[CLOSE] OSVDB ID : 46574 - Disclosed: 2008-06-30

Description:

eSHOP100 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'SUB' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 46580 - Disclosed: 2008-06-30

Description:

BareNuked CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/index.php' script not properly sanitizing user-supplied input to the 'password' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 46692 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Soldner Secret Wars 33724 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a large numeric value in a 0x80 data block.

[CLOSE] OSVDB ID : 46637 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in search.php in Pivot 1.40.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the t parameter.

[CLOSE] OSVDB ID : 46636 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in hioxBannerRotate.php in HIOX Banner Rotator (HBR) 1.3, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the hm parameter.

[CLOSE] OSVDB ID : 46690 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.

[CLOSE] OSVDB ID : 46881 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in admin.php in myWebland myBloggie 2.1.6 allows remote attackers to perform edit actions as administrators. NOTE: this can be leveraged to execute SQL commands by also exploiting CVE-2007-1899.

[CLOSE] OSVDB ID : 46884 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.

[CLOSE] OSVDB ID : 46885 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Farsi Script (aka FaScript) FaName 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) key or (2) desc parameter to index.php, or (3) the name parameter to page.php.

[CLOSE] OSVDB ID : 46886 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328.

[CLOSE] OSVDB ID : 46887 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 46888 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.

[CLOSE] OSVDB ID : 46889 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in RSS-aggregator 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) IdFlux parameter to admin/fonctions/supprimer_flux.php and the (2) IdTag parameter to admin/fonctions/supprimer_tag.php.

[CLOSE] OSVDB ID : 46986 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.

[CLOSE] OSVDB ID : 47052 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in chatbox.php in pSys 0.7.0 Alpha, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the showid parameter.

[CLOSE] OSVDB ID : 47467 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Use after free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via TLS transmission of data that is improperly used when the peer calls gnutls_handshake within a normal session, leading to attempted access to a deallocated libgcrypt handle.

[CLOSE] OSVDB ID : 47849 - Disclosed: 2008-06-30

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in index.php in Catviz 0.4 beta 1 allow remote attackers to execute arbitrary SQL commands via the (1) foreign_key_value paramter in the news page and (2) webpage parameter in the webpage_multi_edit form.

[CLOSE] OSVDB ID : 48850 - Disclosed: 2008-06-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46632 - Disclosed: 2008-06-29

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

[CLOSE] OSVDB ID : 46633 - Disclosed: 2008-06-29

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6) MTV, (7) PALM, (8) RLA, and (9) TGA decoder readers; and (b) the GetImageCharacteristics function in magick/image.c, as reachable from a crafted (10) PNG, (11) JPEG, (12) BMP, or (13) TIFF file.

[CLOSE] OSVDB ID : 46709 - Disclosed: 2008-06-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48871 - Disclosed: 2008-06-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46626 - Disclosed: 2008-06-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46627 - Disclosed: 2008-06-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46628 - Disclosed: 2008-06-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46573 - Disclosed: 2008-06-28

Description:

Online Booking Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'checkavail.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 47051 - Disclosed: 2008-06-28

Description:

(Description Provided by CVE) : SQL injection vulnerability in the beamospetition (com_beamospetition) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the pet parameter to index.php.

[CLOSE] OSVDB ID : 46572 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the FTP client in AceFTP Freeware 3.80.3 and AceFTP Pro 3.80.3 allows remote FTP servers to create or overwrite arbitrary files via a .. (dot dot) in a response to a LIST command, a related issue to CVE-2002-1345.

[CLOSE] OSVDB ID : 47007 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : Memory leak in Pidgin 2.0.0, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption) via malformed XML documents.

[CLOSE] OSVDB ID : 47008 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : The UPnP functionality in Pidgin 2.0.0, and possibly other versions, allows remote attackers to trigger the download of arbitrary files and cause a denial of service (memory or disk consumption) via a UDP packet that specifies an arbitrary URL.

[CLOSE] OSVDB ID : 48862 - Disclosed: 2008-06-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46536 - Disclosed: 2008-06-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46534 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : Unspecified vulnerability in testMaker before 3.0p16 allows remote authenticated users to execute arbitrary PHP code via unspecified attack vectors.

[CLOSE] OSVDB ID : 46575 - Disclosed: 2008-06-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46530 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 46531 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 46532 - Disclosed: 2008-06-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Yazd Forum Software 3.x allow remote attackers to inject arbitrary web script or HTML via the (1) q parameter to (a) search.jsp, and the (2) msg parameter to (b) error.jsp and (c) userAccount.jsp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 46566 - Disclosed: 2008-06-27

Description:

SePortal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'poll.php' script not properly sanitizing user-supplied input to the 'poll_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 46567 - Disclosed: 2008-06-27

Description:

SePortal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'staticpages.php' script not properly sanitizing user-supplied input to the 'sp_id' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 46568 - Disclosed: 2008-06-27

Description:

Philboard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'forum.asp' script not properly sanitizing user-supplied input to the 'forumid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.