[CLOSE] OSVDB ID : 58413 - Disclosed: 2009-09-30

Description:

Oracle Document Capture contains a flaw that may allow a malicious user to compromise a users system. The issue is triggered when a design error in the BLACKICEDEVMODE.BlackIceDEVMODECtrl.1 ActiveX control (BlackIceDEVMODE.ocx) occurs. It is possible that the flaw may allow execution of arbitrary commands when a document is printed using the altered printer, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58417 - Disclosed: 2009-09-30

Description:

BIGACE Web CMS contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 58420 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Argument injection vulnerability in the iim: URI handler in IBMIM.exe in IBM Installation Manager 1.3.2 and earlier, as used in IBM Rational Robot and Rational Team Concert, allows remote attackers to load arbitrary DLL files via the -vm option, as demonstrated by a reference to a UNC share pathname.

[CLOSE] OSVDB ID : 58423 - Disclosed: 2009-09-30

Description:

A remote overflow exists in KeyHelp. KeyHelp fails to check an input boundary in the KeyHelp.KeyCtrl.1 ActiveX control (KeyHelp.ocx) resulting in a stack-based buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58424 - Disclosed: 2009-09-30

Description:

Boost Module for Drupal contains a flaw related to an unspecified feature that may allow an attacker to create a directory in the webroot. No further details have been provided.

[CLOSE] OSVDB ID : 58444 - Disclosed: 2009-09-30

Description:

Browscap Module for Drupal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate values in the HTTP User-Agent header upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 58445 - Disclosed: 2009-09-30

Description:

Organic Groups module for Drupal contains a flaw that allows a remote cross site scripting attack. This flaw exists because the the Organic Groups module does not properly sanitize input passed while creating new groups before being displayed. This could allow a malicious user to execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 58449 - Disclosed: 2009-09-30

Description:

Sun Solaris contains a flaw that may allow a local denial of service. The issue is triggered when a memory leak in the Solaris IP module occurs, and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 58516 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in modules/tickets/functions_ticketsui.php in Kayako SupportSuite and eSupport 3.60.04 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the staff control panel, a different vector than CVE-2007-1145.

[CLOSE] OSVDB ID : 58450 - Disclosed: 2009-09-30

Description:

Sun Solaris contains a flaw that may allow a local denial of service. The issue is triggered when a memory leak in the STREAM Framework occurs, and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 58474 - Disclosed: 2009-09-30

Description:

PI Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the default authentication mechanism is exploited, which will disclose confidential operational information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 58495 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : A certain Red Hat modification to the ChrootDirectory feature in OpenSSH 4.8, as used in sshd in OpenSSH 4.3 in Red Hat Enterprise Linux (RHEL) 5.4 and Fedora 11, allows local users to gain privileges via hard links to setuid programs that use configuration files within the chroot directory, related to requirements for directory ownership.

[CLOSE] OSVDB ID : 58612 - Disclosed: 2009-09-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58614 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vectors that manipulate information in the TCP state table, as demonstrated by sockstress.

[CLOSE] OSVDB ID : 58892 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Dex 5.x-1.0 and earlier and 6.x-1.0-rc1 and earlier, a module for Drupal, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 58894 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the additional links interface in XML Sitemap 5.x-1.6, a module for Drupal, allows remote authenticated users, with "administer site configuration" permission, to inject arbitrary web script or HTML via unspecified vectors, related to link path output.

[CLOSE] OSVDB ID : 58896 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack the authentication of arbitrary users via unknown vectors.

[CLOSE] OSVDB ID : 58898 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Session fixation vulnerability in Shared Sign-On 5.x and 6.x, a module for Drupal, allows remote attackers to hijack web sessions via unspecified vectors.

[CLOSE] OSVDB ID : 59081 - Disclosed: 2009-09-30

Description:

(Description Provided by CVE) : Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.

[CLOSE] OSVDB ID : 60434 - Disclosed: 2009-09-29

Description:

(Description Provided by CVE) : The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix arguments.

[CLOSE] OSVDB ID : 60435 - Disclosed: 2009-09-29

Description:

(Description Provided by CVE) : The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating a .htaccess file.

[CLOSE] OSVDB ID : 58447 - Disclosed: 2009-09-29

Description:

A remote overflow exists in Novell Netware. An error in the portmapper daemon 'PKERNEL.NLM' when handling RPC calls resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58394 - Disclosed: 2009-09-29

Description:

HP Remote Graphics Software contains a flaw related to access restrictions that may allow an attacker to gain unauthorized privileges. No further details have been provided.

[CLOSE] OSVDB ID : 58409 - Disclosed: 2009-09-29

Description:

(Description Provided by CVE) : gssd in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly handle the NFSv4 Kerberos credential cache, which allows local users to bypass intended access restrictions for Kerberized NFSv4 shares via unspecified vectors.

[CLOSE] OSVDB ID : 58410 - Disclosed: 2009-09-29

Description:

(Description Provided by CVE) : nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors.

[CLOSE] OSVDB ID : 58418 - Disclosed: 2009-09-29

Description:

Adobe Photoshop Elements contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the insecure Discretionary Access Control List (DACL) for the "Adobe Active File Monitor V8" service. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 58459 - Disclosed: 2009-09-29

Description:

SERV-U contains a flaw that may allow a remote denial of service. The issue is triggered when an error within the handling of the 'SITE SET TRANSFERPROGRESS ON' occurs, and will result in loss of availability for the server.

[CLOSE] OSVDB ID : 59281 - Disclosed: 2009-09-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60549 - Disclosed: 2009-09-29

Description:

InterSystems Cache is prone to an overflow condition. The HTTP server fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted GET request, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 60630 - Disclosed: 2009-09-29

Description:

Interspire Knowledge Manager contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'dialog/file_manager.php' not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'p' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 68219 - Disclosed: 2009-09-29

Description:

phplist contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /lists/admin/index.php script not properly sanitizing user-supplied input to the 'forgotpassword' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 58379 - Disclosed: 2009-09-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58381 - Disclosed: 2009-09-28

Description:

iCRM Basic Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'p3' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 58380 - Disclosed: 2009-09-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58382 - Disclosed: 2009-09-28

Description:

(Description Provided by CVE) : A certain interface in the iCRM Basic (com_icrmbasic) component 1.4.2.31 for Joomla! does not require administrative authentication, which has unspecified impact and remote attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 58446 - Disclosed: 2009-09-28

Description:

(Description Provided by CVE) : The Blackberry Browser in RIM BlackBerry Device Software 4.5.0 before 4.5.0.173, 4.6.0 before 4.6.0.303, 4.6.1 before 4.6.1.309, 4.7.0 before 4.7.0.179, and 4.7.1 before 4.7.1.57 does not properly handle "hidden" characters including a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows remote man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.

[CLOSE] OSVDB ID : 58387 - Disclosed: 2009-09-28

Description:

A remote overflow exists in CuteFTP. CuteFTP fails to check proper bounds on site labels resulting in a buffer overflow. With a specially crafted site label entry, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58425 - Disclosed: 2009-09-28

Description:

FireFTP Extension for Firefox contains a flaw that may allow a malicious user to inject command arguments. The issue is triggered when src/content/js/connection/sftp.js and src/content/js/connection/controlSocket.js.in fail to properly encode filenames with double quotes. It is possible that the flaw may allow argument injection resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58494 - Disclosed: 2009-09-28

Description:

(Description Provided by CVE) : TrustPort Antivirus before 2.8.0.2266 and PC Security before 2.0.0.1291 use weak permissions (Everyone: Full Control) for files under %PROGRAMFILES%, which allows local users to gain privileges by replacing executables with Trojan horse programs.

[CLOSE] OSVDB ID : 58477 - Disclosed: 2009-09-28

Description:

DB2 contains a flaw related to the table drop function definer that may allow an attacker to unspecified impact. No further details have been provided.