VulnAware.com

Davlin Thickbox Gallery 2 allows remote attackers to obtain the administrative username and MD5 password hash via a direct request to conf/admins.php.

The Downlevel DB2RA Support component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to cause a denial of service (instance crash) via a crafted CONNECT data stream that simulates a V7 client connect request.

Multiple stack-based buffer overflows in IBM DB2 9.1 before Fixpak 5 allow remote attackers to cause a denial of service (system outage) via vectors related to (1) use of XQuery to issue statements; the (2) XMLQUERY, (3) XMLEXISTS, and (4) XMLTABLE statements; and the (5) sqlrlaka function.

The Base Service Utilities component in IBM DB2 9.1 before Fixpak 5 retains a cleartext password in memory after the database connection that sent the password is fully established, which might allow local users to obtain sensitive information by reading a memory dump.

Unspecified vulnerability in the DB2 Administration Server (DAS) in the Core DAS function component in IBM DB2 9.1 before Fixpak 5 allows local users to gain privileges, aka a “FILE CREATION VULNERABILITY.” NOTE: this may be the same as CVE-2007-5664.

The routine infrastructure component in IBM DB2 9.1 before Fixpak 5 on Unix and Linux does not change the ownership of the db2fmp process, which has unknown impact and attack vectors.

Buffer overflow in the DAS server program in the Core DAS function component in IBM DB2 9.1 before Fixpak 4a allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via unspecified vectors. NOTE: this might be related to CVE-2008-0698.

Unspecified vulnerability in the CLR stored procedure deployment from IBM Database Add-Ins for Visual Studio in the Visual Studio Net component in IBM DB2 9.1 before Fixpak 5 has unknown impact and attack vectors.

Unrestricted file upload vulnerability in the BlogAPI module in Drupal 5.x before 5.10 and 6.x before 6.4 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension, which is not validated.

Multiple directory traversal vulnerabilities in Pluck CMS 4.5.2 on Windows allow remote attackers to include and execute arbitrary local files via a ..\ (dot dot backslash) in the (1) blogpost, (2) cat, and (3) file parameters to data/inc/themes/predefined_variables.php, as reachable through index.php; and the (4) blogpost and (5) cat parameters to data/inc/blog_include_react.php, as reachable through index.php. NOTE: the issue involving vectors 1 through 3 reportedly exists because of an in…

Cross-site scripting (XSS) vulnerability in Accellion File Transfer FTA_7_0_135 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to courier/forgot_password.html.

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) System Consultants La!Cooda WIZ 1.4.0 and earlier and (2) SpaceTag LacoodaST 2.1.3 and earlier allow remote attackers to (a) change passwords or (b) change configurations as arbitrary users via unspecified vectors.

Cross-site scripting (XSS) vulnerability in the calendar controller in Civic Website Manager before 1.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, probably involving (1) month, (2) day, and (3) year fields.

neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication and Digest domain parameter support.

SQL injection vulnerability in single.php in Z-Breaknews 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Session fixation vulnerability in SpaceTag LacoodaST 2.1.3 and earlier allows remote attackers to hijack web sessions via unspecified vectors.

Multiple stack-based buffer overflows in the FileManager ActiveX control in SAFmgPws.dll in SoftArtisans XFile before 2.4.0 allow remote attackers to execute arbitrary code via unspecified calls to the (1) BuildPath, (2) GetDriveName, (3) DriveExists, or (4) DeleteFile method.

libxml2 2.6.32 and earlier does not properly detect recursion during entity expansion in an attribute value, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document.

Multiple cross-site scripting (XSS) vulnerabilities in AN Guestbook (ANG) before 0.7.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Cross-site scripting (XSS) vulnerability in mysql-lists 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.