[CLOSE] OSVDB ID : 59134 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the WebLogic Portal component in BEA Product Suite 8.1.6, 9.2.3, 10.0.1, 10.2.1, and 10.3.1.0.0 allows remote attackers to affect integrity via unknown vectors.

[CLOSE] OSVDB ID : 59135 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 9.0, 9.1, 9.2.3, 10.0.1, and 10.3 allows remote attackers to affect integrity, related to WLS Console.

[CLOSE] OSVDB ID : 59136 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in the WebLogic Server component in BEA Product Suite 7.0.6 and 8.1.5 allows remote attackers to affect integrity, related to WLS Console.

[CLOSE] OSVDB ID : 59120 - Disclosed: 2009-10-21

Description:

PeopleSoft PeopleTools PIA contains a flaw that allows an unspecified remote cross site scripting (XSS) attack. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59122 - Disclosed: 2009-10-21

Description:

JD Edwards EnterpriseOne Tools Fast Path contains a flaw that may allow an attacker to gain access to unauthorized privileges under certain unspecified use cases, allowing a remote authenticated attacker to gain access to menu items they would otherwise not have access to in the windows client.

[CLOSE] OSVDB ID : 59123 - Disclosed: 2009-10-21

Description:

PeopleSoft Enterprise HRMS Talent Acquisition Manager contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when unspecified manipulation of URL's occurs, allowing a remote, authenticated attacker to bypass security and gain access to areas they wouldn't otherwise have access.

[CLOSE] OSVDB ID : 59079 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Heap-based buffer overflow in FormMax (formerly AcroForm) evaluation 3.5 allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted FormMax import (.aim) file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 59100 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in Moodle Course List 6.x before 6.x-1.2, a module for Drupal, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

[CLOSE] OSVDB ID : 59119 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Flag Content module 5.x-2.x before 5.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via the Reason parameter.

[CLOSE] OSVDB ID : 59124 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Unspecified vulnerability in Userpoints 6.x before 6.x-1.1, a module for Drupal, allows remote authenticated users with "View own userpoints" permissions to read the userpoint data of arbitrary users via unknown attack vectors.

[CLOSE] OSVDB ID : 59129 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Organic Groups (OG) Vocabulary 5.x before 5.x-1.1 and 6.x before 6.x-1.1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via the group title.

[CLOSE] OSVDB ID : 59140 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the M_AddToServerList function in client/menu.c in Red Planet Arena Alien Arena 7.30 allows remote attackers to execute arbitrary code via a packet with a crafted server description to UDP port 27901 followed by a packet with a long print command.

[CLOSE] OSVDB ID : 59144 - Disclosed: 2009-10-21

Description:

TwonkyMedia Server contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the management interface. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 59160 - Disclosed: 2009-10-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59146 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : files.php in Vivvo CMS 4.1.5.1 allows remote attackers to conduct directory traversal attacks and read arbitrary files via the file parameter with "logs/" in between two . (dot) characters, which is filtered into a "../" sequence.

[CLOSE] OSVDB ID : 59148 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vector.

[CLOSE] OSVDB ID : 59151 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Abuse 5.x before 5.x-2.1 and 6.x before 6.x-1.1-alpha1, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 59158 - Disclosed: 2009-10-21

Description:

TwonkyMedia Server contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate an unspecified parameter upon submission to an unspecified script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59149 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allow remote attackers to hijack the authentication of arbitrary users via unknown vectors.

[CLOSE] OSVDB ID : 59150 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Open redirect vulnerability in Simplenews Statistics 6.x before 6.x-2.0, a module for Drupal, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.

[CLOSE] OSVDB ID : 59152 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in vCard 5.x before 5.x-1.4 and 6.x before 6.x-1.3, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, related to the addition of the theme_vcard function to a theme and the use of default content.

[CLOSE] OSVDB ID : 59161 - Disclosed: 2009-10-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59162 - Disclosed: 2009-10-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59301 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'frmuser' and 'frmpass' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 59302 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'last_message' parameter upon submission to the 'add.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59303 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'last_message' and 'PATH_INFO' parameters upon submission to the 'toBePublished.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59304 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'last_message' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59305 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'last_message' parameter upon submission to the 'admin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59306 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' parameter upon submission to the 'category.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59307 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' parameter upon submission to the 'department.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59308 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' parameter upon submission to the 'profile.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59309 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' parameter upon submission to the 'rejects.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59310 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' parameter upon submission to the 'search.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59311 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' and 'caller' parameters upon submission to the 'user.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59312 - Disclosed: 2009-10-21

Description:

OpenDocMan contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'PATH_INFO' parameter upon submission to the 'view_file.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59410 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : gpg2.exe in Gpg4win 2.0.1, as used in KDE Kleopatra 2.0.11, allows remote attackers to cause a denial of service (application crash) via a long certificate signature.

[CLOSE] OSVDB ID : 59722 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : The NDSD process in Novell eDirectory 8.7.3 before 8.7.3.10 ftf2 and eDirectory 8.8 before 8.8.5 ftf1 does not properly handle certain LDAP search requests, which allows remote attackers to cause a denial of service (application hang) via a search request with a NULL BaseDN value.

[CLOSE] OSVDB ID : 59918 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the ICC_Profile.getInstance method in Java Runtime Environment (JRE) in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, allows remote attackers to determine the existence of local International Color Consortium (ICC) profile files via a .. (dot dot) in a pathname, aka Bug Id 6631533.

[CLOSE] OSVDB ID : 59917 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, does not prevent the existence of children of a resurrected ClassLoader, which allows remote attackers to gain privileges via unspecified vectors, related to an "information leak vulnerability," aka Bug Id 6636650.

[CLOSE] OSVDB ID : 59916 - Disclosed: 2009-10-21

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in the Swing implementation in Sun Java SE 5.0 before Update 22 and 6 before Update 17, and OpenJDK, have unknown impact and remote attack vectors, related to "information leaks in mutable variables," aka Bug Id 6657026.