[CLOSE] OSVDB ID : 74993 - Disclosed: 2010-08-30

Description:

HP Insight Diagnostics Online Edition on Linux contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'testmode' parameter upon submission to the custom.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67694 - Disclosed: 2010-08-29

Description:

Maxthon Browser is prone to a flaw in the way it loads dynamic-link libraries (e.g., dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a htm, html or mhtml file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 67700 - Disclosed: 2010-08-29

Description:

SnackAmp Music Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted 'SMP' file, a remote attacker can potentially cause arbitrary code excution.

[CLOSE] OSVDB ID : 67689 - Disclosed: 2010-08-29

Description:

Seagull PHP Framework contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php/user/password' script not properly sanitizing user-supplied input to the 'frmQuestion' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 67701 - Disclosed: 2010-08-29

Description:

SnackAmp Music Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap overflow. With a specially crafted 'WAV' file, a remote attacker can potentially cause arbitrary code excution.

[CLOSE] OSVDB ID : 67808 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/checkout2-CYM.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67809 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/checkout2-EN.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67810 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/checkout2-FR.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67811 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/cat-FR.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67812 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/cat-EN.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67813 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/cat-CYM.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67814 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/checkout1-CYM.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67815 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/checkout1-EN.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67816 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/checkout1-FR.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67817 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/prod-CYM.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67818 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/prod-EN.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67819 - Disclosed: 2010-08-29

Description:

Multi-lingual E-Commerce System contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'inc/prod-FR.php' script not properly sanitizing user input supplied to the 'include_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 68119 - Disclosed: 2010-08-29

Description:

(Description Provided by CVE) : rss.php in UseBB before 1.0.11 does not properly handle forum configurations in which a user has the view permission but not the read permission, which allows remote attackers to bypass intended access restrictions by reading a forum feed in combination with a topic feed.

[CLOSE] OSVDB ID : 71529 - Disclosed: 2010-08-29

Description:

WebKit contains a flaw that is triggered when handling the 'selectedStylesheetSet' property. With a specially crafted web page, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 67725 - Disclosed: 2010-08-28

Description:

QtWeb Browser is prone to a flaw in the way it loads dynamic-link libraries (e.g. wintab32.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 68079 - Disclosed: 2010-08-28

Description:

(Description Provided by CVE) : Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 recognize a wildcard IP address in the subject's Common Name field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.

[CLOSE] OSVDB ID : 67585 - Disclosed: 2010-08-28

Description:

DivX Plus Player is prone to a flaw in the way it loads dynamic-link libraries (e.g. VersionCheckDLL.dll in version 7, import\Qt\win32vs05\all\bin\ssleay32.dll in version 8). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an AVI file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 67692 - Disclosed: 2010-08-28

Description:

The vulnerability is caused due to a boundary error in LtocxTwainu.dll when handling the value assigned to the "AppName" property and can be exploited to cause a heap-based buffer overflow via an overly long string. Successful exploitation allows execution of arbitrary code.

[CLOSE] OSVDB ID : 67690 - Disclosed: 2010-08-28

Description:

GaleriaSHQIP contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'album_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 67770 - Disclosed: 2010-08-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67800 - Disclosed: 2010-08-28

Description:

Textpattern CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input supplied to the 'inc' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67801 - Disclosed: 2010-08-28

Description:

DiY-CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'modules/guestbook/blocks/control.block.php' script not properly sanitizing user input supplied to the 'lang' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67802 - Disclosed: 2010-08-28

Description:

DiY-CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input supplied to the 'main_module' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 67803 - Disclosed: 2010-08-28

Description:

DiY-CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/general.functions.php' script not properly sanitizing user input supplied to the 'getFile' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 68858 - Disclosed: 2010-08-28

Description:

Notepad++ is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a CSS, INC, INF, INI, LOG, SCP, WTX, or SHTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 67580 - Disclosed: 2010-08-27

Description:

PHP Gästebuch Script contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'guestbook/gbook.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'script_pfad' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 67776 - Disclosed: 2010-08-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 81845 - Disclosed: 2010-08-27

Description:

Cisco Adaptive Security Appliances contains a flaw that allows an attacker to conduct an HTTP response splitting attack. This flaw exists because the application does not validate certain input upon submission to the /+CSCOE+/logon.html script. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.

[CLOSE] OSVDB ID : 67576 - Disclosed: 2010-08-27

Description:

Hycus CMS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as add an administrative user. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 68737 - Disclosed: 2010-08-27

Description:

Adobe Flash Player is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. This can be done by tricking a user into opening a DLL file from the local file system or a USB drive in some cases. This attack scenario is certainly possible, but rare.

[CLOSE] OSVDB ID : 70659 - Disclosed: 2010-08-27

Description:

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when fs/exec.c fails to enable the OOM Killer to assess memory use representing the arguments and environment, allowing a local attacker to use a crafted exec system call to cause an 'OOM dodging issue' denial of service.

[CLOSE] OSVDB ID : 67556 - Disclosed: 2010-08-27

Description:

Prometeo CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'categoria.php' script not properly sanitizing user-supplied input to the 'ID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 67557 - Disclosed: 2010-08-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67555 - Disclosed: 2010-08-27

Description:

Kontakt Formular contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'kontaktformular/formmailer.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'script_pfad' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 67569 - Disclosed: 2010-08-27

Description:

CMS & News Script light contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'news_system/news_base.php' script not properly sanitizing user input supplied to the 'script_pfad' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.