[CLOSE] OSVDB ID : 50020 - Disclosed: 2008-11-20

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 2

Vulnerability Classification

[CLOSE] OSVDB ID : 50018 - Disclosed: 2008-11-20

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 3

Vulnerability Classification

[CLOSE] OSVDB ID : 50016 - Disclosed: 2008-11-14

Description:

SemanticScuttle contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified variables upon submission to unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 50014 - Disclosed: 2008-11-21

Description:

Easyedit CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the page.php script not properly sanitizing user-supplied input to the intPageID variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Comments: 0, Blogs: 0, References: 7

Vulnerability Classification

[CLOSE] OSVDB ID : 50012 - Disclosed: 2005-03-11

Description:

Adobe Dreamweaver contains a flaw that may allow a remote attacker to gain information about the system. The issue is due to the Synchronization functionality using a _notes/dwsync.xml file to manage files and directories when synchronizing content. By making a direct request for this file in a given directory, an attacker may gain knowledge of files and/or directories that were intended to be private, as well as the full path to each. Note: This issue occurs even if the preference is turned off in the Design Notes category of the Site Definition dialog box.

Comments: 1, Blogs: 0, References: 2

Vulnerability Classification

[CLOSE] OSVDB ID : 29511 - Disclosed: 2006-10-04

Description:

Mambo LaiThai contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the includes/mambo.php script not properly sanitizing user-supplied input to the 'usercookie[password]' variable. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Comments: 0, Blogs: 0, References: 7

Vulnerability Classification

[CLOSE] OSVDB ID : 3510 - Disclosed: 2004-01-05

Description:

Phorum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "EditError" variables upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 821 - Disclosed: 2002-09-12

Description:

By default, Linksys routers install with a default password. The administrative account has a password of admin which is publicly known and documented. This allows attackers to trivially access the program or system.

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 40621 - Disclosed: 2007-10-17

Description:

Simple PHP Blog contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions to delete posts. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

Comments: 0, Blogs: 0, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 36871 - Disclosed: 2007-07-24

Description:

Confixx contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/business_inc/saveserver.php not properly sanitizing user input supplied to the 'thisdir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 49243 - Disclosed: 2008-10-23

Description:

Microsoft Windows Server Service contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is triggered when a crafted RPC request is handled. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Comments: 0, Blogs: 113, References: 24

Vulnerability Classification

[CLOSE] OSVDB ID : 49061 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

Comments: 0, Blogs: 10, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 49059 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

Comments: 0, Blogs: 8, References: 11

Vulnerability Classification

[CLOSE] OSVDB ID : 49076 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

Comments: 0, Blogs: 6, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 49053 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."

Comments: 0, Blogs: 4, References: 4

Vulnerability Classification