[CLOSE] OSVDB ID : 64313 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

[CLOSE] OSVDB ID : 64314 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

[CLOSE] OSVDB ID : 64316 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

[CLOSE] OSVDB ID : 64317 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the add_to_log function in mod/wiki/view.php in the wiki module, or (2) "data validation in some forms elements" related to lib/form/selectgroups.php.

[CLOSE] OSVDB ID : 64318 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Moodle 1.8.x and 1.9.x before 1.9.8 can create new roles when restoring a course, which allows teachers to create new accounts even if they do not have the moodle/user:create capability.

[CLOSE] OSVDB ID : 64323 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page.

[CLOSE] OSVDB ID : 64324 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

[CLOSE] OSVDB ID : 77609 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : The layout engine in Mozilla Firefox before 4.0, Thunderbird before 3.3, and SeaMonkey before 2.1 executes different code for visited and unvisited links during the processing of Cascading Style Sheets (CSS) token sequences, which makes it easier for remote attackers to obtain sensitive information about visited web pages via a timing attack.

[CLOSE] OSVDB ID : 63493 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Sound component in Oracle Java SE and Java for Business 6 Update 18, 5.0 Update 23, 1.4.2_25, and 1.3.1_27 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information was obtained from the March 2010 CPU. Oracle has not commented on claims from a reliable researcher that this is an uncontrolled array index that allows remote attackers to execute arbitrary code via a MIDI file with a crafted MixerSequencer object, related to the GM_Song structure.

[CLOSE] OSVDB ID : 63345 - Disclosed: 2010-03-31

Description:

DW Graph Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../)and URL-encoded NULL bytes, supplied to the 'controller' parameter (when "option" is set to "com_dwgraphs") . This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 63346 - Disclosed: 2010-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63350 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Apache CouchDB 0.8.0 through 0.10.1 allows remote attackers to obtain sensitive information by measuring the completion time of operations that verify (1) hashes or (2) passwords.

[CLOSE] OSVDB ID : 63347 - Disclosed: 2010-03-31

Description:

Centreon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'main.php' script not properly sanitizing user-supplied input to the 'host_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 63431 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/chat/default/q/user.php' script not properly sanitizing user input supplied to the 'path[home]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63353 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Open Direct Connect Hub (aka Open DC Hub or OpenDCHub) 0.8.1 allows remote authenticated users to execute arbitrary code via a long MyINFO message.

[CLOSE] OSVDB ID : 63354 - Disclosed: 2010-03-31

Description:

React Forum contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'forum/list_message/index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'action' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 63356 - Disclosed: 2010-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63357 - Disclosed: 2010-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63358 - Disclosed: 2010-03-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63638 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : The Free Software Foundation (FSF) Berkeley DB NSS module (aka libnss-db) 2.2.3pre1 reads the DB_CONFIG file in the current working directory, which allows local users to obtain sensitive information via a symlink attack involving a setgid or setuid application that uses this module.

[CLOSE] OSVDB ID : 63414 - Disclosed: 2010-03-31

Description:

Optimal Archive is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted ZIP file, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 63424 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Taxonomy Breadcrumb module 6.x before 6.x-1.1 for Drupal allows remote authenticated users, with administer taxonomy permissions, to inject arbitrary web script or HTML via the node title in a Breadcrumb display.

[CLOSE] OSVDB ID : 63425 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the Taxonomy Filter module 6.x before 6.x-1.1 for Drupal allow remote authenticated users, with administer taxonomy permissions or create node permissions when free tagging is enabled, to inject arbitrary web script or HTML via vocabulary (1) names, (2) terms, and (3) filter menus.

[CLOSE] OSVDB ID : 63421 - Disclosed: 2010-03-31

Description:

OSSIM contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the 'control_panel/alarm_console.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 63420 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : AirPort Utility before 5.5.1 for Apple AirPort Base Station does not properly distribute MAC address ACLs to network extenders, which allows remote attackers to bypass intended access restrictions via an 802.11 authentication frame.

[CLOSE] OSVDB ID : 63422 - Disclosed: 2010-03-31

Description:

OSSIM contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the 'vulnmeter/first/index.php'script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 63423 - Disclosed: 2010-03-31

Description:

OSSIM contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "sensor" parameter upon submission to the "nagios/index.php" script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. This could be leveraged to direct a user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

[CLOSE] OSVDB ID : 63432 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/contentsbox/default/admin/config.php' script not properly sanitizing user input supplied to the 'path[home]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63433 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'sys/_ext/module/counter/default/admin/referer.php' script not properly sanitizing user input supplied to the 'path[module]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63434 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/mbrinfo/default/q/info.php' script not properly sanitizing user input supplied to the 'path[home]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63435 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/mbrinfo/default/q/log.php' script not properly sanitizing user input supplied to the 'path[module]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63436 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/minibox/default/q/q.gallery.php' script not properly sanitizing user input supplied to the 'path[module]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63437 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/minibox/default/q/q.profile.php' script not properly sanitizing user input supplied to the 'path[home]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63438 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/module/survey/default/_admin.php' script not properly sanitizing user input supplied to the 'path[module]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63439 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/skin/_skin/default_blog/comment.php' script not properly sanitizing user input supplied to the 'bbs[skin]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63440 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/skin/_skin/default_board/comment.php' script not properly sanitizing user input supplied to the 'bbs[skin]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63441 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/skin/_skin/default_gallery/comment.php' script not properly sanitizing user input supplied to the 'bbs[skin]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63442 - Disclosed: 2010-03-31

Description:

KimsQ contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '_sys/_ext/skin/_skin/default_webzine/comment.php' script not properly sanitizing user input supplied to the 'bbs[skin]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 63618 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the custom heap management system in Adobe Reader and Acrobat 9.x before 9.3.2, and 8.x before 8.2.2 on Windows and Mac OS X, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDF document, aka FG-VD-10-005.

[CLOSE] OSVDB ID : 63619 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : MoinMoin 1.7.1 allows remote attackers to bypass the textcha protection mechanism by modifying the textcha-question and textcha-answer fields to have empty values.