| OSVDB ID | Disclosure Date | Title |
|---|
|
76849
Description:
(Description Provided by CVE) : Investintech.com SlimPDF Reader does not properly restrict the arguments to unspecified function calls, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
2011-09-30
|
Investintech.com Multiple Product Unspecified PDF Handling Remote Code Execution
|
|
75988
Description:
(Description Provided by CVE) : Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to overwrite arbitrary files via a symlink attack on the .k5login file.
|
2011-09-30
|
Puppet k5login File Handling Symlink k5login Overwrite
|
|
75986
Description:
(Description Provided by CVE) : Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x allows local users to modify the permissions of arbitrary files via a symlink attack on the SSH authorized_keys file.
|
2011-09-30
|
Puppet Race Condition SSH authorized_keys File Handing Symlink Arbitrary File Permission Manipulation
|
|
75989
Description:
(Description Provided by CVE) : Puppet 2.7.x before 2.7.5, 2.6.x before 2.6.11, and 0.25.x, when running in --edit mode, uses a predictable file name, which allows local users to run arbitrary Puppet code or trick a user into editing arbitrary files.
|
2011-09-30
|
Puppet Resource --edit Mode Arbitrary Puppet Code Execution
|
|
76001
Description:
Adobe Photoshop Elements is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted ABR brush file, a context-dependent attacker can potentially execute arbitrary code..
|
2011-09-30
|
Adobe Photoshop Elements Brush (ABR) File Handling Overflow
|
|
75987
Description:
Unknown / Incomplete
|
2011-09-30
|
Puppet indirector/file.rb Terminus Base Class Request Key Parsing Weakness
|
|
75994
Description:
(Description Provided by CVE) : The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.
|
2011-09-30
|
Pidgin libpurple/protocols/silc/ops.c silc_private_message() Function Out-of-bounds Read SILC Message Parsing DoS
|
|
76002
Description:
Adobe Photoshop Elements is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted GRD gradient file, a context-dependent attacker can potentially execute arbitrary code..
|
2011-09-30
|
Adobe Photoshop Elements Gradient (GRD) File Handling Overflow
|
|
76262
Description:
Unknown / Incomplete
|
2011-09-30
|
ICONICS GENESIS32 ScriptWorX32 Component File Handling Memory Corruption
|
|
76263
Description:
Unknown / Incomplete
|
2011-09-30
|
ICONICS GENESIS32 AlarmWorX32 Component File Handling Memory Corruption
|
|
76264
Description:
Unknown / Incomplete
|
2011-09-30
|
ICONICS GENESIS32 TrendWorX32 Component File Handling Memory Corruption
|
|
76265
Description:
Unknown / Incomplete
|
2011-09-30
|
ICONICS GENESIS32 GraphWorX32 Component File Handling Memory Corruption
|
|
76405
Description:
(Description Provided by CVE) : Unspecified vulnerability in the server in Certec EDV atvise before 2.1 allows remote attackers to cause a denial of service (daemon crash) via crafted requests to TCP port 4840.
|
2011-09-30
|
atvise Server atvise_1.dat Remote DoS
|
|
76848
Description:
(Description Provided by CVE) : Unspecified vulnerability in Investintech.com Absolute PDF Server allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
2011-09-30
|
Investintech.com Absolute PDF Server Unspecified PDF Handling Remote Code Execution
|
|
76850
Description:
(Description Provided by CVE) : Investintech.com SlimPDF Reader does not prevent faulting-address data from affecting branch selection, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
2011-09-30
|
Investintech.com SlimPDF Reader Faulting-Address Data PDF Handling Remote Code Execution
|
|
76851
Description:
(Description Provided by CVE) : Investintech.com SlimPDF Reader does not prevent faulting-instruction data from affecting write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
2011-09-30
|
Investintech.com SlimPDF Reader Faulting-Instruction Data Write Operation PDF Handling Remote Code Execution
|
|
76853
Description:
(Description Provided by CVE) : Investintech.com SlimPDF Reader does not properly restrict write operations, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
2011-09-30
|
Investintech.com SlimPDF Reader Write Operation PDF Handling Remote Code Execution
|
|
79404
Description:
Input parameter passed through $_POST['feed_order'] to set-prefs.php isn't properly sanitized before being used in a call to "create_function()". This can be exploited to inject and execute arbitrary PHP code.
|
2011-09-30
|
Feed on Feeds feed_order Parameter create_function() Remote PHP Code Execution
|
|
75976
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in BaserCMS before 1.6.13.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2011-09-30
|
BaserCMS Unspecified XSS
|
|
75977
Description:
(Description Provided by CVE) : BaserCMS before 1.6.12 does not properly restrict additions to the membership of the operators group, which allows remote authenticated users to gain privileges via unspecified vectors.
|
2011-09-30
|
BaserCMS Operators Group Membership Remote Privilege Escalation
|
|
75996
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in CourseForum ProjectForum 7.0.1.3038 allows remote attackers to inject arbitrary web script or HTML via a crafted name of an object within a more object on a wiki page.
|
2011-09-30
|
ProjectForum Page Renaming newname Parameter XSS
|
|
76844
Description:
A-Form PC and PC/Mobile Plugins for Movable Type contain a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-09-30
|
A-Form PC / PC/Mobile Plugins for Movable Type Unspecified XSS
|
|
76852
Description:
(Description Provided by CVE) : Investintech.com SlimPDF Reader does not properly restrict read operations during block data moves, which allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document.
|
2011-09-30
|
Investintech.com SlimPDF Reader Block Data Move Read Operation Unspecified PDF Handling Remote Issue
|
|
83881
Description:
MARINET CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the room.php script not properly sanitizing user-supplied input to the 'rid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-09-30
|
MARINET CMS room.php rid Parameter SQL Injection
|
|
76664
Description:
(Description Provided by CVE) : Buffer overflow in the UnitelWay Windows Device Driver, as used in Schneider Electric Unity Pro 6 and earlier, OPC Factory Server 3.34, Vijeo Citect 7.20 and earlier, Telemecanique Driver Pack 2.6 and earlier, Monitor Pro 7.6 and earlier, and PL7 Pro 4.5 and earlier, allows local users, and possibly remote attackers, to execute arbitrary code via an unspecified system parameter.
|
2011-09-29
|
Schneider Electric Multiple Products UnitelWay Device Driver Local Overflow
|
|
76149
Description:
Unknown / Incomplete
|
2011-09-29
|
bitweaver bitweaver/tags/ URI XSS
|
|
76150
Description:
Unknown / Incomplete
|
2011-09-29
|
bitweaver bitweaver/stencils/index.php URI XSS
|
|
86705
Description:
bitweaver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'textarea_id' parameter upon submission to the quicktags/special_chars.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-09-29
|
bitweaver quicktags/special_chars.php textarea_id Parameter XSS
|
|
76141
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the admin script in Active CMS 1.2 allows remote attackers to inject arbitrary web script or HTML via the mod parameter in a module action.
|
2011-09-29
|
Active CMS /activecms/admin/admin mod Parameter XSS
|
|
76145
Description:
Unknown / Incomplete
|
2011-09-29
|
SonicWALL Sonicpoint MAC Spoofing Protection Bypass
|
|
76146
Description:
Unknown / Incomplete
|
2011-09-29
|
SonicWALL Web Admin Interface main.html Multiple Field XSS
|
|
76147
Description:
Unknown / Incomplete
|
2011-09-29
|
SonicWALL SessId Cookie Brute Force Weakness Admin Session Hijacking
|
|
76180
Description:
Unknown / Incomplete
|
2011-09-29
|
Game Servers Client (GSC) Chat Server IRC Command Authentication Bypass
|
|
86704
Description:
bitweaver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the bitweaver/stencils/list_stencils.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-09-29
|
bitweaver bitweaver/stencils/list_stencils.php URI XSS
|
|
75981
Description:
Symantec IM Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'refreshRateSetting' parameter upon submission to the 'IMManager/Admin/IMAdminSystemDashboard.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-09-29
|
Symantec IM Manager IMManager/Admin/IMAdminSystemDashboard.asp refreshRateSetting Parameter XSS
|
|
75982
Description:
Symantec IM Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'nav' and 'menuitem' parameters upon submission to the 'IMManager/Admin/IMAdminTOC_simple.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-09-29
|
Symantec IM Manager IMManager/Admin/IMAdminTOC_simple.asp Multiple Parameter XSS
|
|
75983
Description:
Symantec IM Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the 'IMManager/Admin/IMAdminEdituser.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-09-29
|
Symantec IM Manager IMManager/Admin/IMAdminEdituser.asp action Parameter XSS
|
|
75984
Description:
(Description Provided by CVE) : SQL injection vulnerability in the management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
2011-09-29
|
Symantec IM Manager Unspecified SQL Injection
|
|
75985
Description:
(Description Provided by CVE) : The management console in Symantec IM Manager before 8.4.18 allows remote attackers to execute arbitrary code via unspecified vectors, related to a "code injection issue."
|
2011-09-29
|
Symantec IM Manager Management Console Unspecified Remote Code Execution
|
|
76105
Description:
(Description Provided by CVE) : Unspecified vulnerability in Zope 2.12.x and 2.13.x, as used in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2, allows remote attackers to execute arbitrary commands via vectors related to the p_ class in OFS/misc_.py and the use of Python modules.
|
2011-09-29
|
Zope Request Parsing Unspecified Remote Command Execution
|
