| OSVDB ID | Disclosure Date | Title |
|---|
|
85099
Description:
Websense Email Security contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs in the personal email manager component, which will disclose potentially sensitive information on the JBoss status page via an unspecified specially crafted query..
|
2010-02-11
|
Websense Email Security Personal Email Manager Component JBoss Status Page Crafted Query Unspecified Information Disclosure
|
|
62276
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in the HyleosChemView.HLChemView ActiveX control (HyleosChemView.ocx) in Hyleos ChemView 1.9.5.1 allow remote attackers to execute arbitrary code via a large number of white space characters in the filename argument to the (1) SaveasMolFile and (2) ReadMolFile methods.
|
2010-02-11
|
Hyleos ChemView HyleosChemView.HLChemView ActiveX (HyleosChemView.ocx) Multiple Method Overflows
|
|
62291
Description:
(Description Provided by CVE) : Unspecified vulnerability on the HP DreamScreen 100 and 130 with firmware before 1.6.0.0, when using a web-connected configuration, allows remote attackers to obtain sensitive information via unknown vectors.
|
2010-02-11
|
HP DreamScreen Unspecified Information Disclosure
|
|
62300
Description:
An unspecified vulnerability makes it possible to bypass the cross-domain restrictions. This would allow an attacker to perform cross-domain requests in violation of the same-origin policy and might allow to obtain or modify information from a different domain.
|
2010-02-11
|
Adobe Flash Player Cross-domain Sandbox Restriction Bypass
|
|
62301
Description:
Unknown / Incomplete
|
2010-02-11
|
Adobe Reader / Acrobat Cross-domain Sandbox Restriction Bypass
|
|
62459
Description:
Cisco Collaboration Server (CCS) contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'dest' parameter upon submission to the 'webline/html/admin/wcs/LoginPage.jhtml' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-02-11
|
Cisco Collaboration Server (CCS) webline/html/admin/wcs/LoginPage.jhtml dest Parameter XSS
|
|
62460
Description:
(Description Provided by CVE) : Cisco Collaboration Server (CCS) 5 allows remote attackers to read the source code of JHTML files via URL encoded characters in the filename extension, as demonstrated by (1) changing .jhtml to %2Ejhtml, (2) changing .jhtml to .jhtm%6C, (3) appending %00 after .jhtml, and (4) appending %c0%80 after .jhtml, related to the (a) doc/docindex.jhtml, (b) browserId/wizardForm.jhtml, (c) webline/html/forms/callback.jhtml, (d) webline/html/forms/callbackICM.jhtml, (e) webline/html/agent/AgentFrame.jhtml, (f) webline/html/agent/default/badlogin.jhtml, (g) callme/callForm.jhtml, (h) webline/html/multichatui/nowDefunctWindow.jhtml, (i) browserId/wizard.jhtml, (j) admin/CiscoAdmin.jhtml, (k) msccallme/mscCallForm.jhtml, and (l) webline/html/admin/wcs/LoginPage.jhtml components.
|
2010-02-11
|
Cisco Collaboration Server (CCS) Multiple Method Remote JHTML Source Code Disclosure
|
|
62528
Description:
(Description Provided by CVE) : JAG (Just Another Guestbook) 1.14 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request for jag/database.sql.
|
2010-02-11
|
Just Another Guestbook jag/database.sql Direct Request Database Disclosure
|
|
64691
Description:
Unknown / Incomplete
|
2010-02-11
|
PHP session.save_path safe_mode / open_basedir Restriction Bypass
|
|
64618
Description:
apemCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-02-11
|
apemCMS index.php id Parameter SQL Injection
|
|
79144
Description:
Unknown / Incomplete
|
2010-02-11
|
Novell eDirectory NLDAP FreeNDSReferralList Memory Overwrite
|
|
79145
Description:
Unknown / Incomplete
|
2010-02-11
|
Novell eDirectory HTTPSTK dhost Malformed Traffic Remote DoS
|
|
79146
Description:
Unknown / Incomplete
|
2010-02-11
|
Novell eDirectory NDS PASSTORE SAdmin Null Password Authentication
|
|
79147
Description:
Unknown / Incomplete
|
2010-02-11
|
Novell eDirectory LDAP ndsd Malformed Bluecoat Appliance Event Handling Remote DoS
|
|
91968
Description:
irssi-otr contains a flaw that may lead to unauthorized disclosure of sensitive information. The issue is due emote functionality transmitting emotes unencrypted in cleartext across the network. This may allow a remote attacker to gain access to potentially sensitive information.
|
2010-02-11
|
irssi-otr Emote Functionality Cleartext Remote Disclosure
|
|
92240
Description:
libytnef contains an overflow condition in the DecompressRTF() function of ytnef.c. The issue is triggered as user-supplied input is not properly validated during RTF decoding. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.
|
2010-02-11
|
libytnef ytnef.c DecompressRTF() Function RTF Decoding Overflow
|
|
73125
Description:
RSLinx Classic contains an overflow condition in the Rockwell Automation Electronic Data Sheet (EDS) Hardware Installation Tool (RSEds.dll). The issue is triggered as e.g. overly long "DescText" entries are not properly validated when parsing EDS files. With a specially crafted file, a context-dependent attacker can cause a stack-based buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.
|
2010-02-10
|
Rockwell Automation RSLinx Classic Electronic Data Sheet (EDS) Installation Tool File Handling Overflow
|
|
62315
Description:
(Description Provided by CVE) : Google Chrome before 4.0.249.89 attempts to make direct connections to web sites when all configured proxy servers are unavailable, which allows remote HTTP servers to obtain potentially sensitive information about the identity of a client user via standard HTTP logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
|
2010-02-10
|
Google Chrome Domain Name Resolution Proxy List Interpretation Information Disclosure
|
|
62316
Description:
(Description Provided by CVE) : Multiple integer overflows in factory.cc in Google V8 before r3560, as used in Google Chrome before 4.0.249.89, allow remote attackers to execute arbitrary code in the Chrome sandbox via crafted use of JavaScript arrays.
|
2010-02-10
|
Google Chrome V8 Engine factory.cc Multiple Overflows
|
|
62319
Description:
(Description Provided by CVE) : browser/login/login_prompt.cc in Google Chrome before 4.0.249.89 populates an authentication dialog with credentials that were stored by Password Manager for a different web site, which allows user-assisted remote HTTP servers to obtain sensitive information via a URL that requires authentication, as demonstrated by a URL in the SRC attribute of an IMG element.
|
2010-02-10
|
Google Chrome browser/login/login_prompt.cc HTTP Authentication Dialog Domain Name Unspecified Issue
|
|
62320
Description:
(Description Provided by CVE) : Integer overflow in the CrossCallParamsEx::CreateFromBuffer function in sandbox/src/crosscall_server.cc in Google Chrome before 4.0.249.89 allows attackers to leverage renderer access to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via a malformed message, related to deserializing of sandbox messages.
|
2010-02-10
|
Google Chrome sandbox/src/crosscall_server.cc CrossCallParamsEx::CreateFromBuffer Function Sandbox Message Deserialization Overflow
|
|
62468
Description:
(Description Provided by CVE) : Google Chrome before 4.0.249.89, when a SOCKS 5 proxy server is configured, sends DNS queries directly, which allows remote DNS servers to obtain potentially sensitive information about the identity of a client user via request logging, as demonstrated by a proxy server that was configured for the purpose of anonymity.
|
2010-02-10
|
Google Chrome SOCKS Server Direct DNS Query Request Logging Information Disclosure
|
|
79374
Description:
Unknown / Incomplete
|
2010-02-10
|
DECT Standard Cipher (DSC) Pre-ciphering Rounds Clock Guessing Attack Cryptanalysis Compromise
|
|
62262
Description:
Limny contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'uajax.php' script not properly validating uploaded files. This may allow an attacker to upload a PHP script with multiple extensions that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-02-10
|
Limny uajax.php File Upload Arbitrary PHP Code Execution
|
|
62266
Description:
ARWScripts contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the viewfile.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the f parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2010-02-10
|
ARWScripts viewfile.php f Parameter Traversal Local File Inclusion
|
|
62271
Description:
Unknown / Incomplete
|
2010-02-10
|
phpMiniSite Script admin/index.php auth Cookie Manipulation Authentication Bypass
|
|
62272
Description:
eSmile contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-02-10
|
eSmile index.php cid Parameter SQL Injection
|
|
62274
Description:
Unknown / Incomplete
|
2010-02-10
|
myPHP Guestbook backup/backup.sql Access Restriction Bypass Database Disclosure
|
|
62275
Description:
Unknown / Incomplete
|
2010-02-10
|
Graphviz Filter Module for Drupal Node Body @command Arbitrary Shell Command Execution
|
|
62285
Description:
(Description Provided by CVE) : Unspecified vulnerability in the administrative interface in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65921.
|
2010-02-10
|
Cisco IronPort Encryption Appliance Admin Interface Unspecified Arbitrary File Access
|
|
62277
Description:
Books/eBooks Rentals Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-02-10
|
Books/eBooks Rentals Script index.php cat_id Parameter SQL Injection
|
|
62278
Description:
CD Rentals Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'cat_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-02-10
|
CD Rentals Script index.php cat_id Parameter SQL Injection
|
|
62286
Description:
(Description Provided by CVE) : Unspecified vulnerability in the WebSafe DistributorServlet in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to read arbitrary files via unknown vectors, aka IronPort Bug 65922.
|
2010-02-10
|
Cisco IronPort Encryption Appliance WebSafe Servlet Unspecified Arbitrary File Access
|
|
62287
Description:
(Description Provided by CVE) : Unspecified vulnerability in the embedded HTTPS server on the Cisco IronPort Encryption Appliance 6.2.x before 6.2.9.1 and 6.5.x before 6.5.2, and the IronPort PostX MAP before 6.2.9.1, allows remote attackers to execute arbitrary code via unknown vectors, aka IronPort Bug 65923.
|
2010-02-10
|
Cisco IronPort Encryption Appliance HTTPS Server Unspecified Arbitrary Code Execution
|
|
62318
Description:
Unknown / Incomplete
|
2010-02-10
|
Google Chrome IFRAME Tag Handling Redirection Target Disclosure
|
|
62360
Description:
Unknown / Incomplete
|
2010-02-10
|
SAP JAVA CORE / J2EE Authentication Mechanism Unspecified Phishing Weakness
|
|
62355
Description:
SAP NetWeaver contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the unspecified input upon submission to the WebDynpro Runtime. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-02-10
|
SAP NetWeaver WebDynpro Runtime Unspecified XSS
|
|
62404
Description:
Nikira Fraud Management System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'message' parameter upon submission to the 'login/prompt' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-02-10
|
Nikira Fraud Management System login/prompt message Parameter XSS
|
|
64591
Description:
Unknown / Incomplete
|
2010-02-10
|
SAP J2EE Engine Message-Driven Bean (MDB) Traversal Arbitrary File Access
|
|
62256
Description:
The SMB server in Microsoft Windows is prone to an overflow condition. The service fails to properly sanitize user-supplied input when handling path names resulting in an overflow. With a specially crafted SMB request, an authenticated attacker can potentially cause execution of arbitrary code or a denial of service.
|
2010-02-09
|
Microsoft Windows SMB Server Crafted Network Message Remote Code Execution
|
