[CLOSE] OSVDB ID : 46670 - Disclosed: 2008-07-02

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 2

Vulnerability Classification

[CLOSE] OSVDB ID : 46668 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 46666 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 46664 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 46662 - Disclosed: 2008-07-02

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 821 - Disclosed: 2002-09-12

Description:

By default, Linksys routers install with a default password. The administrative account has a password of admin which is publicly known and documented. This allows attackers to trivially access the program or system.

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 40621 - Disclosed: 2007-10-17

Description:

Simple PHP Blog contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions to delete posts. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

Comments: 0, Blogs: 0, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 44643 - Disclosed: 2008-04-23

Description:

A buffer overflow exists in HD Audio Codec Driver. RTKVHDA.sys and RTKVHDA64.sys fail to validate IOCTL requests resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Comments: 0, Blogs: 0, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 17082 - Disclosed: 1994-02-01

Description:

AIX Performance Tools contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the 'tprof' utility is run with the '-x' parameter. Command arguments supplied to this parameter are run with the same privileges as 'tprof' (SUID root by default), allowing arbitrary privileged command execution.

Comments: 0, Blogs: 0, References: 22

Vulnerability Classification

[CLOSE] OSVDB ID : 20712 - Disclosed: 2005-11-08

Description:

ASP-Programmers ASPKnowledgebase contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the adminlogin.asp script not properly sanitizing user-supplied input to the pwd variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Comments: 0, Blogs: 0, References: 6

Vulnerability Classification

[CLOSE] OSVDB ID : 46083 - Disclosed: 2008-06-10

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the substringData method in Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code, related to an unspecified manipulation of a DOM object before a call to this method, aka the "HTML Objects Memory Corruption Vulnerability."

Comments: 0, Blogs: 26, References: 12

Vulnerability Classification

[CLOSE] OSVDB ID : 46554 - Disclosed: 2008-06-20

Description:

(Description Provided by CVE) : Integer overflow in the rb_ary_splice function in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2 allows context-dependent attackers to trigger memory corruption, aka the "beg + rlen" issue. NOTE: as of 20080624, there has been inconsistent usage of multiple CVE identifiers related to Ruby. The CVE description should be regarded as authoritative, although it is likely to change.

Comments: 0, Blogs: 13, References: 27

Vulnerability Classification

[CLOSE] OSVDB ID : 45890 - Disclosed: 2008-05-30

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the VMware Host Guest File System (HGFS) in VMware Workstation 6 before 6.0.4 build 93057, VMware Player 2 before 2.0.4 build 93057, VMware ACE 2 before 2.0.2 build 93057, and VMware Fusion before 1.1.2 build 87978, when folder sharing is used, allows guest OS users to execute arbitrary code on the host OS via unspecified vectors.

Comments: 0, Blogs: 8, References: 5

Vulnerability Classification

[CLOSE] OSVDB ID : 46069 - Disclosed: 2008-06-10

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Apple QuickTime before 7.5 on Windows allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted packed scanlines in PixData structures in a PICT image.

Comments: 0, Blogs: 7, References: 10

Vulnerability Classification

[CLOSE] OSVDB ID : 46104 - Disclosed: 2008-06-04

Description:

(Description Provided by CVE) : The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

Comments: 0, Blogs: 7, References: 19

Vulnerability Classification