[CLOSE] OSVDB ID : 68955 - Disclosed: 2010-10-31

Description:

Flip Wall Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'catid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 68960 - Disclosed: 2010-10-31

Description:

Project Jug contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the URL. This directory traversal attack would allow the attacker to read arbitrary files.

[CLOSE] OSVDB ID : 69161 - Disclosed: 2010-10-31

Description:

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the 'ax25_getname()' function in 'net/ax25/af_ax25.c' fails to properly initialize a member of a certain structure before copying it to userspace, which will disclose kernel stack memory to a local attacker.

[CLOSE] OSVDB ID : 69110 - Disclosed: 2010-10-31

Description:

PHP contains a flaw related to the 'php_check_specific_open_basedir()' function in 'fopen_wrappers.c'. The issue is triggered when a remote attacker uses vectors related to filename length to bypass 'open_basedir' restrictions.

[CLOSE] OSVDB ID : 70290 - Disclosed: 2010-10-31

Description:

Linux Kernel contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the 'get_name' function in 'net/tipc/socket.c' fails to initialize a certain structure, which will disclose potentially sensitive kernel stack memory information to a local attacker.

[CLOSE] OSVDB ID : 70335 - Disclosed: 2010-10-31

Description:

Linux Kernel is prone to an overflow condition. The 'pppol2tp_sendmsg' function in 'net/l2tp/l2tp_ppp.c' fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted sendto call, a local attacker can potentially gain elevated privileges.

[CLOSE] OSVDB ID : 70336 - Disclosed: 2010-10-31

Description:

Linux Kernel is prone to an overflow condition. The l'2tp_ip_sendmsg' function in 'net/l2tp/l2tp_ip.c' fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted sendto call, a local attacker can potentially gain elevated privileges.

[CLOSE] OSVDB ID : 72294 - Disclosed: 2010-10-31

Description:

Auto CMS contains a flaw related to URI handling. This may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 78134 - Disclosed: 2010-10-31

Description:

pithos contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program creating temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 70637 - Disclosed: 2010-10-30

Description:

Modbus/TCP Master OPC Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted packet, a local attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 69445 - Disclosed: 2010-10-30

Description:

ImageMagick contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the program seeks configuration files in the current directory, allowing a local attacker to execute arbitrary code with the privileges of another user by tricking them into running ImageMagick in a directory with crafted configuration files.

[CLOSE] OSVDB ID : 68965 - Disclosed: 2010-10-30

Description:

XEROX 4595 Copier/Printer contains a flaw that may allow a remote denial of service. The issue is triggered when error when processing a URL string is exploited via a crafted URL sent to TCP port 80, resulting in a denial of service.

[CLOSE] OSVDB ID : 73283 - Disclosed: 2010-10-30

Description:

CMS WebManager-Pro contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'word' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71465 - Disclosed: 2010-10-30

Description:

Auto CMS contains multiple unspecified flaws that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 73284 - Disclosed: 2010-10-30

Description:

CMS WebManager-Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admin script not properly sanitizing user-supplied input to the 'Login' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 69010 - Disclosed: 2010-10-29

Description:

HP Insight Orchestration contains an unspecified flaw that may allow an attacker to read arbitrary files. No further details have been provided.

[CLOSE] OSVDB ID : 69009 - Disclosed: 2010-10-29

Description:

HP Insight Orchestration contains an unspecified flaw that may allow an attacker to bypass access restrictions. No further details have been provided.

[CLOSE] OSVDB ID : 68950 - Disclosed: 2010-10-29

Description:

HP Insight Recovery contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified data before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68949 - Disclosed: 2010-10-29

Description:

HP Insight Recovery contains an unspecified flaw that may allow an attacker to read arbitrary files. No further details have been provided.

[CLOSE] OSVDB ID : 68951 - Disclosed: 2010-10-29

Description:

CUPS contains a flaw related to the 'ipp.c' function's failure to allocate memory correctly for attribute values with invalid string data types, creating a use-after-free error. This may allow a remote attacker to use a crafted IPP request to execute arbitrary code.

[CLOSE] OSVDB ID : 68946 - Disclosed: 2010-10-29

Description:

DAO is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 69299 - Disclosed: 2010-10-29

Description:

SonicWALL SSL-VPN End-Point Interrogator/Installer ActiveX control is prone to an overflow condition. The 'Aventail.EPInstaller' control fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With specially crafted 'CabURL' and 'Location' arguments, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68939 - Disclosed: 2010-10-29

Description:

HP Insight Control for Linux contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for unspecified users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 68945 - Disclosed: 2010-10-29

Description:

HP Insight Managed System Setup Wizard contains an unspecified flaw that may allow a remote attacker to download arbitrary files. No further details have been provided.

[CLOSE] OSVDB ID : 68952 - Disclosed: 2010-10-29

Description:

CVS is prone to an overflow condition. The 'apply_rcs_change()' function in 'ccvs/src/rcs.c' fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted RC5 file, a context-dependent attacker can potentially gain elevated privileges.

[CLOSE] OSVDB ID : 68943 - Disclosed: 2010-10-29

Description:

Active! mail contains a CRLF injection vulnerability. This may allow a remote attacker to inject arbitrary HTTP headers and conduct HTTP response splitting attacks. No further details are available.

[CLOSE] OSVDB ID : 69070 - Disclosed: 2010-10-29

Description:

Platinum UPnP is prone to multiple overflow conditions. The 'PLT_DeviceHost::ProcessHttpPostRequest()', 'PLT_CtrlPoint::ProcessSsdpSearchResponse()', 'PLT_CtrlPoint::ProcessSsdpNotify()', 'PLT_HttpHelper::GetRange()' and 'PLT_HttpHelper::GetContentRange()' functions fail to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted HTTP POST request, SSDP search response, SSDP notify response, or HTTP request, a remote attacker can potentially compromise applications using the library.

[CLOSE] OSVDB ID : 68933 - Disclosed: 2010-10-29

Description:

Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is caused due to Windows not properly expanding certain values in environment variables (e.g. "%APPDATA%" in the "PATH" environment variable), leading to the unexpanded value being used as relative search path when loading resources. This can be exploited to load arbitrary resources by tricking a user into opening a file located on a remote WebDAV or SMB share with certain applications. It can allow execution of arbitrary code.

[CLOSE] OSVDB ID : 68993 - Disclosed: 2010-10-29

Description:

Linux-PAM contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an error in the 'pam_mail' module occurs when dropping privileges, which will disclose the presence of certain mail files to a local attacker.

[CLOSE] OSVDB ID : 68992 - Disclosed: 2010-10-29

Description:

Linux-PAM contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error in the 'pam_namespace' module when executing the namespace init script occurs, allowing a local attacker to use crafted environment variables when running a setuid program to gain elevated privileges.

[CLOSE] OSVDB ID : 68925 - Disclosed: 2010-10-29

Description:

Watcher Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68926 - Disclosed: 2010-10-29

Description:

Watcher Module for Drupal contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the subscribe and unsubscribe actions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 69335 - Disclosed: 2010-10-29

Description:

TFT Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'admin/thumbnailformpost.inc.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'adminlangfile' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 69337 - Disclosed: 2010-10-29

Description:

Monkeysphere contains an input validation error in the 'monkeysphere-authentication' utility when processing the 'authorized_user_ids' file. The issue is triggered when a context-dependent attacker tricks an administrator into running a utility with the 'keys-for-user' command. This may allow an attacker to execute arbitrary shell commands.

[CLOSE] OSVDB ID : 69112 - Disclosed: 2010-10-29

Description:

IBM Tivoli Directory Server contains a flaw that may allow a remote denial of service. The issue is triggered when an invalid buffer reference in a LDAP BER request occurs, allowing a remote attacker to use a crafted request to cause a denial of service.

[CLOSE] OSVDB ID : 69453 - Disclosed: 2010-10-29

Description:

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when an error within the 'blk_rq_map_user_iov()' function in 'block/blk-map.c' when processing zero-length I/O requests occurs, allowing an attacker to cause a loss of availability.

[CLOSE] OSVDB ID : 69641 - Disclosed: 2010-10-29

Description:

NorduGrid Advanced Resource Connector contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when certain scripts incorrectly set the environment variable 'LD_LIBRARY_PATH' occurs, allowing a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 71336 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a 'GET HTTP' request upon submission to the Index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71431 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/fiscalyears.php script not properly sanitizing user-supplied input to the 'from_date' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71360 - Disclosed: 2010-10-29

Description:

Audacity is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically wintrust.dll, msasn1.dll, msacm32.dll, midimap.dll, wsock32.dll, ws2_32.dll, ws2help.dll, winmm.dll, lpk.dll, usp10.dll, setupapi.dll and crypt32.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.