[CLOSE] OSVDB ID : 79685 - Disclosed: 2012-02-29

Description:

Hitachi JP1/Cm2/Network Node Manager contains multiple flaws that may allow an attacker to possibly execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79693 - Disclosed: 2012-02-29

Description:

Cisco Cius contains a flaw that may allow a remote denial of service. The issue is triggered when handling malformed packets which causes the device to stop responding resulting in a loss of availability.

[CLOSE] OSVDB ID : 79696 - Disclosed: 2012-02-29

Description:

Submenu Tree Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input when editing menus before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79680 - Disclosed: 2012-02-29

Description:

Traidnt Topics Viewer contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the main.php script does not require multiple steps or explicit confirmation for sensitive transactions for the addition of administrator users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 79681 - Disclosed: 2012-02-29

Description:

file libmagic contains a flaw that may allow a remote denial of service. The issue is triggered by an error when handling malformed CDF files, and will result in loss of availability for the program.

[CLOSE] OSVDB ID : 79682 - Disclosed: 2012-02-29

Description:

Taxonomy Views Integrator Module for Drupal contains a flaw related to viewing pages that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79683 - Disclosed: 2012-02-29

Description:

The Hierarchical Select Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate help text upon submission to vocabularies. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79684 - Disclosed: 2012-02-29

Description:

The MediaFront Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '$_SESSION' and '$_SERVER' variables upon submission to the MediaFront module. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79686 - Disclosed: 2012-02-29

Description:

Hitachi JP1/Cm2/Network Node Manager contains a flaw that may allow a remote denial of service. The issue is triggered due to multiple unspecified issues. No further details have been provided.

[CLOSE] OSVDB ID : 79706 - Disclosed: 2012-02-29

Description:

Cisco Unified Communications Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the application not properly sanitizing user-supplied input to Skinny Client Control Protocol (SCCP) messages. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79709 - Disclosed: 2012-02-29

Description:

Cisco Unity Connection (UC) contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to a flaw within the assignment and validation of privileges which may allow a remote attacker to change the administrator password.

[CLOSE] OSVDB ID : 79721 - Disclosed: 2012-02-29

Description:

Kingsoft Antivirus contains a flaw that may allow a local denial of service. The issue is due to an unspecified error within the 'knetwch.sys' device driver and the handling of device-specific operations, resulting in a loss of availability for the program.

[CLOSE] OSVDB ID : 79710 - Disclosed: 2012-02-29

Description:

Cisco Unity Connection contains a flaw that may allow a remote denial of service. The issue is triggered when sending TCP segments with an arbitrary size, and will result in loss of availability for certain system services.

[CLOSE] OSVDB ID : 79716 - Disclosed: 2012-02-29

Description:

NetEase CloudAlbum for Android contains an unspecified flaw that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 79740 - Disclosed: 2012-02-29

Description:

BrewBlogger contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the index.php script does not properly verify or sanitize user-uploaded files. By uploading a file of an unspecified type, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute it.

[CLOSE] OSVDB ID : 79766 - Disclosed: 2012-02-29

Description:

The ZipCart Module for Drupal contains a flaw related to the assignment of incorrect permissions when building archives, which may allow an attacker to bypass certain access restrictions.

[CLOSE] OSVDB ID : 79741 - Disclosed: 2012-02-29

Description:

BrewBlogger contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the includes/upload_image.inc.php script does not properly verify or sanitize user-uploaded files. By uploading a file of an unspecified type, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute it.

[CLOSE] OSVDB ID : 79742 - Disclosed: 2012-02-29

Description:

BrewBlogger contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the index.php script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of administrator's passwords. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 79772 - Disclosed: 2012-02-29

Description:

The Cool Aid Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied input upon submission to certain unspecified scripts. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 80097 - Disclosed: 2012-02-29

Description:

WebCalendar contains a flaw related to the install/index.php script which may allows a remote attacker to overwrite settings.php with arbitrary data when saving a user theme preference.

[CLOSE] OSVDB ID : 89277 - Disclosed: 2012-02-29

Description:

By default, NETGEAR DGN1000 and DGND3700 routers install with default user credentials (username/password combination). The 'admin' account has a password of 'password', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access. In addition, the DGND3700 installs with a 'guest' account that has a password of 'guest'.

[CLOSE] OSVDB ID : 79658 - Disclosed: 2012-02-29

Description:

Webfolio CMS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the creation of an administrator level user or the editing of certain pages. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 79659 - Disclosed: 2012-02-29

Description:

Anchor CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'real_name' parameter upon submission to the index.php/admin/users/edit/2 script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79670 - Disclosed: 2012-02-29

Description:

ImgPals Photo Host contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the approve.php script not properly sanitizing user-supplied input to the 'u' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79695 - Disclosed: 2012-02-29

Description:

GNOME NetworkManager contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when creating new connections and specifying arbitrary file names, which may allow a local attacker to gain access to arbitrary files.

[CLOSE] OSVDB ID : 79701 - Disclosed: 2012-02-29

Description:

The Youdao Dictionary Application for Android contains an unspecified flaw that may allow an attacker to conduct an attack with unknown impact. No further details have been provided.

[CLOSE] OSVDB ID : 79713 - Disclosed: 2012-02-29

Description:

Cisco TelePresence Video Communication Server contains a flaw that may allow a remote denial of service. The issue is triggered when sending specially crafted SIP packets, which causes the server to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 79707 - Disclosed: 2012-02-29

Description:

Cisco Unified Communications Manager contains a flaw that may allow a remote denial of service. The issue is triggered when sending specially crafted Skinny Client Control Protocol (SCCP) messages, which causes the device to reload resulting in a loss of availability.

[CLOSE] OSVDB ID : 79714 - Disclosed: 2012-02-29

Description:

Cisco TelePresence Video Communication Server contains a flaw that may allow a remote denial of service. The issue is triggered when sending specially crafted SIP INVITE messages, which causes the server to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 86215 - Disclosed: 2012-02-29

Description:

WebCalendar contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '$url', '$tempfullname', and '$ext_users[]' parameters upon submission to the view_entry.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90053 - Disclosed: 2012-02-29

Description:

CHICKEN on 64-bit systems contains a flaw that is due to the randomization feature incorrectly returning a constant value multiple times. While the randomization procedure is not intended for secure entropy generation, the function may be used for it. In such cases, any routine or functionality that relies on random output may be compromised.

[CLOSE] OSVDB ID : 79657 - Disclosed: 2012-02-29

Description:

IBM Personal Communications is prone to an overflow condition. The 'pcspref.dll' library fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted WorkStation Profile file (.ws), a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 79671 - Disclosed: 2012-02-29

Description:

Drupal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error message is displayed due to an excess of database connections, which will disclose the database and username as configured in settings.php to a remote attacker.

[CLOSE] OSVDB ID : 79676 - Disclosed: 2012-02-29

Description:

The Cisco Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted URL to the administrative management interface which causes the device to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 79677 - Disclosed: 2012-02-29

Description:

The Cisco Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered when sending specially crafted IPv6 packets which cause the device to reboot resulting in a loss of availability.

[CLOSE] OSVDB ID : 79678 - Disclosed: 2012-02-29

Description:

The Cisco Wireless LAN Controller contains a flaw that may allow a remote denial of service. The issue is triggered when WebAuth is enabled and specially crafted HTTP or HTTPS packets are sent to the interface, which cause the device to reboot resulting in a loss of availability.

[CLOSE] OSVDB ID : 79679 - Disclosed: 2012-02-29

Description:

The Cisco Wireless LAN Controller contains a flaw related to the ACL functionality. The issue is triggered when CPU-based ACLs are enabled. This may allow an attacker to view or manipulate arbitrary configuration settings. No further details have been provided.

[CLOSE] OSVDB ID : 79715 - Disclosed: 2012-02-29

Description:

NetEase Weibo for Android contains an unspecified flaw that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 79656 - Disclosed: 2012-02-28

Description:

The Linux Kernel contains a flaw that may allow a local denial of service. The issue is due to the 'tomoyo_mount_acl()' function not properly validating mount requests containing a 'NULL' value. With a specially crafted mount request, a local attacker can cause a kernel panic resulting in a loss of availability.

[CLOSE] OSVDB ID : 85781 - Disclosed: 2012-02-28

Description:

Fork CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'term' parameter upon submission to the save.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.