[CLOSE] OSVDB ID : 74501 - Disclosed: 2011-03-23

Description:

PHP-Nuke contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sender_name' and 'sender_email' parameters upon submission to the Feedback module. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75067 - Disclosed: 2011-03-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 75068 - Disclosed: 2011-03-23

Description:

Achievo contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the include.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'node' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 75069 - Disclosed: 2011-03-23

Description:

Achievo contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the graph.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'plotter' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 75070 - Disclosed: 2011-03-23

Description:

Achievo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the graph.php script not properly sanitizing user-supplied input to the 'viewstart' and 'viewend' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 75259 - Disclosed: 2011-03-23

Description:

(Description Provided by CVE) : SUSE openSUSE Factory assigns ownership of the /var/log/cobbler/ directory tree to the web-service user account, which might allow local users to gain privileges by leveraging access to this account during root filesystem operations by the Cobbler daemon.

[CLOSE] OSVDB ID : 75355 - Disclosed: 2011-03-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76075 - Disclosed: 2011-03-23

Description:

(Description Provided by CVE) : The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.

[CLOSE] OSVDB ID : 71639 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The plug-in in QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive video data via vectors involving a cross-site redirect.

[CLOSE] OSVDB ID : 71279 - Disclosed: 2011-03-22

Description:

Loggerhead contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input related to the filename is in loggerhead/templatefunctions.py script before being displayed in revision view filenames. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74630 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

[CLOSE] OSVDB ID : 71653 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : kernel/signal.c in the Linux kernel before 2.6.39 allows local users to spoof the uid and pid of a signal sender via a sigqueueinfo system call.

[CLOSE] OSVDB ID : 71626 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : AirPort in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to cause a denial of service (divide-by-zero error and reboot) via Wi-Fi frames on the local wireless network, a different vulnerability than CVE-2011-0162.

[CLOSE] OSVDB ID : 71627 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in AppleScript in Apple Mac OS X before 10.6.7 allow context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via format string specifiers in a (1) display dialog or (2) display alert command in a dialog in an AppleScript Studio application.

[CLOSE] OSVDB ID : 71628 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code via a document that contains a crafted embedded OpenType font.

[CLOSE] OSVDB ID : 71629 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded TrueType font.

[CLOSE] OSVDB ID : 71630 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted embedded Type 1 font.

[CLOSE] OSVDB ID : 71631 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Multiple buffer overflows in Apple Type Services (ATS) in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code via a document that contains a crafted SFNT table in an embedded font.

[CLOSE] OSVDB ID : 71632 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The FSFindFolder API in CarbonCore in Apple Mac OS X before 10.6.7 provides a world-readable directory in response to a call with the kTemporaryFolderType flag, which allows local users to obtain potentially sensitive information by accessing this directory.

[CLOSE] OSVDB ID : 71633 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : CoreText in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a document that contains a crafted embedded font.

[CLOSE] OSVDB ID : 71634 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Integer overflow in HFS in Apple Mac OS X before 10.6.7 allows local users to read arbitrary (1) HFS, (2) HFS+, or (3) HFS+J files via a crafted F_READBOOTSTRAP ioctl call.

[CLOSE] OSVDB ID : 71636 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Libinfo in Apple Mac OS X before 10.6.7 does not properly handle an unspecified integer field in an NFS RPC packet, which allows remote attackers to cause a denial of service (lockd, statd, mountd, or portmap outage) via a crafted packet, related to an "integer truncation issue."

[CLOSE] OSVDB ID : 71638 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : QuickTime in Apple Mac OS X before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted JPEG2000 image.

[CLOSE] OSVDB ID : 71640 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."

[CLOSE] OSVDB ID : 71641 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The default configuration of Terminal in Apple Mac OS X 10.6 before 10.6.7 uses SSH protocol version 1 within the New Remote Connection dialog, which might make it easier for man-in-the-middle attackers to spoof SSH servers by leveraging protocol vulnerabilities.

[CLOSE] OSVDB ID : 71642 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Install Helper in Installer in Apple Mac OS X before 10.6.7 does not properly process an unspecified URL, which might allow remote attackers to track user logins by logging network traffic from an agent that was intended to send network traffic to an Apple server.

[CLOSE] OSVDB ID : 71643 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Multiple buffer overflows in Image RAW in Apple Mac OS X before 10.6.7 allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Canon RAW image.

[CLOSE] OSVDB ID : 71644 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : Integer overflow in ImageIO in Apple Mac OS X 10.6 before 10.6.7 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted TIFF image with JPEG encoding.

[CLOSE] OSVDB ID : 71262 - Disclosed: 2011-03-22

Description:

Immunity Debugger is prone to an overflow condition. The program fails to properly verify communication with the update server, allowing a remote attacker to use a man-in-the-middle attack to spoof responses containing overly long strings to cause a heap-based buffer overflow. This may allow the execution of arbitrary code.

[CLOSE] OSVDB ID : 75255 - Disclosed: 2011-03-22

Description:

WebKit contains a flaw as it fails to properly restrict cross-origin drag-and-drop operations that may allow a remote attacker to bypass the Same Origin Policy. With a specially crafted web page, a context-dependent attacker can obtain potentially sensitive information from another web page.

[CLOSE] OSVDB ID : 71253 - Disclosed: 2011-03-22

Description:

openSUSE contains a flaw related to aaa_base failing to properly handle filenames with meta characters during tab expansions. This may allow a context-dependent attacker to use a crafted filename to trick another user to execute arbitrary commands, which may allow the attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 71681 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The default configuration of the server console in IBM Lotus Domino does not require a password (aka Server_Console_Password), which allows physically proximate attackers to perform administrative changes or obtain sensitive information via a (1) Load, (2) Tell, or (3) Set Configuration command.

[CLOSE] OSVDB ID : 72868 - Disclosed: 2011-03-22

Description:

CSE-Semaphore TBOX Lite 200 contains a flaw related to the 'tcomm.dll' library. The issue is triggered when a remote attacker supplies a specially crafted VBScript. This may allow an attacker to bypass authentication settings.

[CLOSE] OSVDB ID : 73773 - Disclosed: 2011-03-22

Description:

WebKit contains a flaw that may lead to unauthorized disclosure of sensitive information. The issue is triggered when handling access to local file content. With a specially crafted web page, a context-dependent attacker may disclose the contents of arbitrary local files on a user's system.

[CLOSE] OSVDB ID : 74757 - Disclosed: 2011-03-22

Description:

libpng contains a flaw in the handling of JPG files that may allow a remote denial of service. The issue is due to an error of the embedded_profile_len() function in pngwutil.c. With a specially crafted JPG file containing an iCCP chunk with a negative embedded profile length, a context-dependent attacker can cause the program to crash.

[CLOSE] OSVDB ID : 71259 - Disclosed: 2011-03-22

Description:

Quagga contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL-pointer dereference error occurs, allowing a remote attacker to use crafted extended community attributes to crash the 'bgpd' daemon, resulting in a loss of availability.

[CLOSE] OSVDB ID : 71258 - Disclosed: 2011-03-22

Description:

Quagga contains a flaw that may allow a remote denial of service. The issue is triggered when the AS path limit/TTL functionality encounters an error when parsing some specific AS_PATHLIMIT attributes, allowing a remote attacker to use crafted AS_PATHLIMIT attributes to reset BGP sessions, resulting in a loss of availability.

[CLOSE] OSVDB ID : 71260 - Disclosed: 2011-03-22

Description:

RealPlayer is prone to an overflow condition. rvrender.dll fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted .IVR file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 71261 - Disclosed: 2011-03-22

Description:

Symantec LiveUpdate Administrator contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the execution of arbitrary commands, creation of administrative users, or insertion of scripts. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 75055 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The Nokia E75 phone with firmware before 211.12.01 allows physically proximate attackers to bypass the Device Lock code by entering an unspecified button sequence at boot time.