[CLOSE] OSVDB ID : 88846 - Disclosed: 2012-12-31

Description:

WP PHP Widget for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the wp-php-widget.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 90399 - Disclosed: 2012-12-31

Description:

ZeroClipboard contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the clipText returned from Flash Objects are not properly escaped. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88840 - Disclosed: 2012-12-31

Description:

ircd-ratbox contains a flaw in the CAPAB module (m_capab.c) that may allow a remote denial of service. The issue is triggered when the server improperly assumes capability in negotiation handshakes. With a specially crafted request, a remote attacker can cause a loss of availability for the server.

[CLOSE] OSVDB ID : 88903 - Disclosed: 2012-12-31

Description:

2Wire Login Portal contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to __ ENH_ERROR_REDIRECT_PATH__ not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow a remote attacker to manipulate arbitrary files.

[CLOSE] OSVDB ID : 90398 - Disclosed: 2012-12-31

Description:

ZeroClipboard contains a flaw related to the flash.system.Security.allowDomain("*") functionality. Based on the limited information available, it appears that the software did not properly restrict domains allowing a remote attacker to set arbitrary variables. This may allow a remote attacker to conduct a variety of attacks.

[CLOSE] OSVDB ID : 88839 - Disclosed: 2012-12-30

Description:

charybdis contains a flaw in the CAPAB module that may allow a remote denial of service. The issue is triggered when the server improperly assumes capability in negotiation handshakes. With a specially crafted request, a remote attacker can cause a loss of availability for the server.

[CLOSE] OSVDB ID : 88838 - Disclosed: 2012-12-30

Description:

ShadowIRCd contains a flaw in the CAPAB module that may allow a remote denial of service. The issue is triggered when the server improperly assumes capability in negotiation handshakes. With a specially crafted request, a remote attacker can cause a loss of availability for the server.

[CLOSE] OSVDB ID : 89099 - Disclosed: 2012-12-30

Description:

Zoom Player contains a flaw that is triggered when an error occurs during the handling of a specially crafted JPG files. This may allow a context-dependent attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 90890 - Disclosed: 2012-12-30

Description:

MediaWiki contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when unblocking a user via an API call. This may allow a remote attacker to gain access to sensitive password hashes and other arbitrary information.

[CLOSE] OSVDB ID : 88774 - Disclosed: 2012-12-30

Description:

Microsoft Internet Explorer contains a user-after-free error when handling CDoc objects, which contain a CDwnBindInfo object. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 92584 - Disclosed: 2012-12-30

Description:

Linux Kernel contains a flaw on a system built with CIFS(CONFIG_CIFS) that may allow a local denial of service. The issue is due to an error in the network file system support that is triggered during the handling of a specially crafted reconnection attempt, which will result in a NULL pointer dereference. This may allow a local attacker to crash the system.

[CLOSE] OSVDB ID : 88827 - Disclosed: 2012-12-30

Description:

MoinMoin contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to anywikidraw.py not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow a remote attacker to upload a file and overwrite an arbitrary file.

[CLOSE] OSVDB ID : 88825 - Disclosed: 2012-12-30

Description:

MoinMoin contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to twikidraw.py not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow a remote attacker to upload a file and overwrite an arbitrary file.

[CLOSE] OSVDB ID : 88829 - Disclosed: 2012-12-30

Description:

NextGEN Public Uploader Plugin for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the /wp-content/plugins/nextgen-public-uploader/nextgen-public-uploader.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 88852 - Disclosed: 2012-12-30

Description:

MoinMoin contains a flaw when escaping user or admin CSS URLs with an unspecified impact. No further details are currently available.

[CLOSE] OSVDB ID : 88855 - Disclosed: 2012-12-30

Description:

MoinMoin contains an unspecified flaw that may lead to a timing attack. No further details are currently available.

[CLOSE] OSVDB ID : 88854 - Disclosed: 2012-12-30

Description:

Xerte Online Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/xerte-online/xertefiles/save.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server.

[CLOSE] OSVDB ID : 88853 - Disclosed: 2012-12-30

Description:

ReFlex Gallery Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the /wp-content/plugins/reflex-gallery/admin/scripts/FileUploader/php.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server.

[CLOSE] OSVDB ID : 92871 - Disclosed: 2012-12-30

Description:

Linux Kernel contains a flaw in the smb_send_rqst function in fs/cifs/transport.c that may allow a local denial of service. This issue is triggered during the handling of a reconnection event, which can result in a NULL pointer dereference. This may allow a local attacker to crash the system.

[CLOSE] OSVDB ID : 88826 - Disclosed: 2012-12-29

Description:

MoinMoin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'page_name' parameter upon submission to the rsslink() function in theme/__init__.py. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88828 - Disclosed: 2012-12-29

Description:

MoinMoin contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to _do_attachment_move in action/AttachFile.py not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) during the handling of filenames. This directory traversal attack would allow a remote attacker to have an overwrite arbitrary files.

[CLOSE] OSVDB ID : 88851 - Disclosed: 2012-12-29

Description:

WP Photo Album Plus Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'wppa-searchstring' parameter upon submission to the wp-photo-album-plus.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90766 - Disclosed: 2012-12-29

Description:

Multiple RocketThemes for WordPress contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'aboutlink' parameter upon submission to jwplayer.swf. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90768 - Disclosed: 2012-12-29

Description:

Multiple RocketThemes for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for the index.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 90767 - Disclosed: 2012-12-29

Description:

Multiple RocketThemes for WordPress contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when an attacker sends a direct request for the error_log script.

[CLOSE] OSVDB ID : 88824 - Disclosed: 2012-12-29

Description:

Ubiquiti AirOS contains a flaw that is triggered when input passed via the 'essid' parameter is not properly sanitized before being used in the test.cgi script. This may allow a remote attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 90765 - Disclosed: 2012-12-29

Description:

Multiple RocketThemes for WordPress contains a flaw that is triggered when input passed via the 'aboutlink', 'config', and 'image' parameters are not properly sanitized before being used by jwplayer.swf. This may allow a remote attacker to inject arbitrary flash content.

[CLOSE] OSVDB ID : 93125 - Disclosed: 2012-12-29

Description:

SoftBank Online Service Gate contains a flaw in OWA Helper and OSG Lite that may lead to an unauthorized disclosure of sensitive information. This issue is due to the program transmitting information in cleartext. This may allow a user to gain access to their own password information, even if Office 365 is currently restricting knowledge of the password to a system administrator.

[CLOSE] OSVDB ID : 88830 - Disclosed: 2012-12-28

Description:

SonicWALL Email Security System contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate Exception Handling field when a system command has failed. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88845 - Disclosed: 2012-12-28

Description:

IBM SPSS contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when an unspecified error occurs during the handling of an XML document. This may allow a context-dependent attacker to gain access to potentially sensitive information or cause a denial of service.

[CLOSE] OSVDB ID : 88866 - Disclosed: 2012-12-28

Description:

GnuPG contains a flaw that is triggered when a segfault occurs during the importing of an invalid key in pubring.gpg. This will cause the keychain to become corrupt, which will prevent the user from encrypting or decrypting anything with the keychain. Note that GnuPG will not provide a warning about a malformed key.

[CLOSE] OSVDB ID : 92959 - Disclosed: 2012-12-28

Description:

OneCMS contains a flaw in Timthumb that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the thumbnail.php script not properly sanitizing user input supplied to the 'src' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 88823 - Disclosed: 2012-12-28

Description:

Aclassif Component for Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88822 - Disclosed: 2012-12-28

Description:

TwentyTen Theme for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the /wordpress/wp-content/themes/twentyten/loop.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file with multiple file extensions (e.g. myfile.php.gif), the upload will bypass the sanity check restricting file uploads. Once uploaded, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server.

[CLOSE] OSVDB ID : 88821 - Disclosed: 2012-12-28

Description:

CubeCart contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due the program insecurely backing up the configuration file based on the year, month, day, hour, and minute of when the backup was created. This may allow a remote attacker to gain access to configuration file information via a brute force attack.

[CLOSE] OSVDB ID : 88865 - Disclosed: 2012-12-28

Description:

GnuPG contains an unspecified flaw that may cause a memory access violation. No further details are currently available.

[CLOSE] OSVDB ID : 89553 - Disclosed: 2012-12-28

Description:

Microsoft IE contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is triggered when handling a UNC share pathname in the SRC attribute of a SCRIPT element. This may allow a remote attacker to view sensitive information pretaining to the existence of files or read arbitrary data from files.

[CLOSE] OSVDB ID : 92960 - Disclosed: 2012-12-28

Description:

OneCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admin/admin.php script not properly sanitizing user-supplied input to the 'username' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88931 - Disclosed: 2012-12-27

Description:

GetSimple CMS contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the admin/settings.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'lang' parameter. This directory traversal attack would allow a remote attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 88758 - Disclosed: 2012-12-27

Description:

PHP contains a flaw related to the uniqid() function. The issue is due to the function not sufficiently generating entropy. When entropy is generated without any options, the effective size is only 10 bits. Using the 'more_entropy' options expands it to 29 bits, but this is still considered very poor by most standards.