in multiscan.exe in Check Point ZoneAlarm Security Suite 7.0.483.000 and 8.0.020.000 allows local users to execute arbitrary code via a file or directory with a long path. NOTE: some of these details are obtained from third party information.
Thu, 20 Aug 09
web_host_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7008
HyperStop Web Host Directory 1.2 allows remote attackers to bypass authentication and download a database backup via a direct request to admin/backup/db.
Thu, 20 Aug 09
php_vx_guestbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7007
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and gain administrative access by setting the (1) admin_name and (2) admin_pass cookie values to 1.
Thu, 20 Aug 09
php_vx_guestbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7006
Free PHP VX Guestbook 1.06 allows remote attackers to bypass authentication and download a backup of the database via a direct request to admin/backupdb.php.
Thu, 20 Aug 09
minb_is_not_a_blog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7005
include/modules/top/1-random_quote.php in Minb Is Not a Blog (minb) 0.1.0 allows remote attackers to execute arbitrary PHP code via the quotes_to_edit parameter. NOTE: this issue has been reported as an unrestricted file upload by some sources, but that is a potential consequence of code execution.
Thu, 20 Aug 09
elog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7004
Buffer overflow in Electronic Logbook (ELOG) before 2.7.1 has unknown impact and attack vectors, possibly related to elog.c.
Thu, 20 Aug 09
the-rat-cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7003
Multiple SQL injection vulnerabilities in login.php in The Rat CMS Alpha 2 allow remote attackers to execute arbitrary SQL commands via the (1) user_id and (2) password parameter.
Thu, 20 Aug 09
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7002
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2) system, (3) shell_exec, (4) passthru, or (5) popen functions, possibly involving pathnames such as "C:" drive notation.
Thu, 20 Aug 09
creator_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7001
Unrestricted file upload vulnerability in the file manager in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary code via unknown vectors.
Thu, 20 Aug 09
phpauction
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7000
PHP remote file inclusion vulnerability in index.php in PHPAuction 3.2 allows remote attackers to execute arbitrary PHP code via a URL in the lan parameter. NOTE: this might be related to CVE-2005-2255.1.
Thu, 20 Aug 09
phpauction, phpauction_gpl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6999
phpAuction 3.2, and possibly 3.3.0 GPL Basic edition, allows remote attackers to obtain configuration information via a direct request to phpinfo.php, which calls the phpinfo function.
Thu, 20 Aug 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6998
Stack-based buffer overflow in chrome/common/gfx/url_elider.cc in Google Chrome 0.2.149.27 and other versions before 0.2.149.29 might allow user-assisted remote attackers to execute arbitrary code via a link target (href attribute) with a large number of path elements, which triggers the overflow when the status bar is updated after the user hovers over the link.
Thu, 20 Aug 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6997
Google Chrome 0.2.149.27 allows user-assisted remote attackers to cause a denial of service (browser crash) via an IMG tag with a long src attribute, which triggers the crash when the victim performs an "Inspect Element" action.
Thu, 20 Aug 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6996
Google Chrome BETA (0.2.149.27) does not prompt the user before saving an executable file, which makes it easier for remote attackers or malware to cause a denial of service (disk consumption) or exploit other vulnerabilities via a URL that references an executable file, possibly related to the "ask where to save each file before downloading" setting.
Thu, 20 Aug 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6995
Integer underflow in net/base/escape.cc in chrome.dll in Google Chrome 0.2.149.27 allows remote attackers to cause a denial of service (browser crash) via a URI with an invalid handler followed by a "%" (percent) character, which triggers a buffer over-read, as demonstrated using an "about:%" URI.
Thu, 20 Aug 09
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6994
Stack-based buffer overflow in the SaveAs feature (SaveFileAsWithFilter function) in win_util.cc in Google Chrome 0.2.149.27 allows user-assisted remote attackers to execute arbitrary code via a web page with a long TITLE element, which triggers the overflow when the user saves the page and a long filename is generated.
Thu, 20 Aug 09
gigaset_wlan_camera
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6993
Siemens Gigaset WLAN Camera 1.27 has an insecure default password, which allows remote attackers to conduct unauthorized activities. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Aug 09
greensql_firewall
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6992
GreenSQL Firewall (greensql-fw), possibly before 0.9.2 or 0.9.4, allows remote attackers to bypass the SQL injection protection mechanism via a WHERE clause containing an expression such as "x=y=z", which is successfully parsed by MySQL.
Thu, 20 Aug 09
cmsbright
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6991
SQL injection vulnerability in public/page.php in Websens CMSbright allows remote attackers to execute arbitrary SQL commands via the id_rub_page parameter.
Thu, 20 Aug 09
ezphotogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6990
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the password parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Aug 09
ezphotogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6989
SQL injection vulnerability in gallery.php in Easy Photo Gallery (aka Ezphotogallery) 2.1 allows remote attackers to execute arbitrary SQL commands via the username parameter.
Thu, 20 Aug 09
ezphotogallery
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6988
Multiple cross-site scripting (XSS) vulnerabilities in Easy Photo Gallery (aka Ezphotogallery) 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) galleryid parameter to gallery.php, and the (2) size or (3) imageid parameters to show.php.
Thu, 20 Aug 09
dating_website_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6987
Unrestricted file upload vulnerability in eZoneScripts Dating Website script allows remote attackers to execute arbitrary code via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Thu, 20 Aug 09
zen_cart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6986
SQL injection vulnerability in the actionMultipleAddProduct function in includes/classes/shopping_cart.php in Zen Cart 1.3.0 through 1.3.8a, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the products_id array parameter in a multiple_products_add_product action, a different vulnerability than CVE-2008-6985.
Thu, 20 Aug 09
zen_cart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6985
Multiple SQL injection vulnerabilities in includes/classes/shopping_cart.php in Zen Cart 1.2.0 through 1.3.8a, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter when (1) adding or (2) updating the shopping cart.
Thu, 20 Aug 09
plesk
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6984
Plesk 8.6.0, when short mail login names (SHORTNAMES) are enabled, allows remote attackers to bypass authentication and send spam e-mail via a message with (1) a base64-encoded username that begins with a valid shortname, or (2) a username that matches a valid password, as demonstrated using (a) SMTP and qmail, and (b) Courier IMAP and POP3.
Thu, 20 Aug 09
devalcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6983
modules/tool/hitcounter.php in devalcms 1.4a allows remote attackers to execute arbitrary PHP code via the HTTP Referer header with a target file specified in the gv_folder_data parameter, as demonstrated by modifying modules/tool/url2header.php.
Thu, 20 Aug 09
devalcms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6982
Cross-site scripting (XSS) vulnerability in index.php in devalcms 1.4a allows remote attackers to inject arbitrary web script or HTML via the currentpath parameter.
Thu, 20 Aug 09
phpadultsite_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6981
index.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to obtain the full installation path via an invalid results_per_page parameter, which leaks the path in an error message. NOTE: this issue might be resultant from a separate SQL injection vulnerability.
Thu, 20 Aug 09
phpadultsite_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6980
SQL injection vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to execute arbitrary SQL commands via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information.
Thu, 20 Aug 09
phpadultsite_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6979
Cross-site scripting (XSS) vulnerability in as_archives.php in phpAdultSite CMS, possibly 2.3.2, allows remote attackers to inject arbitrary web script or HTML via the results_per_page parameter to index.php. NOTE: some of these details are obtained from third party information. NOTE: this issue might be resultant from a separate SQL injection vulnerability.
Thu, 20 Aug 09
aspwebalbum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6978
Unrestricted file upload vulnerability in Full Revolution aspWebAlbum 3.2 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in pics/, related to the uploadmedia action in album.asp.
Thu, 20 Aug 09
aspwebalbum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6977
Cross-site scripting (XSS) vulnerability in album.asp in Full Revolution aspWebAlbum 3.2 allows remote attackers to inject arbitrary web script or HTML via the message parameter in a summary action.
Thu, 20 Aug 09
routeros
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6976
MicroTik RouterOS 3.x through 3.13 and 2.x through 2.9.51 allows remote attackers to modify Network Management System (NMS) settings via a crafted SNMP set request.
Tue, 18 Aug 09
php_open_classifieds_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2785
Multiple cross-site scripting (XSS) vulnerabilities in PHP Open Classifieds Script allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to buy.php and the id parameter to (2) contact.php and (3) tellafriend.php.
Tue, 18 Aug 09
CVE-2009-2784 (dit.cms)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2784
Multiple directory traversal vulnerabilities in dit.cms 1.3, when register_globals is enabled, allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the path parameter to index.php in (1) install/, (2) menus/left_rightslideopen/, (3) menus/side_pullout/, (4) menus/side_slideopen/, (5) menus/simple/, (6) menus/top_dropdown/, and (7) menus/topside/; the sitemap parameter to index.php in (8) menus/left_rightslideopen/, (9) menus/side_pullout/, (10) menus/side_...
Tue, 18 Aug 09
xoops
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2783
Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.3.3 allow remote attackers to inject arbitrary web script or HTML via the (1) op parameter to modules/pm/viewpmsg.php and (2) query string to modules/profile/user.php.
Tue, 18 Aug 09
com_jfusion
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2782
SQL injection vulnerability in the JFusion (com_jfusion) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the Itemid parameter to index.php.
Tue, 18 Aug 09
arab_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2781
SQL injection vulnerability in forum.php in Arab Portal 2.x, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the qc parameter in an addcomment action, a different vector than CVE-2006-1666.
Tue, 18 Aug 09
68_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2780
Multiple cross-site scripting (XSS) vulnerabilities in 68 Classifieds 4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat parameter to category.php, view parameter to (2) login.php and (3) viewlisting.php, page parameter to (4) searchresults.php and (5) toplistings.php, and (6) member parameter to viewmember.php.
Tue, 18 Aug 09
aj_matrix_dna
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2779
SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action.
Sat, 15 Aug 09
garagesales_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2778
Cross-site scripting (XSS) vulnerability in visitor/view.php in GarageSales Script allows remote attackers to inject arbitrary web script or HTML via the key parameter. NOTE: some of these details are obtained from third party information.
Sat, 15 Aug 09
garagesales_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2777
SQL injection vulnerability in visitor/view.php in GarageSales Script allows remote attackers to execute arbitrary SQL commands via the key parameter.
Sat, 15 Aug 09
pg_roomate_finder_solution
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2772
Multiple cross-site scripting (XSS) vulnerabilities in PG Roommate Finder Solution allow remote attackers to inject arbitrary web script or HTML via the part parameter to (1) quick_search.php and (2) viewprofile.php.
Sat, 15 Aug 09
free_arcade_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2771
Cross-site scripting (XSS) vulnerability in Free Arcade Script 1.3 allows remote attackers to inject arbitrary web script or HTML via the keyword parameter to the default URI under search/.
Sat, 15 Aug 09
timesheet
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2769
PHP remote file inclusion vulnerability in include/timesheet.php in Ultrize TimeSheet 1.2.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the config[include_dir] parameter.
Sat, 15 Aug 09
insight_control_suite_for_linux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2677
Cross-site request forgery (CSRF) vulnerability in HP Insight Control Suite For Linux (aka ICE-LX) before 2.11 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Sat, 15 Aug 09
libcurl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2417
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
Sat, 15 Aug 09
snom_320_linux, snom_voip_phone
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1048
The web interface on the snom VoIP phones snom 300, snom 320, snom 360, snom 370, and snom 820 with firmware 6.5 before 6.5.20, 7.1 before 7.1.39, and 7.3 before 7.3.14 allows remote attackers to bypass authentication, and reconfigure the phone or make arbitrary use of the phone, via a (1) http or (2) https request with 127.0.0.1 in the Host header.
Sat, 15 Aug 09
dd-wrt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6975
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp2 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters. NOTE: This issue rep...
Sat, 15 Aug 09
dd-wrt
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6974
Multiple cross-site request forgery (CSRF) vulnerabilities in apply.cgi in DD-WRT 24 sp1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary commands via the ping_ip parameter; (2) change the administrative credentials via the http_username and http_passwd parameters; (3) enable remote administration via the remote_management parameter; or (4) configure port forwarding via certain from, to, ip, and pro parameters.
Fri, 14 Aug 09
avactis_shopping_cart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6969
Multiple cross-site scripting (XSS) vulnerabilities in checkout.php in Avactis Shopping Cart 1.8.0 and 1.8.1 allow remote attackers to inject arbitrary web script or HTML via the (1) step_id and (2) CHECKOUT_CZ_BLOWFISH_KEY parameters.
Fri, 14 Aug 09
pligg_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6968
Multiple SQL injection vulnerabilities in submit.php in Pligg CMS 9.9.5 allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) id parameters.
Fri, 14 Aug 09
mdaemon, worldclient
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6967
Multiple unspecified vulnerabilities in WorldClient in Alt-N MDaemon before 10.02 have unknown impact and attack vectors, probably related to cross-site scripting (XSS) and WorldClient DLL 10.0.1, a different vulnerability than CVE-2008-6893.
Fri, 14 Aug 09
aj_auction
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6966
AJ Square AJ Auction Pro Platinum Skin #1 sends a redirect but does not exit when it is called directly, which allows remote attackers to bypass authentication via a direct request to admin/user.php.
Fri, 14 Aug 09
aj_auction
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6965
AJ Square AJ Auction OOPD, Pro Platinum Skin #1, Pro Platinum Skin #2, and Web 2.0 send a redirect but do not exit when certain scripts are called directly, which allows remote attackers to bypass authentication via a direct request to (1) site.php, (2) auction.php, (3) mail.php, (4) fee_setting.php, (5) earnings.php, (6) insertion_fee_settings.php, (7) custom_category.php, (8) subcategory.php, (9) category.php, (10) report.php, (11) store_manager.php, and (12) choose_sell_format.php in admin...
Fri, 14 Aug 09
x7_chat
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6964
SQL injection vulnerability in the login page in X7 Chat 2.0.5 allows remote attackers to execute arbitrary SQL commands via the password field.
Fri, 14 Aug 09
text_link_sales
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6963
admin.php in TurnkeyForms Text Link Sales allows remote attackers to bypass authentication and gain administrative privileges via a direct request.
Fri, 14 Aug 09
antivir, antivir_personal, antivir_professional, antivir_security_suite
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6962
Avira AntiVir Premium, Premium Security Suite, AntiVir Professional, and AntiVir Personal - FREE allows local users to execute arbitrary code via a crafted IOCTL request that overwrites a kernel pointer.
Fri, 14 Aug 09
seamonkey, thunderbird
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6961
mailnews in Mozilla Thunderbird before 2.0.0.18 and SeaMonkey before 1.1.13, when JavaScript is enabled in mail, allows remote attackers to obtain sensitive information about the recipient, or comments in forwarded mail, via script that reads the (1) .documentURI or (2) .textContent DOM properties.
Thu, 13 Aug 09
windows_2000, windows_server_2003, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1922
The Message Queuing (aka MSMQ) service for Microsoft Windows 2000 SP4, XP SP2, Server 2003 SP2, and Vista Gold does not properly validate unspecified IOCTL request data from user mode before passing this data to kernel mode, which allows local users to gain privileges via a crafted request, aka "MSMQ Null Pointer Vulnerability."
Thu, 13 Aug 09
windows_2003_server, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1546
Integer overflow in the Windows Media file handling functionality in Microsoft Windows allows remote attackers to execute arbitrary code on a Windows 2000 SP4 system via a crafted AVI file, or cause a denial of service on a Windows XP SP2 or SP3, Server 2003 SP2, Vista Gold, SP1, or SP2, or Server 2008 Gold or SP2 system via a crafted AVI file, aka "AVI Integer Overflow Vulnerability."
Thu, 13 Aug 09
windows_2003_server, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1545
Unspecified vulnerability in the Windows Media file handling functionality in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP2, Vista Gold, SP1, and SP2, and Server 2008 Gold and SP2 allows remote attackers to execute arbitrary code via a malformed header in a crafted AVI file, aka "Malformed AVI Header Vulnerability."
Thu, 13 Aug 09
windows_2003_server, windows_server_2008, windows_vista, windows_xp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1544
Double free vulnerability in the Workstation service in Microsoft Windows allows remote authenticated users to gain privileges via a crafted RPC message to a Windows XP SP2 or SP3 or Server 2003 SP2 system, or cause a denial of service via a crafted RPC message to a Vista Gold, SP1, or SP2 or Server 2008 Gold or SP2 system, aka "Workstation Service Memory Corruption Vulnerability."
Thu, 13 Aug 09
windows_server, windows_vista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1536
ASP.NET in Microsoft .NET Framework 2.0 SP1 and SP2 and 3.5 Gold and SP1, when ASP 2.0 is used in integrated mode on IIS 7.0, does not properly manage request scheduling, which allows remote attackers to cause a denial of service (daemon outage) via a series of crafted HTTP requests, aka "Remote Unauthenticated Denial of Service in ASP.NET Vulnerability."
Thu, 13 Aug 09
isa_server, office, office_web_components
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1534
Buffer overflow in the Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2000 Web Components SP3, Office XP Web Components SP3, BizTalk Server 2002, and Visual Studio .NET 2003 SP1 allows remote attackers to execute arbitrary code via crafted property values, aka "Office Web Components Buffer Overflow Vulnerability."
Thu, 13 Aug 09
CVE-2009-1133 (windows_2000, windows_server, windows_server_2003, windows_server_2008, windows_v...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1133
Heap-based buffer overflow in Microsoft Remote Desktop Connection (formerly Terminal Services Client) running RDP 5.0 through 6.1 on Windows, and Remote Desktop Connection Client for Mac 2.0, allows remote attackers to execute arbitrary code via unspecified parameters, aka "Remote Desktop Connection Heap Overflow Vulnerability."
Thu, 13 Aug 09
isa_server, office, office_web_components
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0562
The Office Web Components ActiveX Control in Microsoft Office XP SP3, Office 2003 SP3, Office XP Web Components SP3, Office 2003 Web Components SP3, Office 2003 Web Components SP1 for the 2007 Microsoft Office System, Internet Security and Acceleration (ISA) Server 2004 SP3 and 2006 SP1, and Office Small Business Accounting 2006 does not properly allocate memory, which allows remote attackers to execute arbitrary code via unspecified vectors that trigger "system state" corruption, aka "Office...
Thu, 13 Aug 09
gnutls
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2730
libgnutls in GnuTLS before 2.8.2 does not properly handle a '\0' character in a domain name in the subject's (1) Common Name (CN) or (2) Subject Alternative Name (SAN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.
Thu, 13 Aug 09
appliance_s800i, business_edition, open_source, opensource
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2726
The SIP channel driver in Asterisk Open Source 1.2.x before 1.2.34, 1.4.x before 1.4.26.1, 1.6.0.x before 1.6.0.12, and 1.6.1.x before 1.6.1.4; Asterisk Business Edition A.x.x, B.x.x before B.2.5.9, C.2.x before C.2.4.1, and C.3.x before C.3.1; and Asterisk Appliance s800i 1.2.x before 1.3.0.3 does not use a maximum width when invoking sscanf style functions, which allows remote attackers to cause a denial of service (stack memory consumption) via SIP packets containing large sequences of ASC...
Thu, 13 Aug 09
hpux
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1427
Unspecified vulnerability in HP-UX B.11.31 allows local users to cause a denial of service (system crash) via unknown vectors related to the ttrace system call.
Thu, 13 Aug 09
CVE-2008-6960 (.x10_automatic_mp3_script)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6960
download.php in X10media x10 Automatic Mp3 Search Engine Script 1.5.5 through 1.6 allows remote attackers to read arbitrary files via an encoded url parameter, as demonstrated by obtaining database credentials from includes/constants.php.
Thu, 13 Aug 09
chilkat_socket
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6959
Insecure method vulnerability in the Chilkat Socket ActiveX control (ChilkatSocket.ChilkatSocket.1) in ChilkatSocket.dll 2.3.1.1 allows remote attackers to overwrite arbitrary files via the SaveLastError method. NOTE: this might be related to CVE-2008-1647.
Thu, 13 Aug 09
CVE-2008-6958 (crossday_discuz!_board)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6958
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
Thu, 13 Aug 09
CVE-2008-6957 (discuz!)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6957
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
Thu, 13 Aug 09
mxcamarchive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6956
Static code injection vulnerability in admin/admin.php in mxCamArchive 2.2 allows remote authenticated administrators to inject arbitrary PHP code into an unspecified program via the description parameter, which is executed by invocation of index.php. NOTE: some of these details are obtained from third party information.
Thu, 13 Aug 09
mxcamarchive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6955
mxCamArchive 2.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain configuration details and passwords via a direct request for archive/config.ini.
Thu, 13 Aug 09
cobbler
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6954
The web interface (CobblerWeb) in Cobbler before 1.2.9 allows remote authenticated users to execute arbitrary Python code in cobblerd by editing a Cheetah kickstart template to import arbitrary Python modules.
Thu, 13 Aug 09
CVE-2008-6953
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6953
Buffer overflow in oovoo.exe in ooVoo 1.7.1.35, and possibly other versions before 1.7.1.59, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long oovoo: URI.
Thu, 13 Aug 09
maurycms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6952
SQL injection vulnerability in Rss.php in MauryCMS 0.53.2 and earlier allows remote attackers to execute arbitrary SQL commands via the c parameter.
Thu, 13 Aug 09
maurycms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6951
MauryCMS 0.53.2 and earlier does not require administrative authentication for Editors/fckeditor/editor/filemanager/browser/default/browser.html, which allows remote attackers to upload arbitrary files via a direct request.
Thu, 13 Aug 09
bankoi_webhosting_control_panel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6950
Multiple SQL injection vulnerabilities in login.asp in Bankoi WebHosting Control Panel 1.20 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field.
Thu, 13 Aug 09
collabtive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6949
Multiple cross-site request forgery (CSRF) vulnerabilities in Collabtive 0.4.8 allow remote attackers to hijack the authentication of administrators for requests that (1) submit or edit a new project, or (2) upload files to a project, or (3) attach files to messages via unknown vectors. NOTE: these issues can be leveraged with other vulnerabilities to create remote attack vectors that do not require authentication.
Thu, 13 Aug 09
collabtive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6948
Unrestricted file upload vulnerability in Collabtive 0.4.8 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and using a text/plain MIME type, then accessing it via a direct request to the file in files/, related to (1) the showproject action in managefile.php or (2) the Messages feature.
Thu, 13 Aug 09
collabtive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6947
Collabtive 0.4.8 allows remote attackers to bypass authentication and create new users, including administrators, via unspecified vectors associated with the added mode in a users action to admin.php.
Thu, 13 Aug 09
collabtive
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6946
Cross-site scripting (XSS) vulnerability in manageproject.php in Collabtive 0.4.8 allows user-assisted remote attackers to inject arbitrary web script or HTML via the project Name, which is not properly handled when the administrator performs an editform action, related to admin.php.
Thu, 13 Aug 09
interchange
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6945
Multiple cross-site scripting (XSS) vulnerabilities in Interchange 5.7 before 5.7.1, 5.6 before 5.6.1, and 5.4 before 5.4.3 allow remote attackers to inject arbitrary web script or HTML via (1) the mv_order_item CGI variable parameter in Core, (2) the country-select widget, or (3) possibly the value specifier when used in the UserTag feature.
Thu, 13 Aug 09
auto_classifieds
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6944
Unrestricted file upload vulnerability in ScriptsFeed Auto Classifieds allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in cars_images/.
Thu, 13 Aug 09
recipes_listing_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6943
Unrestricted file upload vulnerability in ScriptsFeed Recipes Listing Portal allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a recipe photo, then accessing it via a direct request to the file in pictures/.
Thu, 13 Aug 09
realtor_classifieds_system
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6942
Unrestricted file upload vulnerability in ScriptsFeed Realtor Classifieds System (aka Real Estate Classifieds) allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension as a profile logo, then accessing it via a direct request to the file in re_images/.
Thu, 13 Aug 09
web_hosting_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6941
SQL injection vulnerability in the login functionality in TurnkeyForms Web Hosting Directory allows remote attackers to execute arbitrary SQL commands via the password field.
Thu, 13 Aug 09
web_hosting_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6940
TurnkeyForms Web Hosting Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain a database backup via a direct request to admin/backup/db.
Thu, 13 Aug 09
web_hosting_directory
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6939
TurnkeyForms Web Hosting Directory allows remote attackers to bypass authentication and (1) gain administrative privileges by setting the adm cookie to 1 or (2) gain privileges as another user by setting the logged cookie to the target username.
Wed, 12 Aug 09
roundup
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2737
The EditCSVAction function in cgi/actions.py in Roundup 1.2 before 1.2.1, 1.4 through 1.4.6, and possibly other versions does not properly check permissions, which allows remote authenticated users with edit or create privileges for a class to modify arbitrary items within that class, as demonstrated by editing all queries, modifying settings, and adding roles to users.
Wed, 12 Aug 09
opennews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2736
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the "Overall Width" field in a setconfig action.
Wed, 12 Aug 09
opennews
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2735
SQL injection vulnerability in admin.php in sun-jester OpenNews 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.
Wed, 12 Aug 09
j2ee, siteminder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2705
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing non-canonical, "overlong Unicode" in place of blacklisted characters.
Wed, 12 Aug 09
j2ee, siteminder
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2704
CA SiteMinder allows remote attackers to bypass cross-site scripting (XSS) protections for J2EE applications via a request containing a %00 (encoded null byte).
Wed, 12 Aug 09
midnightbsd, miros, netbsd, openbsd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0687
The pf_test_rule function in OpenBSD Packet Filter (PF), as used in OpenBSD 4.2 through 4.5, NetBSD 5.0 before RC3, MirOS 10 and earlier, and MidnightBSD 0.3-current allows remote attackers to cause a denial of service (panic) via crafted IP packets that trigger a NULL pointer dereference during translation, related to an IPv4 packet with an ICMPv6 payload.
Tue, 11 Aug 09
phpadboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6921
Unrestricted file upload vulnerability in index.php in phpAdBoard 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in photoes/.
Tue, 11 Aug 09
phpemployment
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6920
Unrestricted file upload vulnerability in auth.php in phpEmployment 1.8 allows remote attackers to execute arbitrary code by uploading a file with an executable extension during a regnew action, then accessing it via a direct request to the file in photoes/.
Tue, 11 Aug 09
taskdriver
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6919
profileedit.php TaskDriver 1.3 and earlier allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "fook!admin."
Tue, 11 Aug 09
theportal2
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6918
Unrestricted file upload vulnerability in admin/galeria.php in ThePortal2 2.2 allows remote attackers to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in galeria/.
Fri, 7 Aug 09
2532gigs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6907
Multiple SQL injection vulnerabilities in checkuser.php in 2532designs 2532|Gigs 1.2.2 Stable, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters, as accessible from a form generated by index.php.
Fri, 7 Aug 09
babbleboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6906
Cross-site scripting (XSS) vulnerability in index.php in BabbleBoard 1.1.6 allows remote attackers to inject arbitrary web script or HTML via the username.
Fri, 7 Aug 09
babbleboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6905
Cross-site request forgery (CSRF) vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete (1) categories or (2) groups; (3) ban users; or (4) delete users via the admin page.
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2194
Apple Mac OS X 10.5 before 10.5.8 does not properly share file descriptors over local sockets, which allows local users to cause a denial of service (system crash) by placing file descriptors in messages sent to a socket that has no receiver, related to a "synchronization issue."
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2193
Buffer overflow in the kernel in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a crafted AppleTalk response packet.
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2192
MobileMe in Apple Mac OS X 10.5 before 10.5.8 does not properly delete credentials upon signout from the preference pane, which makes it easier for attackers to hijack a MobileMe session via unspecified vectors, related to a "logic issue."
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2190
launchd in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to cause a denial of service (individual service outage) by making many connections to an inetd-based launchd service.
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2188
Buffer overflow in ImageIO in Apple Mac OS X 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with crafted EXIF metadata.
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1726
Heap-based buffer overflow in ColorSync in Apple Mac OS X 10.4.11 and 10.5 before 10.5.8 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image containing an embedded ColorSync profile.
Fri, 7 Aug 09
apr-util, portable_runtime
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2412
Multiple integer overflows in the Apache Portable Runtime (APR) library and the Apache Portable Utility library (aka APR-util) 0.9.x and 1.3.x allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via vectors that trigger crafted calls to the (1) allocator_alloc or (2) apr_palloc function in memory/unix/apr_pools.c in APR; or crafted calls to the (3) apr_rmm_malloc, (4) apr_rmm_calloc, or (5) apr_rmm_realloc function in misc/apr_rmm.c in AP...
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1723
CFNetwork in Apple Mac OS X 10.5 before 10.5.8 places an incorrect URL in a certificate warning in certain 302 redirection scenarios, which makes it easier for remote attackers to trick a user into visiting an arbitrary https web site by leveraging an open redirect vulnerability, a different issue than CVE-2009-2062.
Fri, 7 Aug 09
mac_os_x, mac_os_x_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0151
The screen saver in Dock in Apple Mac OS X 10.5 before 10.5.8 does not prevent four-finger Multi-Touch gestures, which allows physically proximate attackers to bypass locking and "manage applications or use Expose" via unspecified vectors.
Tue, 4 Aug 09
network_security_services
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2404
Heap-based buffer overflow in a regular-expression parser in Mozilla Network Security Services (NSS) before 3.12.3, as used in Firefox, Thunderbird, SeaMonkey, Evolution, Pidgin, and AOL Instant Messenger (AIM), allows remote SSL servers to cause a denial of service (application crash) or possibly execute arbitrary code via a long domain name in the subject's Common Name (CN) field of an X.509 certificate, related to the cert_TestHostName function.
Tue, 4 Aug 09
asp_forum_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6891
Multiple cross-site scripting (XSS) vulnerabilities in ASP Forum Script allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id parameter to (a) new_message.asp and (b) messages.asp, and the (2) query string to default.asp.
Tue, 4 Aug 09
asp_forum_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6890
SQL injection vulnerability in messages.asp in ASP Forum Script allows remote attackers to execute arbitrary SQL commands via the message_id parameter.
Tue, 4 Aug 09
aspreferral
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6889
SQL injection vulnerability in Merchantsadd.asp in ASPReferral 5.3 allows remote attackers to execute arbitrary SQL commands via the AccountID parameter.
Tue, 4 Aug 09
pre_classified_listings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6888
Cross-site scripting (XSS) vulnerability in signup.asp in Pre Classified Listings 1.0 allows remote attackers to inject arbitrary web script or HTML via the address parameter.
Tue, 4 Aug 09
pre_classified_listings
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6887
SQL injection vulnerability in detailad.asp in Pre Classified Listings 1.0 allows remote attackers to execute arbitrary SQL commands via the siteid parameter.
Tue, 4 Aug 09
envision
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6886
RSA EnVision 3.5.0, 3.5.1, 3.5.2, and 3.7.0 does not properly restrict access to unspecified user profile functionality, which allows remote attackers to obtain the administrator password hash and conduct brute force guessing attacks.