[CLOSE] OSVDB ID : 91925 - Disclosed: 2011-12-13

Description:

Instructure Canvas contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for AJAX request calls. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into gain access to sensitive information in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 77991 - Disclosed: 2011-12-12

Description:

SafeNet Sentinel HASP Run-time Environment contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate unspecified parameters upon submission to the Sentinel HASP Admin Control Center. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78027 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : The ComputePassword function in the Schneider Electric Quantum Ethernet Module on the NOE 771 device (aka the Quantum 140NOE771* module) generates the password for the fwupgrade account by performing a calculation on the MAC address, which makes it easier for remote attackers to obtain access via a (1) ARP request message or (2) Neighbor Solicitation message.

[CLOSE] OSVDB ID : 77741 - Disclosed: 2011-12-12

Description:

RSA SecurID Software Token is prone to a flaw in the way it loads dynamic-link libraries (DLL), such as wintab32.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .sdtid file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 78028 - Disclosed: 2011-12-12

Description:

Schneider Electric Quantum Ethernet Module on the NOE 771 device contains a flaw in the 'modbus_125_handler' function. The issue is triggered when parsing incoming MODBUS requests with a function code of 125. With a specially crafted request, a remote attacker can install an arbitrary firmware update.

[CLOSE] OSVDB ID : 77638 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the in_mod.dll plugin in Winamp before 5.623 allows remote attackers to execute arbitrary code via crafted song message data in an Impulse Tracker (IT) file. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 77690 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly implement Device Recovery and Device Identification, which might allow remote attackers to bypass intended security restrictions on a (1) previously non-registered device or (2) registered device by sending unspecified "data elements."

[CLOSE] OSVDB ID : 77691 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : EMC RSA Adaptive Authentication On-Premise (AAOP) 6.0.2.1 SP1 Patch 2, SP1 Patch 3, SP2, SP2 Patch 1, and SP3 does not properly perform forensic evaluation upon receipt of device tokens from mobile apps, which might allow remote attackers to bypass intended application restrictions via a mobile device.

[CLOSE] OSVDB ID : 77695 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : mappy.py in Splunk Web in Splunk 4.2.x before 4.2.5 does not properly restrict use of the mappy command to access Python classes, which allows remote authenticated administrators to execute arbitrary code by leveraging the sys module in a request to the search application, as demonstrated by a cross-site request forgery (CSRF) attack, aka SPL-45172.

[CLOSE] OSVDB ID : 78035 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Splunk 4.x before 4.2.5 allow remote authenticated users to read arbitrary files via a .. (dot dot) in a URI to (1) Splunk Web or (2) the Splunkd HTTP Server, aka SPL-45243.

[CLOSE] OSVDB ID : 77636 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.

[CLOSE] OSVDB ID : 77637 - Disclosed: 2011-12-12

Description:

(Description Provided by CVE) : Multiple integer overflows in the in_avi.dll plugin in Winamp before 5.623 allow remote attackers to execute arbitrary code via an AVI file with a crafted value for (1) the number of streams or (2) the size of the RIFF INFO chunk, leading to a heap-based buffer overflow.

[CLOSE] OSVDB ID : 77694 - Disclosed: 2011-12-12

Description:

Splunk contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 77704 - Disclosed: 2011-12-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 88047 - Disclosed: 2011-12-12

Description:

IBM WebSphere Operational Decision Management contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via cause messages in the 'RTS Error' page. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 77635 - Disclosed: 2011-12-11

Description:

Family Connections contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of the administrator's password. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into adding news, "praying for", or changing the administrator password in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 77633 - Disclosed: 2011-12-11

Description:

UPM Polls Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-admin/admin-ajax.php script not properly sanitizing user-supplied input to the 'PID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83188 - Disclosed: 2011-12-11

Description:

Pixie CMS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into creating a blog post in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 83158 - Disclosed: 2011-12-11

Description:

XOOPS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin.php script not properly sanitizing user-supplied input to the 'selgroups' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 82593 - Disclosed: 2011-12-10

Description:

PuTTY contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when session passwords that were stored in the memory during the keyboard-interactive authentication are not properly dumped. This will store passwords within the memory in cleartext until the program stops running, which may disclose password information to a local attacker.

[CLOSE] OSVDB ID : 83196 - Disclosed: 2011-12-10

Description:

Family Connections CMS (FCMS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'Text Area' field upon submission to the familynews.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 83197 - Disclosed: 2011-12-10

Description:

Family Connections CMS (FCMS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'Event' field upon submission to the calendar.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 77600 - Disclosed: 2011-12-10

Description:

Power2Go 8, and possibly prior versions, fails to perform adequate boundary checks on user-supplied input when parsing malformed project (.p2g) files causing a stack-based buffer overflow leading to possible remote code execution.

[CLOSE] OSVDB ID : 77639 - Disclosed: 2011-12-10

Description:

RocksnDiamonds contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program creating the ~/.rocksndiamonds/ directory as world writable. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 77780 - Disclosed: 2011-12-10

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 83198 - Disclosed: 2011-12-10

Description:

Family Connections CMS (FCMS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'Name' field upon submission to the recipes.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 83189 - Disclosed: 2011-12-10

Description:

Linux Kernel on MIPS contains a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs, and will result in loss of availability for the system. No further details have been provided.

[CLOSE] OSVDB ID : 77580 - Disclosed: 2011-12-09

Description:

HitAppoint contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'username' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 81844 - Disclosed: 2011-12-09

Description:

Cisco Carrier Routing System contains a flaw that may allow a remote denial of service. The issue is triggered when parsing GRE packets, and will result in loss of availability for the product.

[CLOSE] OSVDB ID : 77594 - Disclosed: 2011-12-09

Description:

FFFTP is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 77940 - Disclosed: 2011-12-09

Description:

HTML::Template::Pro contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via template parameters before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 83190 - Disclosed: 2011-12-09

Description:

Free Opener contains a flaw that may allow for a denial of service. The issue is triggered when a user opens a malformed JPG file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).

[CLOSE] OSVDB ID : 77591 - Disclosed: 2011-12-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77601 - Disclosed: 2011-12-09

Description:

WaveEditor 2, and possibly prior versions, fails to perform adequate boundary checks on user-supplied input when parsing malformed project (.wve) files causing a stack-based buffer overflow leading to possible remote code execution. WaveEditor will also included on Power2Go and PowerDirector installation.

[CLOSE] OSVDB ID : 77632 - Disclosed: 2011-12-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77643 - Disclosed: 2011-12-09

Description:

ClassifiedsGeek Pet Listing contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'bedroom_from' parameter upon submission to the preview.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78088 - Disclosed: 2011-12-09

Description:

(Description Provided by CVE) : Stack-based buffer overflow in CFS.c in ConfigServer Security & Firewall (CSF) before 5.43, when running on a DirectAdmin server, allows local users to cause a denial of service (crash) via a long string in an admin.list file.

[CLOSE] OSVDB ID : 78286 - Disclosed: 2011-12-09

Description:

Siemens Tecnomatix FactoryLink contains a flaw in the ActBar.ocx ActiveX control. The issue is triggered when user-supplied input is passed as argument to the 'Save' method. With a specially crafted web page, a context-dependent attacker can write arbitrary file content to an arbitrary location on the system.

[CLOSE] OSVDB ID : 78287 - Disclosed: 2011-12-09

Description:

Siemens Tecnomatix FactoryLink contains an overflow condition in the WebClient ActiveX Control. The issue is triggered as user-supplied input is not properly validated when passed to a parameter related to the Location URL. With a specially crafted web page, a context-dependent attacker can cause a buffer overflow, allowing execution of arbitrary code.

[CLOSE] OSVDB ID : 85228 - Disclosed: 2011-12-09

Description:

DoceboLMS contains a flaw related to the iotask module that may allow an attacker to carry out an SQL injection attack. The issue is due to the save_connection function in the lib/lib.iotask.php script not properly sanitizing user-supplied input to the 'coursereportuiconfig[name]' and 'coursereportuiconfig[description]' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.