[CLOSE] OSVDB ID : 27534 - Disclosed: 2006-07-31

Description:

Safari contains a flaw that may allow a malicious user to execute arbitrary code. The issue is caused due to an error in the 'KHTMLParser::popOneBlock()' function that can be exploited to cause a memory corruption via a script element in a div element redefining the document body. It is possible that the flaw may allow remote arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 29868 - Disclosed: 2006-07-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in administrator/components/com_bayesiannaivefilter/lang.php in the bayesiannaivefilter component (com_bayesiannaivefilter) 1.1 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 39200 - Disclosed: 2006-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39201 - Disclosed: 2006-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39202 - Disclosed: 2006-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39203 - Disclosed: 2006-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29074 - Disclosed: 2006-07-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in phpAdsNew/view.inc.php in Albasoftware Phpauction 2.1 and possibly later versions, with phpAdsNew 2.0.5, allows remote attackers to execute arbitrary PHP code via a URL in the phpAds_path parameter.

[CLOSE] OSVDB ID : 29073 - Disclosed: 2006-07-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in component/option,com_moskool/Itemid,34/admin.moskool.php in MamboXChange Moskool 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 27647 - Disclosed: 2006-07-30

Description:

BomberClone contains a flaw that may allow a malicious user to cause a denial of service. The issue is triggered when sending a specially crafted packet that is processed and used incorrectly in a memcpy function. Due to a big-endian check bypass it is possible that the flaw may cause a NULL dereference or overwrite of parts of the memory resulting in a loss availability.

[CLOSE] OSVDB ID : 27648 - Disclosed: 2006-07-30

Description:

BomberClone contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specialy crafted packet (containing a huge word value related to the length of the packet), which will disclose part of the memory in the answering packet payload resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 27649 - Disclosed: 2006-07-30

Description:

BomberClone contains a flaw that may allow a malicious user to crash the server. The issue is triggered when sending an error message packet (normaly sent to clients) to the server. It is possible that the flaw may cause the server to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 27651 - Disclosed: 2006-07-30

Description:

UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the uhp_config.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27652 - Disclosed: 2006-07-30

Description:

UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to footer.php not properly sanitizing user input supplied to the "mosConfig_absolute_path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28111 - Disclosed: 2006-07-30

Description:

UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to install.uhp.php not properly sanitizing user input supplied to the "mosConfig_absolute_path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28112 - Disclosed: 2006-07-30

Description:

UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions.php not properly sanitizing user input supplied to the "mosConfig_absolute_path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28113 - Disclosed: 2006-07-30

Description:

UHP for Mambo and Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to uninstall.uhp.php not properly sanitizing user input supplied to the "mosConfig_absolute_path" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27665 - Disclosed: 2006-07-30

Description:

ATutor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the "links/index.php" script not properly sanitizing user-supplied input to the 'asc' and 'desc' variables. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 28078 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in artlinks.dispnew.php in the Artlinks component (com_artlinks) for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter.

[CLOSE] OSVDB ID : 29087 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter.

[CLOSE] OSVDB ID : 29088 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in tpl.inc.php in Falko Timme and Till Brehm SQLiteWebAdmin 0.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the conf[classpath] parameter.

[CLOSE] OSVDB ID : 29089 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.

[CLOSE] OSVDB ID : 29090 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Banex PHP MySQL Banner Exchange 2.21 allow remote attackers to execute arbitrary SQL commands via the (1) site_name parameter to (a) signup.php, and the (2) id, (3) deleteuserbanner, (4) viewmem, (5) viewmemunb, (6) viewunmem,or (7) deleteuser parameters to (b) admin.php.

[CLOSE] OSVDB ID : 29091 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in members.php in Banex PHP MySQL Banner Exchange 2.21 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_root parameter.

[CLOSE] OSVDB ID : 29092 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : Banex PHP MySQL Banner Exchange 2.21 stores lib.inc under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as database usernames and passwords.

[CLOSE] OSVDB ID : 29069 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : The ip2long function in PHP 5.1.4 and earlier may incorrectly validate an arbitrary string and return a valid network IP address, which allows remote attackers to obtain network information and facilitate other attacks, as demonstrated using SQL injection in the X-FORWARDED-FOR Header in index.php in MiniBB 2.0. NOTE: it could be argued that the ip2long behavior represents a risk for security-relevant issues in a way that is similar to strcpy's role in buffer overflows, in which case this would be a class of implementation bugs that would require separate CVE items for each PHP application that uses ip2long in a security-relevant manner.

[CLOSE] OSVDB ID : 43945 - Disclosed: 2006-07-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 27634 - Disclosed: 2006-07-29

Description:

X-Poll contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the top.php script not properly sanitizing user-supplied input to the 'poll' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 27633 - Disclosed: 2006-07-29

Description:

WordPress contains a flaw related to some unspecified errors that can cause unknown impacts. No further details have been provided.

[CLOSE] OSVDB ID : 27635 - Disclosed: 2006-07-29

Description:

X-Protection contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the protect.php script not properly sanitizing user-supplied input to the password and username variables via the POST method. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 27642 - Disclosed: 2006-07-29

Description:

Ajax Chat contains a flaw that allows a remote attacker to disclose the content of arbitrary files outside of the web path. The issue is due to the operator_chattranscript.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'chatid' variable.

[CLOSE] OSVDB ID : 27643 - Disclosed: 2006-07-29

Description:

Ajax Chat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'userid' variable upon submission to the chat.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27659 - Disclosed: 2006-07-29

Description:

Colophon for Joomla contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the admin.colophon.php script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 27629 - Disclosed: 2006-07-29

Description:

AWBS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Name', 'AccountUsername' and 'Message' variables upon submission to the contact.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27636 - Disclosed: 2006-07-29

Description:

X-Statistics contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the x-statistics.php script not properly sanitizing user-supplied input to the 'User-Agent' HTTP header. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 27704 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in vbPortal 3.0.2 through 3.6.0 Beta 1, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via directory traversal sequences in the bbvbplang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by index.php.

[CLOSE] OSVDB ID : 28312 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to inject arbitrary web script or HTML via the gallery parameter.

[CLOSE] OSVDB ID : 28313 - Disclosed: 2006-07-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in usercp.php in MyBB (aka MyBulletinBoard) 1.x allows remote attackers to read arbitrary files via a .. (dot dot) in the gallery parameter in a (1) avatar or (2) do_avatar action.

[CLOSE] OSVDB ID : 27532 - Disclosed: 2006-07-29

Description:

Internet Explorer contains a flaw that may allow a local denial of service. The issue is triggered when opening a web page containing a script which calls the 'ADODB.Recordset' ActiveX object's 'NextRecordset' method several times with a long argument. This will result in an invalid memory access causing the browser to crash.

[CLOSE] OSVDB ID : 27533 - Disclosed: 2006-07-29

Description:

Microsoft IE contains a flaw that may allow a local denial of service. The issue is triggered when a NULL pointer is referenced by accessing the property of an object that is inside a deleted frame, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 29128 - Disclosed: 2006-07-28

Description:

(Description Provided by CVE) : The Graphical Device Interface Plus library (gdiplus.dll) in Microsoft Windows XP SP2 allows context-dependent attackers to cause a denial of service (application crash) via certain images that trigger a divide-by-zero error, as demonstrated by a (1) .ico file, (2) .png file that crashes MSN Messenger, and (3) .jpg file that crashes Internet Explorer. NOTE: another researcher has not been able to reproduce this issue.