[CLOSE] OSVDB ID : 70978 - Disclosed: 2011-02-09

Description:

Google Chrome contains a flaw related to the failure to terminate processes upon memory exhaustion that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 70923 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70922 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70921 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. A specific ActionScript3 object's construction fails to sanitize user-supplied input when the object is applied to a bitmap copy, resulting in memory corruption. With a specially crafted file or page, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 70920 - Disclosed: 2011-02-09

Description:

Adobe Flash Player contains a flaw related to the font-parsing functionality that may allow an attacker to execute arbitrary code via a crafted font. No further details have been provided.

[CLOSE] OSVDB ID : 70919 - Disclosed: 2011-02-09

Description:

Adobe Flash Player is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 70918 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70917 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70916 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70915 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70914 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70913 - Disclosed: 2011-02-09

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize certain unspecified user-supplied input, resulting in memory corruption. This may allow an attacker to execute arbitrary code via unspecified vectors.

[CLOSE] OSVDB ID : 70975 - Disclosed: 2011-02-09

Description:

WebAsyst contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'app' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70882 - Disclosed: 2011-02-09

Description:

SourceBans contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'BanReason,' 'SteamID,' 'EmailAddr,' 'PlayerName' and 'BanIP' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70846 - Disclosed: 2011-02-09

Description:

IDA Pro is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted Mac OS X Mach-O file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 72514 - Disclosed: 2011-02-09

Description:

Adobe Shockwave Player contains a flaw related to the Font Xtra.x32 module failing to properly parse font structures. The issue is triggered when a context-dependent attacker provides a PFR1 chunk containing an invalid size value. This may allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 73325 - Disclosed: 2011-02-09

Description:

Data Module for Drupal contains multiple flaws that allow a remote cross-site scripting (XSS) attack. The flaws exist because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73326 - Disclosed: 2011-02-09

Description:

Data Module for Drupal contains multiple flaws that may allow an attacker to carry out an SQL injection attack. These issues are due to the program not properly sanitizing certain unspecified input before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 73692 - Disclosed: 2011-02-09

Description:

Xoda contains multiple unspecified flaws related to printer commands that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 70965 - Disclosed: 2011-02-09

Description:

Oracle Java SE and Java for Business contain a flaw that may allow a remote denial of service. The issue is triggered when the 'Double.parseDouble' method in JRE allows remote attackers to trigger an infinite loop with a crafted string, resulting in a denial of service.

[CLOSE] OSVDB ID : 70837 - Disclosed: 2011-02-08

Description:

Cisco Nexus 1000V contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs when processing 802.1Q tagged packets, which may be exploited by a remote attacker by having a virtual machine send a packet on an vEthernet port to cause a denial of service.

[CLOSE] OSVDB ID : 70847 - Disclosed: 2011-02-08

Description:

OpenSSL contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs while parsing malformed ClientHello handshake messages, which may be exploited to trigger an invalid memory access with a crafted ClientHello handshake message. This may allow a remote attacker to cause a denial of service. Certain applications which use SSL may also allow the disclosure of the contents of parsed OCSP extensions.

[CLOSE] OSVDB ID : 70827 - Disclosed: 2011-02-08

Description:

Microsoft Windows contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an error occurs in JScript and VBScript when processing scripts, which will disclose potentially sensitive information to a context-dependent attacker using a crafted web page.

[CLOSE] OSVDB ID : 70977 - Disclosed: 2011-02-08

Description:

WebKit contains a use-after-free error in the 'AnimationControllerPrivate::fireEventsAndUpdateStyle' function [WebCore/page/animation/AnimationController.cpp] that is triggered when processing animation events. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 71400 - Disclosed: 2011-02-08

Description:

Adobe Reader and Acrobat contain a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an unspecified permission issue occurs, allowing a remote attacker to gain escalated privileges.

[CLOSE] OSVDB ID : 71396 - Disclosed: 2011-02-08

Description:

Adobe Reader and Acrobat contain an unspecified flaw that may allow an attacker to cause a denial of service. It is possible, though not confirmed, that this vulnerability may also allow the execution of arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 71378 - Disclosed: 2011-02-08

Description:

Adobe Reader and Acrobat on Mac contains an unspecified memory corruption flaw that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72526 - Disclosed: 2011-02-08

Description:

(Description Provided by CVE) : The client in HP Data Protector does not properly validate EXEC_CMD arguments, which allows remote attackers to execute arbitrary Perl code via a crafted command, related to the "local bin directory."

[CLOSE] OSVDB ID : 70974 - Disclosed: 2011-02-08

Description:

WebAsyst contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'orderID_textbox' or 'settingCONF_SHOP_NAME_en' parameters or input passed via the URL upon submission to the SC/html/scripts/index.php script, or the 'app' parameter on submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70928 - Disclosed: 2011-02-08

Description:

Ruby on Rails contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' or 'email' values upon submission to the 'mail_to' helper. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70927 - Disclosed: 2011-02-08

Description:

Ruby on Rails contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for AJAX or API HTTP requests that contain a X-Requested-With header. This makes it easier for an attacker to use a crafted URL (e.g., a crafted GET request inside an "img" tag) to trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 70899 - Disclosed: 2011-02-08

Description:

The Administrator Console in Adobe ColdFusion contains flaws that allow multiple remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70900 - Disclosed: 2011-02-08

Description:

Adobe ColdFusion contains multiple CRLF injection vulnerabilities in certain unspecified tags. This may allow a remote attacker to inject HTTP headers and conduct HTTP response splitting attacks.

[CLOSE] OSVDB ID : 70903 - Disclosed: 2011-02-08

Description:

Adobe ColdFusion contains a session fixation vulnerability. The issue is triggered when a context-dependent, remote attacker tricks a user into following a crafted link. This may allow an attacker to hijack the user's web session after the user logs in.

[CLOSE] OSVDB ID : 70902 - Disclosed: 2011-02-08

Description:

Adobe ColdFusion contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the input passed via the cfform tag before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70901 - Disclosed: 2011-02-08

Description:

Adobe ColdFusion contains a flaw related to the Administrator Console that may disclose certain unspecified information to an attacker. No further details have been provided.

[CLOSE] OSVDB ID : 71001 - Disclosed: 2011-02-08

Description:

Django contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to thefile-based session storage system not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the key in a session cookie. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 71000 - Disclosed: 2011-02-08

Description:

Django contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the filename of uploaded files upon submission to the 'file' field. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70999 - Disclosed: 2011-02-08

Description:

Django contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not properly validate HTTP requests that contain an X-Requested-With header. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may use a forged Ajax request to trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 70855 - Disclosed: 2011-02-08

Description:

PHPXref contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL to 'nav.html' before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.