[CLOSE] OSVDB ID : 62434 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCsy91157.

[CLOSE] OSVDB ID : 62435 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.2), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.16); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (device reload) via malformed SIP messages, aka Bug ID CSCtc96018.

[CLOSE] OSVDB ID : 62432 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : The Cisco Firewall Services Module (FWSM) 4.0 before 4.0(8), as used in for the Cisco Catalyst 6500 switches, Cisco 7600 routers, and ASA 5500 Adaptive Security Appliances, allows remote attackers to cause a denial of service (crash) via a malformed Skinny Client Control Protocol (SCCP) message.

[CLOSE] OSVDB ID : 62430 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10), allows remote attackers to cause a denial of service (page fault and device reload) via a malformed DTLS message, aka Bug ID CSCtb64913 and "WebVPN DTLS Denial of Service Vulnerability."

[CLOSE] OSVDB ID : 62431 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(4.44), 8.1 before 8.1(2.35), and 8.2 before 8.2(1.10) allows remote attackers to cause a denial of service (device reload) via a malformed TCP segment when certain NAT translation and Cisco AIP-SSM configurations are used, aka Bug ID CSCtb37219.

[CLOSE] OSVDB ID : 62436 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.1), 8.1 before 8.1(2.37), and 8.2 before 8.2(1.15); and Cisco PIX 500 Series Security Appliance; allows remote attackers to cause a denial of service (active IPsec tunnel loss and prevention of new tunnels) via a malformed IKE message through an existing tunnel to UDP port 4500, aka Bug ID CSCtc47782.

[CLOSE] OSVDB ID : 62437 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco ASA 5500 Series Adaptive Security Appliance 7.0 before 7.0(8.10), 7.2 before 7.2(4.45), 8.0 before 8.0(5.7), 8.1 before 8.1(2.40), and 8.2 before 8.2(2.1); and Cisco PIX 500 Series Security Appliance; allows remote attackers to bypass NTLMv1 authentication via a crafted username, aka Bug ID CSCte21953.

[CLOSE] OSVDB ID : 62444 - Disclosed: 2010-02-17

Description:

Cisco Security Agents Management Center contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified script not properly sanitizing user-supplied input to an unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62445 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco Security Agent 5.2 before 5.2.0.285, when running on Linux, allows remote attackers to cause a denial of service (kernel panic) via "a series of TCP packets."

[CLOSE] OSVDB ID : 62452 - Disclosed: 2010-02-17

Description:

Kusaba X contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'reportreason' parameter when reporting a post. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 62651 - Disclosed: 2010-02-17

Description:

Auktionshaus Gelb contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'news.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62716 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Emweb Wt before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to "insertions of the URL" that occur during a redirection.

[CLOSE] OSVDB ID : 62717 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : Emweb Wt before 3.1.1 does not validate the UTF-8 encoding of (1) form values and (2) JSignal arguments, which has unspecified impact and remote attack vectors.

[CLOSE] OSVDB ID : 62768 - Disclosed: 2010-02-17

Description:

Help Inject module for Drupal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'page' field upon submission to the 'Create Book page' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 63201 - Disclosed: 2010-02-17

Description:

SphereCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'archive.php' script not properly sanitizing user-supplied input to the 'view' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 64817 - Disclosed: 2010-02-17

Description:

Pixel Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the products_list_fa.asp script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 67687 - Disclosed: 2010-02-17

Description:

(Description Provided by CVE) : The Self Tuning Memory Manager (STMM) component in IBM DB2 9.1 before FP8, 9.5 before FP5, and 9.7 before FP1 uses 0666 permissions for the STMM log file, which allows local users to cause a denial of service or have unspecified other impact by writing to this file.

[CLOSE] OSVDB ID : 62361 - Disclosed: 2010-02-16

Description:

httpdx contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the included FTP server not properly sanitizing user supplied input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to upload or download arbitrary files from parent directories, up to the globally configured "chroot" directory.

[CLOSE] OSVDB ID : 62371 - Disclosed: 2010-02-16

Description:

(Description Provided by CVE) : gnome-screensaver 2.28.x before 2.28.3 does not properly synchronize the state of screen locking and the unlock dialog in situations involving a change to the number of monitors, which allows physically proximate attackers to bypass screen locking and access an unattended workstation by connecting and disconnecting monitors multiple times, a related issue to CVE-2010-0414.

[CLOSE] OSVDB ID : 62391 - Disclosed: 2010-02-16

Description:

(Description Provided by CVE) : The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.

[CLOSE] OSVDB ID : 62344 - Disclosed: 2010-02-16

Description:

KDPics contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'categories' parameter upon submission to the 'galeries.inc.php3' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 62345 - Disclosed: 2010-02-16

Description:

KDPics contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as add new users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 62356 - Disclosed: 2010-02-16

Description:

ASPCode CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'email' parameter (when 'sec' is set to '33' and 'ma1' is set to 'forgotpass'), 'name', 'email', 'website', and 'message' parameters (when 'sec' is set to '23', 'ma1' is set to 'message', and 'a2' is set to 'form'), and arbitrary parameters when 'sec' is set, upon submission to the 'default.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 62353 - Disclosed: 2010-02-16

Description:

Free Google Page Ranks contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'url' parameter upon submission to the 'pagerank.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 62354 - Disclosed: 2010-02-16

Description:

Netzbrett contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered due to improper access restrictions on the dump.php script, which will disclose the database backup to a remote attacker.

[CLOSE] OSVDB ID : 62357 - Disclosed: 2010-02-16

Description:

ASPCode CMS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as add or delete users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 62358 - Disclosed: 2010-02-16

Description:

ASPCode CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'default.asp' script not properly sanitizing user-supplied input to the 'newsid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62362 - Disclosed: 2010-02-16

Description:

superengine CMS Custom Pack contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62363 - Disclosed: 2010-02-16

Description:

BGS CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'search' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 62390 - Disclosed: 2010-02-16

Description:

RWCards Component for Joomla! contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'index.php'script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) and URL-encoded NULL bytes, supplied via the 'controller' parameter(when "option" is set to "com_rwcards"). This directory traversal attack would allow the attacker to include arbitrary files from local resources.

[CLOSE] OSVDB ID : 62451 - Disclosed: 2010-02-16

Description:

(Description Provided by CVE) : The design of the dialplan functionality in Asterisk Open Source 1.2.x, 1.4.x, and 1.6.x; and Asterisk Business Edition B.x.x and C.x.x, when using the ${EXTEN} channel variable and wildcard pattern matches, allows context-dependent attackers to inject strings into the dialplan using metacharacters that are injected when the variable is expanded, as demonstrated using the Dial application to process a crafted SIP INVITE message that adds an unintended outgoing channel leg. NOTE: it could be argued that this is not a vulnerability in Asterisk, but a class of vulnerabilities that can occur in any program that uses this feature without the associated filtering functionality that is already available.

[CLOSE] OSVDB ID : 62551 - Disclosed: 2010-02-16

Description:

(Description Provided by CVE) : The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file in the /tmp directory.

[CLOSE] OSVDB ID : 62771 - Disclosed: 2010-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64819 - Disclosed: 2010-02-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77229 - Disclosed: 2010-02-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77230 - Disclosed: 2010-02-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62346 - Disclosed: 2010-02-15

Description:

Copperleaf Photolog for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'cpl/cplphoto.php' script not properly sanitizing user-supplied input to the 'postid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62338 - Disclosed: 2010-02-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62339 - Disclosed: 2010-02-15

Description:

Katalog Stron Hurricane contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'get' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 62340 - Disclosed: 2010-02-15

Description:

Katalog Stron Hurricane contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/moderation.php' script not properly sanitizing user input supplied to the 'includes_directory' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.