[CLOSE] OSVDB ID : 85230 - Disclosed: 2011-12-27

Description:

tForum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewboard.php script not properly sanitizing user-supplied input to the 'BoardID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78070 - Disclosed: 2011-12-27

Description:

Winn Guestbook contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the addPost() function in the data/functions.php script does not validate the 'name' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 84878 - Disclosed: 2011-12-27

Description:

FFmpeg is prone to an overflow condition. The avfilter_filter_samples function of libavfilter/avfilter.c fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted media file, a context-dependent attacker can potentially execute arbitrary code or cause a denial of service.

[CLOSE] OSVDB ID : 85229 - Disclosed: 2011-12-27

Description:

tForum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewtopic.php script not properly sanitizing user-supplied input to the 'TopicID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 85231 - Disclosed: 2011-12-27

Description:

tForum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewcat.php script not properly sanitizing user-supplied input to the 'CatID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78043 - Disclosed: 2011-12-27

Description:

(Description Provided by CVE) : Stack-based buffer overflow in CoCSoft Stream Down 6.8.0 allows remote web servers to execute arbitrary code via a long response to a download request.

[CLOSE] OSVDB ID : 85232 - Disclosed: 2011-12-27

Description:

tForum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'username' parameter upon submission to the member.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78282 - Disclosed: 2011-12-26

Description:

(Description Provided by CVE) : The Wi-Fi Protected Setup (WPS) protocol, when the "external registrar" authentication method is used, does not properly inform clients about failed PIN authentication, which makes it easier for remote attackers to discover the PIN value, and consequently discover the Wi-Fi network password or reconfigure an access point, by reading EAP-NACK messages.

[CLOSE] OSVDB ID : 78023 - Disclosed: 2011-12-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78122 - Disclosed: 2011-12-26

Description:

The Simple File Upload Module for Joomla! contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the modules/mod_simplefileuploadv1.3/helper.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

[CLOSE] OSVDB ID : 79998 - Disclosed: 2011-12-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 82590 - Disclosed: 2011-12-26

Description:

Nagios Plugins is prone to an overflow condition. Check_ups fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a local attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 82591 - Disclosed: 2011-12-26

Description:

Free Image Hosting Script contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the program does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

[CLOSE] OSVDB ID : 82592 - Disclosed: 2011-12-25

Description:

OpenEMR contains a flaw that allows a remote user to execute arbitrary code. This flaw exists because the program does not properly verify or sanitize user-uploaded files. By uploading a PHP file as a patient photograph, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

[CLOSE] OSVDB ID : 78025 - Disclosed: 2011-12-25

Description:

Mailing List Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the wp-content/plugins/mailz/lists/config/config.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'wph', 'wpdb', 'wpu' and "wpp' parameters to the wp-content/plugins/mailz/lists/dl.php script. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 78107 - Disclosed: 2011-12-25

Description:

GraphicsClone Script contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'term' parameter upon submission to search/. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 86240 - Disclosed: 2011-12-25

Description:

WP Live.php Module for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 's' parameter upon submission to the wp-live.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78020 - Disclosed: 2011-12-24

Description:

(Description Provided by CVE) : Buffer overflow in libtelnet/encrypt.c in telnetd in FreeBSD 7.3 through 9.0, MIT Kerberos Version 5 Applications (aka krb5-appl) 1.0.2 and earlier, Heimdal 1.5.1 and earlier, GNU inetutils, and possibly other products allows remote attackers to execute arbitrary code via a long encryption key, as exploited in the wild in December 2011.

[CLOSE] OSVDB ID : 78283 - Disclosed: 2011-12-24

Description:

(Description Provided by CVE) : MySQL 5.5.8, when running on Windows, allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted packet to TCP port 3306.

[CLOSE] OSVDB ID : 82595 - Disclosed: 2011-12-24

Description:

freeSSHd contains a flaw that may allow a remote denial of service. The issue is triggered by an error in the SSH server when handling a malformed packet. This will result in a loss of availability for the service.

[CLOSE] OSVDB ID : 85331 - Disclosed: 2011-12-24

Description:

FFmpeg is prone to an overflow condition. The get_sot function of j2k.c fails to properly check the curtileno variable, which may result in an overflow. No further details have been provided.

[CLOSE] OSVDB ID : 82605 - Disclosed: 2011-12-24

Description:

Microsoft Windows contains a flaw that may allow a denial of service. The issue is triggered when a local attacker creates a specially crafted subdirectory that will allow for the deletion of a parent directory. This will result in loss of availability for the explorer.exe application.

[CLOSE] OSVDB ID : 82604 - Disclosed: 2011-12-24

Description:

Microsoft Windows Media Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted streamed broadcast, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 77994 - Disclosed: 2011-12-23

Description:

(Description Provided by CVE) : The Blueberry FlashBack ActiveX control in BB FlashBack Recorder.dll in Blueberry BB FlashBack, as used in IBM Rational Rhapsody before 7.6.1 and other products, does not properly implement the TestCompatibilityRecordMode method, which allows remote attackers to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 77995 - Disclosed: 2011-12-23

Description:

Multiple Public Knowledge Project products contain a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the uploading of PHP files. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 78021 - Disclosed: 2011-12-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78235 - Disclosed: 2011-12-23

Description:

KnowledgeTree contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the config/dmsDefaults.php script does not validate input passed via the URL upon submission to the login.php, admin.php and preferences.php scripts. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78313 - Disclosed: 2011-12-23

Description:

(Description Provided by CVE) : Integer signedness error in Apple QuickTime before 7.7.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted font table in a QuickTime movie file.

[CLOSE] OSVDB ID : 78127 - Disclosed: 2011-12-23

Description:

tinyguestbook contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'msg' parameter upon submission to the sign.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 81871 - Disclosed: 2011-12-23

Description:

Cisco Unified IP Phones contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered by an error when downloading configuration information to an RT phone, which may allow a local attacker to gain escalated privileges.

[CLOSE] OSVDB ID : 78312 - Disclosed: 2011-12-23

Description:

Siemens WinCC contains a flaw in the web server as generated authentication tokens (cookie values) are predictable. This allows a remote attacker to bypass authentication to gain unauthorized access to the HMI.

[CLOSE] OSVDB ID : 84149 - Disclosed: 2011-12-23

Description:

WebKit contains a use-after-free error in the 'AccessibilityRenderObject::childrenChanged' function in WebCore/accessibility/AccessibilityRenderObject.cpp when content is changed for an element with 'contenteditable' set and a textbox role. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 77982 - Disclosed: 2011-12-22

Description:

(Description Provided by CVE) : etc/inc/certs.inc in the PKI implementation in pfSense before 2.0.1 creates each X.509 certificate with a true value for the CA basic constraint, which allows remote attackers to create sub-certificates for arbitrary subjects by leveraging the private key.

[CLOSE] OSVDB ID : 78013 - Disclosed: 2011-12-22

Description:

Tiki Wiki CMS/Groupware contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the execution of PHP code. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 78014 - Disclosed: 2011-12-22

Description:

(Description Provided by CVE) : The Linux kernel before 3.2.2 does not properly restrict SG_IO ioctl calls, which allows local users to bypass intended restrictions on disk read and write operations by sending a SCSI command to (1) a partition block device or (2) an LVM volume.

[CLOSE] OSVDB ID : 78019 - Disclosed: 2011-12-22

Description:

Whois.Cart() contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'domainname' parameter upon submission to the ordernow.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78044 - Disclosed: 2011-12-22

Description:

HP Database Archiving Software is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted GIOP Opcode 0x0E packet, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78045 - Disclosed: 2011-12-22

Description:

HP Database Archiving Software is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted GIOP packet, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78046 - Disclosed: 2011-12-22

Description:

(Description Provided by CVE) : Unspecified vulnerability in HP Database Archiving Software 6.31 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1263.

[CLOSE] OSVDB ID : 78233 - Disclosed: 2011-12-21

Description:

Cogent DataHub contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.