[CLOSE] OSVDB ID : 79299 - Disclosed: 2012-02-15

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input resulting in memory corruption. With a specially crafted MP4 file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 79300 - Disclosed: 2012-02-15

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input when an error occurs during the decoding of an MP4 stream, which will result in a memory corruption. This may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 79301 - Disclosed: 2012-02-15

Description:

Adobe Flash Player contains a flaw that is triggered when an unspecified error occurs, which may allow for certain security features to be bypassed. This may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79302 - Disclosed: 2012-02-15

Description:

Adobe Flash Player contains a flaw that is triggered when an unspecified error occurs, which may allow for certain security features to be bypassed. This may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79313 - Disclosed: 2012-02-15

Description:

LEPTON CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'message' parameter upon submission to the admins/login/forgot/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79314 - Disclosed: 2012-02-15

Description:

LEPTON CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'display_name' and 'email' parameters upon submission to the account/preferences.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79320 - Disclosed: 2012-02-15

Description:

devscripts contains a flaw related to the debdiff.pl script. The issue is due to the debdiff.pl script not properly sanitizing user-supplied input when handling filenames within source packages. With specially crafted source packages, a context-dependent attacker may execute arbitrary code.

[CLOSE] OSVDB ID : 79336 - Disclosed: 2012-02-15

Description:

The Organic Groups Vocabulary Module for Drupal contains a flaw related to the access to vocabularies. The issue is due to the module not providing access restrictions, which may allow a remote attacker to access vocabularies of other groups.

[CLOSE] OSVDB ID : 79768 - Disclosed: 2012-02-15

Description:

systemd contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to the systemd-logind component creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against a X11 session file (/run/user/<username>/X11/display) file to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 80343 - Disclosed: 2012-02-15

Description:

IBM DB2 contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to the nodes.reg DB2 file installing with default word-writable permissions, which may allows a local attacker to manipulate the file, with an unspecified impact.

[CLOSE] OSVDB ID : 87274 - Disclosed: 2012-02-15

Description:

The Yelp application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Yelp server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Yelp for unknown purposes.

[CLOSE] OSVDB ID : 79275 - Disclosed: 2012-02-15

Description:

cformsII Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'rs parameter upon submission to the wp-content/plugins/cforms/lib_ajax.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79282 - Disclosed: 2012-02-15

Description:

Zimbra Collaboration Suite contains multiple unspecified flaws that may allow an attacker to perform actions with an unknown impact. No further details have been provided.

[CLOSE] OSVDB ID : 79297 - Disclosed: 2012-02-15

Description:

A memory corruption flaw exists in Adobe Flash Player. The program fails to sanitize user-supplied input when an unspecified error occurs in an ActiveX control, which will result in a memory corruption. This may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 79307 - Disclosed: 2012-02-15

Description:

11in1 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of an administrator's password. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 79310 - Disclosed: 2012-02-15

Description:

Citrix XenServer contains multiple unspecified flaws related to the web self service management web interface that may allow an attacker to conduct an attack with an unknown impact. No further details have been provided.

[CLOSE] OSVDB ID : 79318 - Disclosed: 2012-02-15

Description:

Multiple switch series running the Cisco Nexus Operating System (NX-OS) contain a flaw that may allow a remote denial of service. The issue is due to an error within the IP stack processing when obtaining layer 4 (UDP or TCP) information, and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 79292 - Disclosed: 2012-02-15

Description:

(Description Provided by CVE) : Google Chrome before 17.0.963.56 allows remote attackers to cause a denial of service (application crash) via an empty X.509 certificate.

[CLOSE] OSVDB ID : 79294 - Disclosed: 2012-02-15

Description:

libpng contains an overflow condition in the png_decompress_chunk() function in pngrutil.c. The issue is triggered as user-supplied input is not properly sanitized when decompressing chunks, which will result in an integer overflow. This may allow a remote attacker to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 79308 - Disclosed: 2012-02-15

Description:

11in1 contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the admin/index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'class' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 79312 - Disclosed: 2012-02-15

Description:

LEPTON CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /modules/news/rss.php script not properly sanitizing user-supplied input to the 'group_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79350 - Disclosed: 2012-02-15

Description:

mbank-cli contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the application creates files with insecure permissions, which will disclose sensitive information to a local attacker.

[CLOSE] OSVDB ID : 79669 - Disclosed: 2012-02-15

Description:

The Linux Kernel contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to an error of iproute when checking for setns() system call support creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against the temporary file to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 80202 - Disclosed: 2012-02-15

Description:

GOM Media Player contains an unspecified flaw related to the handling of AVI files. With a specially crafted AVI file, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 84056 - Disclosed: 2012-02-15

Description:

F*EX (Frams' Fast File EXchange) contains an unspecified flaw that is triggered when an error occurs in MIME-type during the handling of text and html. No further details have been provided.

[CLOSE] OSVDB ID : 87517 - Disclosed: 2012-02-15

Description:

The Facebook application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Facebook server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Facebook for unknown purposes.

[CLOSE] OSVDB ID : 87516 - Disclosed: 2012-02-15

Description:

The Instagram application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Instagram server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Instagram for unknown purposes.

[CLOSE] OSVDB ID : 87515 - Disclosed: 2012-02-15

Description:

The Foursquare application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Foursquare server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Foursquare for unknown purposes.

[CLOSE] OSVDB ID : 87514 - Disclosed: 2012-02-15

Description:

The Foodspotting application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Foodspotting server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Foodspotting for unknown purposes.

[CLOSE] OSVDB ID : 87513 - Disclosed: 2012-02-15

Description:

The Gowalla application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Gowalla server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Gowalla for unknown purposes.

[CLOSE] OSVDB ID : 79225 - Disclosed: 2012-02-15

Description:

A memory corruption flaw exists in Oracle Java SE's 2D component. The 'nTblSize' variable within the cmm.dll library fails to sanitize user-supplied input when parsing the A-to-B curve data multi-function resulting in memory corruption. With a specially crafted request, a remote attacker can cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 79239 - Disclosed: 2012-02-15

Description:

Adobe Shockwave Player contains a memory corruption flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is due to the block_cout function not handling user-supplied input. No further details have been provided.

[CLOSE] OSVDB ID : 79268 - Disclosed: 2012-02-15

Description:

A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input when accessing a deleted object during the handling of VML files resulting in memory corruption. This may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 79283 - Disclosed: 2012-02-15

Description:

Google Chrome contains integer overflow conditions in the PDF viewer related to "Flate/LZW/Fax prediction codes and other parameters". With a specially crafted PDF file, a context-dependent attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 79311 - Disclosed: 2012-02-15

Description:

LEPTON CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the account/preferences.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 79285 - Disclosed: 2012-02-15

Description:

Google Chrome contains a race condition in DatabaseObserver.cpp, IDBFactoryBackendProxy.cpp, and WebWorkerClientImpl.cpp, when a worker accesses WebDatabase and the frame is closing down. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 79287 - Disclosed: 2012-02-15

Description:

FFmpeg contains an unspecified overflow condition in the 'matroska_parse_block' function in libavformat/matroskadec.c. With a specially crafted MKV file, a context-dependent attacker can cause a heap-based buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 87511 - Disclosed: 2012-02-15

Description:

The Path application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Path server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Path for unknown purposes.

[CLOSE] OSVDB ID : 87512 - Disclosed: 2012-02-15

Description:

The Twitter application for iPhone contains a flaw that may result in personal information disclosure. Upon installation, the application will send the user's complete iPhone contact addressbook to a remote Twitter server. This may allow a remote attacker with access to network traffic to sniff the data. Further, the information is disclosed to Twitter for unknown purposes.

[CLOSE] OSVDB ID : 79259 - Disclosed: 2012-02-14

Description:

Microsoft Windows is prone to an overflow condition. The msvcrt.dll file in the C Run-Time Library fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted media file, a context-dependent attacker can potentially execute arbitrary code.