| OSVDB ID | Disclosure Date | Title |
|---|
|
67788
Description:
Unknown / Incomplete
|
2010-08-31
|
Hitachi Cosminexus Products Unexpected Data Handling Remote DoS
|
|
67789
Description:
Unknown / Incomplete
|
2010-08-31
|
Hitachi Storage Command Suite Unexpected Data Handling Remote DoS
|
|
75205
Description:
Unknown / Incomplete
|
2010-08-31
|
HP Scanners Unauthenticated Document Scan Initialization Weakness
|
|
67678
Description:
Adobe Audition is prone to a flaw in the way it loads dynamic-link libraries (e.g. Assist.Dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an Adobe Audition session (.ses) file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
|
2010-08-31
|
Adobe Audition Path Subversion Arbitrary DLL Injection Code Execution
|
|
67674
Description:
Microsoft Visual Studio ATL MFC Trace Tool (AtlTraceTool8.exe) is prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a TRC file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
|
2010-08-31
|
Microsft Visual Studio Path Subversion Arbitrary DLL Injection Code Execution
|
|
67739
Description:
Unknown / Incomplete
|
2010-08-31
|
Snort Report nmap.php target Parameter Arbitrary Command Execution
|
|
68177
Description:
(Description Provided by CVE) : The tcf_act_police_dump function in net/sched/act_police.c in the actions implementation in the network queueing functionality in the Linux kernel before 2.6.36-rc4 does not properly initialize certain structure members, which allows local users to obtain potentially sensitive information from kernel memory via vectors involving a dump operation. NOTE: this vulnerability exists because of an incomplete fix for CVE-2010-2942.
|
2010-08-31
|
Linux Kernel net/sched/act_police.c tcf_act_police_dump Function Network Queueing Actions Dump Operation Local Memory Disclosure
|
|
68371
Description:
ApPHP Calendar contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'category_name', 'category_description', 'event_name', or 'event_description' parameters upon submission to the 'calendar.class.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-08-31
|
ApPHP Calendar calendar.class.php Multiple Parameter XSS
|
|
76116
Description:
(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in calendar.class.php in ApPHP Calendar (ApPHP CAL) allow remote attackers to hijack the authentication of unspecified victims for requests that use the (1) category_name, (2) category_description, (3) event_name, or (4) event_description parameter.
|
2010-08-31
|
ApPHP Calendar calendar.class.php Multiple Parameter CSRF
|
|
67695
Description:
Adobe Captivate is prone to a flaw in the way it loads dynamic-link libraries (e.g. dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a Adobe Captivate project (.cptx) file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
|
2010-08-31
|
Adobe Captivate Path Subversion Arbitrary DLL Injection Code Execution
|
|
73159
Description:
(Description Provided by CVE) : The webscan component in the Embedded Web Server (EWS) on the HP Photosmart D110 and B110; Photosmart Plus B210; Photosmart Premium C310, Fax All-in-One, and C510; and ENVY 100 D410 printers allows remote attackers to read documents on the scan surface via unspecified vectors.
|
2010-08-31
|
HP Photosmart Multiple Products Embedded Web Server Webscan Scan Surface Remote Document Access
|
|
67707
Description:
UltraVNC Viewer is prone to a flaw in the way it loads dynamic-link libraries (e.g. vnclang.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a VNC file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
|
2010-08-31
|
UltraVNC Viewer Path Subversion Arbitrary DLL Injection Code Execution
|
|
67743
Description:
Novell NetWare contains an overflow condition in the OpenSSH component. The issue is due to SSHD.NLM and SFTP-SVR.NLM not sanitizing user-supplied input when handling user sessions. With a specially crafted request containing an overly long absolute path string, a remote attacker can cause a stack-based buffer overflow to cause a denial of service or potentially execute arbitrary code.
|
2010-08-31
|
Novell NetWare OpenSSH SSHD.NLM Absolute Path Handling Remote Overflow
|
|
67773
Description:
(Description Provided by CVE) : The irda_bind function in net/irda/af_irda.c in the Linux kernel before 2.6.36-rc3-next-20100901 does not properly handle failure of the irda_open_tsap function, which allows local users to cause a denial of service (NULL pointer dereference and panic) and possibly have unspecified other impact via multiple unsuccessful calls to bind on an AF_IRDA (aka PF_IRDA) socket.
|
2010-08-31
|
Linux Kernel net/irda/af_irda.c irda_bind() Function Object Cleanup NULL Dereference Local DoS
|
|
67746
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs2 before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2010-08-31
|
moobbs2 Unspecified XSS
|
|
67745
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Free CGI Moo moobbs before 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2010-08-31
|
moobbs Unspecified XSS
|
|
67935
Description:
(Description Provided by CVE) : RSA Access Manager Server 5.5.3 before 5.5.3.172, 6.0.4 before 6.0.4.53, and 6.1 before 6.1.2.01 does not properly perform cache updates, which allows remote attackers to obtain sensitive information via unspecified vectors.
|
2010-08-31
|
RSA Access Manager Server Cache Update Weakness Remote Information Disclosure
|
|
73379
Description:
(Description Provided by CVE) : The Security component in IBM WebSphere Application Server (WAS) 6.1.0.x before 6.1.0.35 and 7.x before 7.0.0.15 allows remote authenticated users to cause a denial of service (memory consumption) by using a Lightweight Third-Party Authentication (LTPA) token for authentication.
|
2010-08-31
|
IBM WebSphere Application Server (WAS) Security Component LTPA Token Memory Consumption Remote DoS
|
|
76077
Description:
mBlogger contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'viewpost.php' script not properly sanitizing user-supplied input to the 'postID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-08-31
|
mBlogger viewpost.php postID Parameter SQL Injection
|
|
67675
Description:
CDisplay is prone to a flaw in the way it loads dynamic-link libraries (e.g. TRACE32.DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a CBA file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.
|
2010-08-30
|
CDisplay Path Subversion Arbitrary DLL Injection Code Execution
|
|
67702
Description:
(Description Provided by CVE) : Unspecified vulnerability in the DB2STST program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 has unknown impact and attack vectors.
|
2010-08-30
|
IBM DB2 Universal Database DB2STST Unspecified Issue
|
|
67703
Description:
(Description Provided by CVE) : The DB2DART program in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 allows attackers to bypass intended file access restrictions via unspecified vectors related to overwriting files owned by an instance owner.
|
2010-08-30
|
IBM DB2 Universal Database DB2DART Arbitrary File Overwrite
|
|
67704
Description:
(Description Provided by CVE) : Unspecified vulnerability in IBM DB2 9.1 before FP9, 9.5 before FP6, and 9.7 before FP2 on Windows Server 2008 allows attackers to cause a denial of service (trap) via vectors involving "special group and user enumeration."
|
2010-08-30
|
IBM DB2 Universal Database on Windows User / Group Enumeration DoS
|
|
67740
Description:
PicSell Component for Joomla! contains a flaw that allows aremote attacker to traverse outside of a restricted path. The issue is due to the script 'index.php' not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'dflink' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2010-08-30
|
PicSell Component for Joomla! index.php dflink Parameter Traversal Arbitrary File Access
|
|
67697
Description:
Unknown / Incomplete
|
2010-08-30
|
Mereo mereo.exe Crafted HTTP Request Remote DoS
|
|
67691
Description:
Wiccle Web Builder contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'post_text' parameter upon submission to the 'ajax.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-08-30
|
Wiccle Web Builder ajax.php post_text Parameter XSS
|
|
67698
Description:
Unknown / Incomplete
|
2010-08-30
|
CF Image Hosting Script upload/data/settings.cdb Direct Request Credentials Disclosure
|
|
67699
Description:
CF Image Hosting Script contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/config.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'lang' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2010-08-30
|
CF Image Hosting Script inc/config.php lang Parameter Traversal Local File Inclusion
|
|
67705
Description:
A memory corruption flaw exists in Quicktime. The QTPlugin.ocx ActiveX control fails to sanitize user-supplied input embedded in HTML files resulting in memory corruption. With a specially crafted website, a context-dependent attacker can execute arbitrary code.
|
2010-08-30
|
Apple Quicktime QTPlugin.ocx ActiveX IPersistPropertyBag2::Read Function _Marshaled_pUnk Memory Corruption
|
|
67748
Description:
HP Insight Diagnostics Online Edition on Linux contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'device' parameter upon submission to the parameters.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-08-30
|
HP Insight Diagnostics Online Edition on Linux parameters.php device Parameter XSS
|
|
67804
Description:
Seagull contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'fog/lib/pear/Config/Container.php' script not properly sanitizing user input supplied to the 'includeFile' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-08-30
|
Seagull PHP Framework fog/lib/pear/Config/Container.php includeFile Parameter Remote File Inclusion
|
|
67805
Description:
Seagull contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'fog/lib/pear/HTML/QuickForm.php' script not properly sanitizing user input supplied to the 'includeFile' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-08-30
|
Seagull fog/lib/pear/HTML/QuickForm.php includeFile Parameter Remote File Inclusion
|
|
67806
Description:
Seagull contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'fog/lib/pear/DB/NestedSet.php' script not properly sanitizing user input supplied to the 'driverpath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-08-30
|
Seagull fog/lib/pear/DB/NestedSet.php driverpath Parameter Remote File Inclusion
|
|
67807
Description:
Seagull contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'fog/lib/pear/DB/NestedSet/Output.php' script not properly sanitizing user input supplied to the 'path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2010-08-30
|
Seagull fog/lib/pear/DB/NestedSet/Output.php path Parameter Remote File Inclusion
|
|
67964
Description:
Traffic Server uses a static (per DNS server) source port for making outgoing DNS queries. Traffic Server uses a sequential transaction ID when constructing asynchronous DNS queries. Moreover the algorithm used to select the initial transation ID is not sufficiently random. Traffic Server does not validate the DNS response to ensure that it pertains to the correct outgoing query but simply relies on the transaction ID to validate that the response is requested. These vulnerabilities might significantly increase the chances of Traffic Server's internal DNS cache being poisoned.
|
2010-08-30
|
Apache Traffic Server Transaction ID / Source Port Randomization Weakness DNS Cache Poisoning
|
|
68361
Description:
Unknown / Incomplete
|
2010-08-30
|
FCKEditor.NET File Upload Renaming Arbitrary Code Execution
|
|
68362
Description:
Unknown / Incomplete
|
2010-08-30
|
Apple Safari on Windows Webkit.dll Malformed SGV Text Style Handling DoS
|
|
74990
Description:
HP Insight Diagnostics Online Edition on Linux contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'pid' and 'cfg' parameters upon submission to the idstatusframe.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-08-30
|
HP Insight Diagnostics Online Edition on Linux idstatusframe.php Multiple Parameter XSS
|
|
74991
Description:
HP Insight Diagnostics Online Edition on Linux contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'category' parameter upon submission to the survey.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-08-30
|
HP Insight Diagnostics Online Edition on Linux survey.php category Parameter XSS
|
|
74992
Description:
HP Insight Diagnostics Online Edition on Linux contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'tabpage' parameter upon submission to the globals.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2010-08-30
|
HP Insight Diagnostics Online Edition on Linux globals.php tabpage Parameter XSS
|
