[ Register | Login ]

Home PHP Scripts Contact News Articles RSS Readers Donations

Software Vulnerability

	Enter your search terms Submit search form
	Web www.amigura.co.uk

Main

Software Alerts

Software and Script Bug Exploits
Software Vulnerability
Random Feeds

Archives

| Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |

Tue, 30 Mar 10
audio_player
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4754
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.

Tue, 30 Mar 10
nasu2fw41
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4753
Multiple buffer overflows in the FTP server on the Addonics NAS Adapter NASU2FW41 with loader 1.17 allow remote attackers to cause a denial of service (TCP/IP outage) via long arguments to the (1) XRMD, (2) delete, (3) RNFR, or (4) RNTO command.

Fri, 26 Mar 10
phpmysport
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1109
Multiple SQL injection vulnerabilities in index.php in phpMySport 1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) v2 parameter in a member view action, (2) v1 parameter in a news action, (3) v1 parameter in an information action, (4) v2 parameter in a team view action, (5) v2 parameter in a club view action, or (6) v2 parameter in a matches view action.

Fri, 26 Mar 10
controlpanel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1108
Cross-site scripting (XSS) vulnerability in the Control Panel module 5.x through 5.x-1.5 and 6.x through 6.x-1.2 for Drupal allows remote authenticated users, with "administer blocks" privileges, to inject arbitrary web script or HTML via unspecified vectors.

Fri, 26 Mar 10
recent_comments
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1107
Cross-site scripting (XSS) vulnerability in the Recent Comments module 5.x through 5.x-1.2 and 6.x through 6.x-1.0 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a "custom block title interface."

Fri, 26 Mar 10
advertisementmanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1106
PHP remote file inclusion vulnerability in cgi/index.php in AdvertisementManager 3.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the req parameter. NOTE: this can also be leveraged to include and execute arbitrary local files via .. (dot dot) sequences.

Fri, 26 Mar 10
advertisementmanager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1105
Cross-site scripting (XSS) vulnerability in cgi/index.php in AdvertisementManager 3.1.0 and 3.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter.

Fri, 26 Mar 10
zope
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-1104
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

Thu, 25 Mar 10
kernel
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0437
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via unknown vectors.

Wed, 17 Mar 10
jevci_siparis_formu_scripti
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0965
Jevci Siparis Formu Scripti stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for siparis.mdb.

Wed, 17 Mar 10
eros_webkatalog
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0964
SQL injection vulnerability in start.php in Eros Webkatalog allows remote attackers to execute arbitrary SQL commands via the id parameter in a rubrik action.

Wed, 17 Mar 10
dl
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0963
Cross-site scripting (XSS) vulnerability in index.php in dl Download Ticket Service before 0.7 allows remote attackers to inject arbitrary web script or HTML via the t parameter, related to an invalid ticket ID. NOTE: some of these details are obtained from third party information.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0054
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving HTML IMG elements.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0053
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to the run-in Cascading Style Sheets (CSS) display property.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0052
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "callbacks for HTML elements."

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0051
WebKit in Apple Safari before 4.0.5 does not properly validate the cross-origin loading of stylesheets, which allows remote attackers to obtain sensitive information via a crafted HTML document. NOTE: this might overlap CVE-2010-0651.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0050
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an HTML document with improperly nested tags.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0049
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via HTML elements with right-to-left (RTL) text directionality.

Tue, 16 Mar 10
cpio, tar
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0624
Heap-based buffer overflow in the rmt_read__ function in lib/rtapelib.c in the rmt client functionality in GNU tar before 1.23 and GNU cpio before 2.11 allows remote rmt servers to cause a denial of service (memory corruption) or possibly execute arbitrary code by sending more data than was requested, related to archive filenames that contain a : (colon) character.

Tue, 16 Mar 10
dpkg
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0396
Directory traversal vulnerability in the dpkg-source component in dpkg before 1.14.29 allows remote attackers to modify arbitrary files via a crafted Debian source archive.

Tue, 16 Mar 10
employee_timeclock_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0124
Employee Timeclock Software 0.99 places the database password on the mysqldump command line, which allows local users to obtain sensitive information by listing the process.

Tue, 16 Mar 10
employee_timeclock_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0123
The database backup implementation in Employee Timeclock Software 0.99 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for a "semi-predictable file name."

Tue, 16 Mar 10
employee_timeclock_software
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0122
Multiple SQL injection vulnerabilities in Employee Timeclock Software 0.99 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter to (a) auth.php or (b) login_action.php.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0048
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted XML document.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0047
Use-after-free vulnerability in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to "HTML object element fallback content."

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0046
The Cascading Style Sheets (CSS) implementation in WebKit in Apple Safari before 4.0.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via crafted format arguments.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0045
Apple Safari before 4.0.5 on Windows does not properly validate external URL schemes, which allows remote attackers to open local files and execute arbitrary code via a crafted HTML document.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0044
PubSub in Apple Safari before 4.0.5 does not properly implement use of the Accept Cookies preference to block cookies, which makes it easier for remote web servers to track users by setting a cookie in a (1) RSS or (2) Atom feed.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0043
ImageIO in Apple Safari before 4.0.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted TIFF image.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0042
ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted TIFF image.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0041
ImageIO in Apple Safari before 4.0.5 on Windows does not ensure that memory access is associated with initialized memory, which allows remote attackers to obtain potentially sensitive information from process memory via a crafted BMP image.

Tue, 16 Mar 10
safari
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0040
Integer overflow in ColorSync in Apple Safari before 4.0.5 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via an image with a crafted color profile that triggers a heap-based buffer overflow.

Tue, 16 Mar 10
xnview
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4001
Integer overflow in XnView before 1.97.2 might allow remote attackers to execute arbitrary code via a DICOM image with crafted dimensions, leading to a heap-based buffer overflow.

Thu, 11 Mar 10
tribisur
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0958
Directory traversal vulnerability in modules/hayoo/index.php in Tribisur 2.1, 2.0, and earlier, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary files via directory traversal sequences in the theme parameter. NOTE: some of these details are obtained from third party information.

Thu, 11 Mar 10
saskias_shopsystem
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0957
Directory traversal vulnerability in content.php in Saskia's Shopsystem beta1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the id parameter.

Thu, 11 Mar 10
opencart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0956
SQL injection vulnerability in index.php in OpenCart 1.3.2 allows remote attackers to execute arbitrary SQL commands via the page parameter.

Thu, 11 Mar 10
bild_flirt_community
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0955
SQL injection vulnerability in index.php in Bild Flirt Community 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Thu, 11 Mar 10
pre_e-learning_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0954
SQL injection vulnerability in search_result.asp in Pre Projects Pre E-Learning Portal allows remote attackers to execute arbitrary SQL commands via the course_ID parameter.

Thu, 11 Mar 10
phpcoin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0953
Directory traversal vulnerability in mod.php in phpCOIN 1.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the mod parameter.

Thu, 11 Mar 10
onecms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0952
SQL injection vulnerability in index.php in OneCMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action.

Thu, 11 Mar 10
dev4u_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0951
SQL injection vulnerability in go_target.php in dev4u CMS allows remote attackers to execute arbitrary SQL commands via the kontent_id parameter.

Thu, 11 Mar 10
natychmiast-cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0950
Multiple SQL injection vulnerabilities in Natychmiast CMS allow remote attackers to execute arbitrary SQL commands via the id_str parameter to (1) index.php and (2) a_index.php.

Thu, 11 Mar 10
natychmiast-cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0949
Multiple cross-site scripting (XSS) vulnerabilities in Natychmiast CMS allow remote attackers to inject arbitrary web script or HTML via the id_str parameter to (1) index.php and (2) a_index.php.

Thu, 11 Mar 10
bigforum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0948
SQL injection vulnerability in profil.php in Bigforum 4.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Thu, 11 Mar 10
bbsmax
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0947
Cross-site scripting (XSS) vulnerability in post.aspx in Max Network Technology BBSMAX 3.0, 4.1, and 4.2 allows remote attackers to inject arbitrary web script or HTML via the action parameter.

Thu, 11 Mar 10
samba
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0926
The default configuration of smbd in Samba before 3.3.11, 3.4.x before 3.4.6, and 3.5.x before 3.5.0rc3, when a writable share exists, allows remote authenticated users to leverage a directory traversal vulnerability, and access arbitrary files, by using the symlink command in smbclient to create a symlink containing .. (dot dot) sequences, related to the combination of the unix extensions and wide links options.

Thu, 11 Mar 10
ncpfs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0791
The (1) ncpmount, (2) ncpumount, and (3) ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service (application failure) via unspecified vectors that trigger the creation of a /etc/mtab~ file that persists after the program exits.

Thu, 11 Mar 10
ncpfs
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0790
sutil/ncpumount.c in ncpumount in ncpfs 2.2.6 produces certain detailed error messages about the results of privileged file-access attempts, which allows local users to determine the existence of arbitrary files via the mountpoint name.

Thu, 11 Mar 10
samba
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0728
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.

Thu, 11 Mar 10
chumby_one, chumby_classic
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0418
The web interface in chumby one before 1.0.4 and chumby classic before 1.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in a request.

Thu, 11 Mar 10
duo_usb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0103
UsbCharger.dll in the Energizer DUO USB battery charger software contains a backdoor that is implemented through the Arucer.dll file in the %WINDIR%\system32 directory, which allows remote attackers to download arbitrary programs onto a Windows PC, and execute these programs, via a request to TCP port 7777.

Tue, 9 Mar 10
abb_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0939
Visialis ABB Forum 1.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for fpdb/abb.mdb.

Tue, 9 Mar 10
todoo_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0938
Cross-site scripting (XSS) vulnerability in todooforum.php in Todoo Forum 2.0 allows remote attackers to inject arbitrary web script or HTML via the id_forum parameter in a post action.

Tue, 9 Mar 10
visualization_library
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0937
Multiple unspecified vulnerabilities in Visualization Library before 2009.08.812 have unknown impact and attack vectors.

Tue, 9 Mar 10
dkvm-ip8
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0936
Cross-site scripting (XSS) vulnerability in auth.asp on the D-LINK DKVM-IP8 with firmware 2282_dlinkA4_p8_20071213 allows remote attackers to inject arbitrary web script or HTML via the nickname parameter.

Tue, 9 Mar 10
com_if_nexus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4679
Directory traversal vulnerability in the inertialFATE iF Portfolio Nexus (com_if_nexus) component 1.5 for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the controller parameter to index.php.

Tue, 9 Mar 10
winn_guestbook
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4678
Cross-site scripting (XSS) vulnerability in index.php in Winn Guestbook 2.4 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Tue, 9 Mar 10
phpfk_php_forum
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4677
Cross-site scripting (XSS) vulnerability in search.php in phpFK PHP Forum ohne 7.0.4 allows remote attackers to inject arbitrary web script or HTML via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Sat, 6 Mar 10
CVE-2009-3032 (brightmail_gateway, data_loss_prevention_detection_servers, data_loss_prevention_...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3032
Integer overflow in kvolefio.dll 8.5.0.8339 and 10.5.0.0 in the Autonomy KeyView Filter SDK, as used in IBM Lotus Notes 8.5, Symantec Mail Security for Microsoft Exchange 5.0.10 through 5.0.13, and other products, allows context-dependent attackers to execute arbitrary code via a crafted OLE document that triggers a heap-based buffer overflow.

Sat, 6 Mar 10
CVE-2009-4675 (gastro_portal_(restaurant_directory)_script)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4675
admin/admin_info/index.php in the Mole Group Gastro Portal (Restaurant Directory) Script does not require administrative authentication, which allows remote attackers to change the admin password via an unspecified form submission.

Sat, 6 Mar 10
buss_ticket_script, sky_hunter_airline_ticket_sale_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4674
admin/admin.php in Mole Group Sky Hunter Airline Ticket Sale Script and Bus Ticket Script allows remote attackers to change an arbitrary password via a modified user_id field.

Sat, 6 Mar 10
adult_portal_script
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4673
SQL injection vulnerability in profile.php in Mole Group Adult Portal Script allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

Sat, 6 Mar 10
wp-lytebox_plugin
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4672
Directory traversal vulnerability in main.php in the WP-Lytebox plugin 1.3 for WordPress allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the pg parameter.

Sat, 6 Mar 10
roomphplanning
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4671
Login.php in RoomPHPlanning 1.6 allows remote attackers to bypass authentication and obtain administrative access by setting the room_phplanning cookie to a value associated with the admin account.

Sat, 6 Mar 10
roomphplanning
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4670
admin/delitem.php in RoomPHPlanning 1.6 does not require authentication, which allows remote attackers to (1) delete arbitrary users via the user parameter or (2) delete arbitrary rooms via the room parameter.

Sat, 6 Mar 10
roomphplanning
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4669
Multiple SQL injection vulnerabilities in RoomPHPlanning 1.6 allow remote attackers to execute arbitrary SQL commands via (1) the loginus parameter to Login.php or (2) the Old Password field to changepwd.php, and allow (3) remote authenticated administrators to execute arbitrary SQL commands via the id parameter to admin/userform.php.

Sat, 6 Mar 10
jetaudio
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4668
Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information.

Sat, 6 Mar 10
webmember
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4667
SQL injection vulnerability in form.php in WebMember 1.0 allows remote authenticated users to execute arbitrary SQL commands via the formID parameter.

Sat, 6 Mar 10
download_protect
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4666
Multiple PHP remote file inclusion vulnerabilities in Webradev Download Protect 1.0 allow remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[RootPath] parameter to (1) Framework/EmailTemplates.class.php, (2) Customers/PDPEmailReplaceConstants.class.php, and (3) Admin/ResellersManager.class.php in includes/DProtect/.

Sat, 6 Mar 10
CVE-2009-4665 (cute_editor_for_asp.net)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4665
Directory traversal vulnerability in CuteSoft_Client/CuteEditor/Load.ashx in CuteSoft Components Cute Editor for ASP.NET allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Sat, 6 Mar 10
lotus_domino
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0927
Cross-site scripting (XSS) vulnerability in help/readme.nsf/Header in the Help component in IBM Lotus Domino 7.x before 7.0.4 and 8.x before 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the BaseTarget parameter in an OpenPage action. NOTE: this may overlap CVE-2010-0920.

Sat, 6 Mar 10
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0592
The CTI Manager service in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)sr1a, 6.x before 6.1(3), 7.0x before 7.0(2), 7.1x before 7.1(2), and 8.x before 8.0(1) allows remote attackers to cause a denial of service (service failure) via a malformed message, aka Bug ID CSCsu31800.

Sat, 6 Mar 10
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0591
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3b)SU2, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP REG message, related to an overflow of the Telephone-URL field, aka Bug ID CSCtc62362.

Sat, 6 Mar 10
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0590
The CMSIPUtility component in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 7.x before 7.1(3a)su1 and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP Register message, aka Bug ID CSCtc37188.

Sat, 6 Mar 10
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0588
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP (1) RegAvailableLines or (2) FwdStatReq message with an invalid Line number, aka Bug ID CSCtc47823.

Sat, 6 Mar 10
unified_communications_manager
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0587
Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 4.x before 4.3(2)SR2, 6.x before 6.1(5), 7.x before 7.1(3a)su1, and 8.x before 8.0(1) allows remote attackers to cause a denial of service (process failure) via a malformed SCCP StationCapabilitiesRes message with an invalid MaxCap field, aka Bug ID CSCtc38985.

Sat, 6 Mar 10
kvm
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0419
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.

Sat, 6 Mar 10
http_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0408
The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code.

Sat, 6 Mar 10
informix_dynamic_server, legato_networker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2754
Integer signedness error in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allows remote attackers to execute arbitrary code via a crafted parameter size that triggers a stack-based buffer overflow.

Sat, 6 Mar 10
informix_dynamic_server, legato_networker
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-2753
Multiple buffer overflows in the authentication functionality in librpc.dll in the Informix Storage Manager (ISM) Portmapper service (aka portmap.exe), as used in IBM Informix Dynamic Server (IDS) 10.x before 10.00.TC9 and 11.x before 11.10.TC3 and EMC Legato NetWorker, allow remote attackers to execute arbitrary code via a crafted parameter size.

 

Home | Contact | PHP Scripts | Sitemap | News | Articles | Advertise | Jobs | RSS Readers | Donations | Api Projects

© amigura.co.uk All Rights Reserved.