[CLOSE] OSVDB ID : 48661 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48634 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the CExpressViewerControl class in the DWF Viewer ActiveX control (AdView.dll 9.0.0.96), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to overwrite arbitrary files via "..\" sequences in the argument to the SaveAS method.

[CLOSE] OSVDB ID : 48643 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48640 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48644 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48645 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48646 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48647 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48648 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48649 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48655 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48656 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 48659 - Disclosed: 2008-09-30

Description:

FAQ Management Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'catid' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 48657 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : The GdPicture (1) Light Imaging Toolkit 4.7.1 GdPicture4S.Imaging ActiveX control (gdpicture4s.ocx) 4.7.0.1 and (2) Pro Imaging SDK 5.7.1 GdPicturePro5S.Imaging ActiveX control (gdpicturepro5s.ocx) 5.7.0.1 allows remote attackers to create, overwrite, and modify arbitrary files via the SaveAsPDF method. NOTE: this issue might only be exploitable in limited environments or non-default browser settings. NOTE: this can be leveraged for remote code execution by accessing files using hcp:// URLs. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 48730 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the UpdateAgent function in TmListen.exe in the OfficeScanNT Listener service in the client in Trend Micro OfficeScan 7.3 Patch 4 build 1367 and other builds before 1372, OfficeScan 8.0 SP1 before build 1222, OfficeScan 8.0 SP1 Patch 1 before build 3087, and Worry-Free Business Security 5.0 before build 1220 allows remote attackers to read arbitrary files via directory traversal sequences in an HTTP request. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 48687 - Disclosed: 2008-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48774 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in the UFS module in Sun Solaris 8 through 10 and OpenSolaris allows local users to cause a denial of service (NULL pointer dereference and kernel panic) via unknown vectors related to the Solaris Access Control List (ACL) implementation.

[CLOSE] OSVDB ID : 48878 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to the utrace_control function.

[CLOSE] OSVDB ID : 48886 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : lighttpd before 1.4.20 compares URIs to patterns in the (1) url.redirect and (2) url.rewrite configuration settings before performing URL decoding, which might allow remote attackers to bypass intended access restrictions, and obtain sensitive information or possibly modify data.

[CLOSE] OSVDB ID : 48889 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files.

[CLOSE] OSVDB ID : 48894 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : xend in Xen 3.0.3 does not properly limit the contents of the /local/domain xenstore directory tree, and does not properly restrict a guest VM's write access within this tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty, (2) console/limit, or (3) image/device-model-pid. NOTE: this issue was originally reported as an issue in libvirt 0.3.3 and xenstore, but CVE is considering the core issue to be related to Xen.

[CLOSE] OSVDB ID : 48901 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persistent application failure) via crafted function calls, related to the Java Runtime Environment (JRE) experiencing improper LDT selector state, a different vulnerability than CVE-2008-3247.

[CLOSE] OSVDB ID : 49047 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : The UpdateEngine class in the LiveUpdate ActiveX control (LiveUpdate16.DLL 17.2.56), as used in Revit Architecture 2009 SP2 and Autodesk Design Review 2009, allows remote attackers to execute arbitrary programs via the second argument to the ApplyPatch method.

[CLOSE] OSVDB ID : 49727 - Disclosed: 2008-09-30

Description:

(Description Provided by CVE) : Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

[CLOSE] OSVDB ID : 48755 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in adodb.php in XAMPP for Windows 1.6.8 allows remote attackers to inject arbitrary web script or HTML via the (1) dbserver, (2) host, (3) user, (4) password, (5) database, and (6) table parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 48633 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.

[CLOSE] OSVDB ID : 48642 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Unspecified vulnerability in Citrix XenApp (formerly Presentation Server) 4.5 Feature Pack 1 and earlier, Presentation Server 4.0, and Access Essentials 1.0, 1.5, and 2.0 allows local users to gain privileges via unknown attack vectors related to creating an unspecified file. NOTE: this might be the same issue as CVE-2008-3485, but the vendor advisory is too vague to be certain.

[CLOSE] OSVDB ID : 48662 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Multiple integer underflows in MPlayer 1.0_rc2 and earlier allow remote attackers to cause a denial of service (process termination) and possibly execute arbitrary code via a crafted video file that causes the stream_read function to read or write arbitrary memory.

[CLOSE] OSVDB ID : 48641 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Unspecified vulnerability in HP Insight Diagnostics before 7.9.1.2402 allows remote attackers to read arbitrary files via unknown vectors.

[CLOSE] OSVDB ID : 48635 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in wp-admin/wp-blogs.php in Wordpress MU (WPMU) before 2.6 allows remote attackers to inject arbitrary web script or HTML via the (1) s and (2) ip_address parameters.

[CLOSE] OSVDB ID : 48637 - Disclosed: 2008-09-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48632 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in PG Matchmaking allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) news_read.php and (2) gifts_show.php.

[CLOSE] OSVDB ID : 48653 - Disclosed: 2008-09-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 48753 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the ICAP patience page in Blue Coat Security Gateway OS (SGOS) 4.2 before 4.2.9, 5.2 before 5.2.5, and 5.3 before 5.3.1.7 allows remote attackers to inject arbitrary web script or HTML via the URL.

[CLOSE] OSVDB ID : 48879 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain sensitive information or possibly have unspecified other impact, by splicing into an inode in order to create an executable file in a setgid directory, a different vulnerability than CVE-2008-4210.

[CLOSE] OSVDB ID : 49239 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Directory traversal vulnerability in rss.php in ArabCMS 2.0 beta 1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the rss parameter.

[CLOSE] OSVDB ID : 49264 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Session fixation vulnerability in Elxis CMS 2008.1 revision 2204 allows remote attackers to hijack web sessions by setting the PHPSESSID parameter.

[CLOSE] OSVDB ID : 49309 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : PHP Jabbers Post Comment 3.0 allows remote attackers to bypass authentication and gain administrative access by setting the PostCommentsAdmin cookie to "logged."

[CLOSE] OSVDB ID : 49728 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 7 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.

[CLOSE] OSVDB ID : 49890 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Buffer overflow in the jas_stream_printf function in libjasper/base/jas_stream.c in JasPer 1.900.1 might allow context-dependent attackers to have an unknown impact via vectors related to the mif_hdr_put function and use of vsprintf.