[CLOSE] OSVDB ID : 50373 - Disclosed: 2008-12-01

Description:

bcoos contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'modules/adresses/viewcat.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Comments: 0, Blogs: 0, References: 2

Vulnerability Classification

[CLOSE] OSVDB ID : 50371 - Disclosed: 2008-12-01

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 50369 - Disclosed: 2008-12-01

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 2

Vulnerability Classification

[CLOSE] OSVDB ID : 50367 - Disclosed: 2008-02-19

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 3

Vulnerability Classification

[CLOSE] OSVDB ID : 50365 - Disclosed: 2008-06-10

Description:

Yuhhu Superstar contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view.topics.php' script not properly sanitizing user-supplied input to the 'board' parameter. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Comments: 0, Blogs: 0, References: 3

Vulnerability Classification

[CLOSE] OSVDB ID : 18293 - Disclosed: 2005-07-15

Description:

By default, many of Belkin wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system.

Comments: 1, Blogs: 0, References: 5

Vulnerability Classification

[CLOSE] OSVDB ID : 40621 - Disclosed: 2007-10-17

Description:

Simple PHP Blog contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions to delete posts. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

Comments: 0, Blogs: 0, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 18228 - Disclosed: 2005-07-20

Description:

Asn Guestbook contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'version' variable upon submission to the 'footer.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Comments: 0, Blogs: 0, References: 7

Vulnerability Classification

[CLOSE] OSVDB ID : 592 - Disclosed: 2002-09-12

Description:

By default, Zyxel routers install with a default password. The administrative account has a password of 1234 which is publicly known and documented. This allows attackers to trivially access the program or system.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 877 - Disclosed: 2003-01-20

Description:

RFC compliant web servers support the TRACE HTTP method, which contains a flaw that may lead to an unauthorized information disclosure. The TRACE method is used to debug web server connections and allows the client to see what is being received at the other end of the request chain. Enabled by default in all major web servers, a remote attacker may abuse the HTTP TRACE functionality, i.e. cross-site scripting (XSS), which will disclose sensitive configuration information resulting in a loss of confidentiality.

Comments: 0, Blogs: 0, References: 27

Vulnerability Classification

[CLOSE] OSVDB ID : 49243 - Disclosed: 2008-10-23

Description:

Microsoft Windows Server Service contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is triggered when a crafted RPC request is handled. It is possible that the flaw may allow remote code execution resulting in a loss of integrity.

Comments: 0, Blogs: 113, References: 24

Vulnerability Classification

[CLOSE] OSVDB ID : 49061 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : afd.sys in the Ancillary Function Driver (AFD) component in Microsoft Windows XP SP2 and SP3 and Windows Server 2003 SP1 and SP2 does not properly validate input sent from user mode to the kernel, which allows local users to gain privileges via a crafted application, as demonstrated using crafted pointers and lengths that bypass intended ProbeForRead and ProbeForWrite restrictions, aka "AFD Kernel Overwrite Vulnerability."

Comments: 0, Blogs: 10, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 49059 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : Integer overflow in the Internet Printing Protocol (IPP) ISAPI extension in Microsoft Internet Information Services (IIS) 5.0 through 7.0 on Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, and Server 2008 allows remote authenticated users to execute arbitrary code via an HTTP POST request that triggers an outbound IPP connection from a web server to a machine operated by the attacker, aka "Integer Overflow in IPP Service Vulnerability."

Comments: 0, Blogs: 8, References: 11

Vulnerability Classification

[CLOSE] OSVDB ID : 49076 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Microsoft Excel 2000 SP3, 2002 SP3, 2003 SP2 and SP3, and 2007 Gold and SP1; Office Excel Viewer 2003 SP3; Office Excel Viewer; Office Compatibility Pack for Word, Excel, and PowerPoint 2007 File Formats Gold and SP1; Office 2004 and 2008 for Mac; and Open XML File Format Converter for Mac allows remote attackers to execute arbitrary code via a BIFF file with a malformed record that triggers a user-influenced size calculation, aka "File Format Parsing Vulnerability."

Comments: 0, Blogs: 6, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 49053 - Disclosed: 2008-10-14

Description:

(Description Provided by CVE) : Integer overflow in Memory Manager in Microsoft Windows XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, and Server 2008 allows local users to gain privileges via a crafted application that triggers an erroneous decrement of a variable, related to validation of parameters for Virtual Address Descriptors (VADs) and a "memory allocation mapping error," aka "Virtual Address Descriptor Elevation of Privilege Vulnerability."

Comments: 0, Blogs: 4, References: 4

Vulnerability Classification