[CLOSE] OSVDB ID : 78366 - Disclosed: 2012-01-18

Description:

Quick Tabs Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input when creating or editing tabbed content before returning it to the uesr. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78367 - Disclosed: 2012-01-18

Description:

Panels contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the title field when creating customized layouts. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78322 - Disclosed: 2012-01-18

Description:

By default, Cisco TelePresence System installs with a default password. The root account, which is not properly disabled when an admin attempts to deactivate it, has a password which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 78413 - Disclosed: 2012-01-18

Description:

Oracle Virtual Desktop Infrastructure contains a flaw related to the Session component that may allow a remote attacker to manipulate certain unspecified data and gain unauthorized access to certain unspecified information. No further details have been provided.

[CLOSE] OSVDB ID : 78477 - Disclosed: 2012-01-18

Description:

Horde IMP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied input via IMAP mailbox names. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78608 - Disclosed: 2012-01-18

Description:

Adobe Reader for Linux is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. This may allow an attacker to potentially execute arbitrary code or cause a denial of service.

[CLOSE] OSVDB ID : 82526 - Disclosed: 2012-01-18

Description:

PhpBridges contains a flaw related to the blog system that may allow an attacker to carry out an SQL injection attack. The issue is due to the members.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 82709 - Disclosed: 2012-01-18

Description:

OneOrZero Action and Information Management System(AIMS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the PATH_INFO parameter (URL) before using it in the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 86233 - Disclosed: 2012-01-18

Description:

Mingle Forum Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the fs-admin/fs-admin.php script not properly sanitizing user-supplied input to the 'id', 'delete_usrgrp[]', 'usergroup', and 'add_forum_group_id' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78347 - Disclosed: 2012-01-18

Description:

Moodle contains a flaw in the handling of e-mail headers. The issue is due to the application not properly sanitizing user-supplied input when creating e-mail messages. With a specially crafted request, a remote attacker can potentially inject arbitrary e-mail headers.

[CLOSE] OSVDB ID : 78349 - Disclosed: 2012-01-18

Description:

Moodle contains a flaw that leads to unauthorized privileges being gained. The issue is due to an error within the course self-enrollment feature and may allow a remote attacker to gain manager privileges.

[CLOSE] OSVDB ID : 78475 - Disclosed: 2012-01-18

Description:

Horde IMP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'composeCache', 'rtemode', and 'filename_*' parameters upon submission to the compose page. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78448 - Disclosed: 2012-01-18

Description:

EasyPage EV10 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the default.aspx script not properly sanitizing user-supplied input to the 'docId' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78476 - Disclosed: 2012-01-18

Description:

Horde IMP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'formname' parameter upon submission to the Contacts pop-up window. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78573 - Disclosed: 2012-01-18

Description:

Apache Tomcat contains a flaw in the handling of parameters that may allow a remote denial of service. The issue is due to an error when handling requests containing many parameters and parameter values. With a specially crafted request, a remote attacker can cause the service to exhaust all available CPU.

[CLOSE] OSVDB ID : 78704 - Disclosed: 2012-01-18

Description:

JBoss Enterprise Web Server contains a flaw in the mod_cluster component. The issue is due to the application not properly enforcing security controls, which may allow a remote attacker to bypass access restrictions when registering worker nodes with arbitrary virtual hosts.

[CLOSE] OSVDB ID : 89733 - Disclosed: 2012-01-18

Description:

Freelance Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the show_code.php script not properly sanitizing user-supplied input to the 'code_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78353 - Disclosed: 2012-01-17

Description:

Multiple Rockwell Automation products contain a flaw in the FactoryTalk Diagnostics CE Receiver service (RNADiagReceiver.exe) that may allow a remote denial of service. The issue is triggered when receiving a datagram larger than 2000 bytes. With a specially crafted request, a remote attacker can cause the service to silently stop processing new, incoming requests.

[CLOSE] OSVDB ID : 78474 - Disclosed: 2012-01-17

Description:

Horde Groupware Webmail Edition contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the input passed to Horde_Form related to email verification before being returned to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78509 - Disclosed: 2012-01-17

Description:

Linux Kernel contains a flaw that leads to unauthorized privileges being gained. The issue is due to the mem_write function not properly validating permissions when writing to /proc/<pid>/mem and may allow a local attacker to gain privileges by modifying process memory.

[CLOSE] OSVDB ID : 78411 - Disclosed: 2012-01-17

Description:

Oracle Outside In Technology contains a flaw related to the Lotus 123 v4 Parser that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 78356 - Disclosed: 2012-01-17

Description:

XnView is prone to an overflow condition. The program fails to properly parse PSD record types resulting in a integer overflow. With a specially crafted PSD image, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 78374 - Disclosed: 2012-01-17

Description:

Oracle MySQL Server contains an unspecified flaw related to the MySQL Protocol that may allow a remote attacker to cause a loss of integrity.

[CLOSE] OSVDB ID : 78420 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the TCP/IP component is exploited, and will result in a loss of availability.

[CLOSE] OSVDB ID : 78415 - Disclosed: 2012-01-17

Description:

Oracle GlassFish Enterprise Server contains a flaw related to the Administration component that may allow a local attacker to affect confidentiality, integrity and availability. No further details have been provided.

[CLOSE] OSVDB ID : 78421 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an unspecified error in the Kerberos component is exploited, allowing a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 78422 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the Network component is exploited, and will result in a loss of availability.

[CLOSE] OSVDB ID : 78423 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified error in the Kernel component is exploited, and will result in a loss of availability.

[CLOSE] OSVDB ID : 78424 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains an unspecified flaw related to the TCP/IP component that may allow a local attacker to affect confidentiality and availability. No further details have been provided.

[CLOSE] OSVDB ID : 78425 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the sshd component is exploited, and will result in a loss of availability.

[CLOSE] OSVDB ID : 78426 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow a local information disclosure. The issue is triggered when an unspecified error in the ksh93 Shell component is exploited, and will result in a loss of confidentiality.

[CLOSE] OSVDB ID : 78427 - Disclosed: 2012-01-17

Description:

Oracle Solaris contains a flaw that may allow a local denial of service. The issue is triggered when an unspecified error in the kernel component is exploited, and will result in a loss of availability.

[CLOSE] OSVDB ID : 78433 - Disclosed: 2012-01-17

Description:

Oracle JD Edwards EnterpriseOne Tools contains a flaw related to the Enterprise Infrastructure SEC (JDENET) sub-component that may allow a remote authenticated attacker to gain unauthorized access to certain user password information via a specially crafted packet.

[CLOSE] OSVDB ID : 78435 - Disclosed: 2012-01-17

Description:

Oracle JD Edwards EnterpriseOne Tools contains a flaw related to the Enterprise Infrastructure SEC (JDENET) sub-component that is triggered during the handling of a specially crafted packet. This may allow a remote authenticated attacker to gain access to arbitrary files.

[CLOSE] OSVDB ID : 78437 - Disclosed: 2012-01-17

Description:

Oracle JD Edwards EnterpriseOne Tools contains a flaw related to the Enterprise Infrastructure SEC (JDENET) sub-component. This issue is triggered during the handling of a specially crafted request, which may allow a remote authenticated attacker to gain access to content located in the JDE.INI file.

[CLOSE] OSVDB ID : 78438 - Disclosed: 2012-01-17

Description:

Oracle JD Edwards EnterpriseOne Tools contains a flaw related to the Enterprise Infrastructure SEC (JDENET) sub-component that is triggered during the handling of message file packets. This may allow a remote authenticated attacker to overwrite arbitrary files.

[CLOSE] OSVDB ID : 78442 - Disclosed: 2012-01-17

Description:

Oracle VM VirtualBox contains a flaw related to the Windows Guest Additions component that may allow a local attacker to affect confidentiality, integrity and availability. No further details have been provided.

[CLOSE] OSVDB ID : 78471 - Disclosed: 2012-01-17

Description:

EMC SourceOne Email Management contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the web search component logging authentication information in clear text in the web server log and may disclose user credentials to a remote attacker.

[CLOSE] OSVDB ID : 78472 - Disclosed: 2012-01-17

Description:

GoLismero contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the GoLismero creating temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the software to operate on unauthorized files and overwrite arbitrary files owned by user.

[CLOSE] OSVDB ID : 79394 - Disclosed: 2012-01-17

Description:

Tiki Wiki CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.