[CLOSE] OSVDB ID : 70809 - Disclosed: 2011-02-04

Description:

Apache Tomcat contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs due to the 'maxHttpHeaderSize' limit failing to be enforced in the 'NIO HTTP connector', which may be exploited with a crafted web request to cause a denial of service due to an 'OutOfMemory' error.

[CLOSE] OSVDB ID : 70985 - Disclosed: 2011-02-04

Description:

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle a missing key in an extension, allowing a context-dependent attacker to use a crafted extension to crash the browser.

[CLOSE] OSVDB ID : 70983 - Disclosed: 2011-02-04

Description:

Google Chrome contains a flaw that is triggered when attempting to play audio with the volume set to "undefined". With a specially crafted web page, a context-dependent attacker can crash the browser.

[CLOSE] OSVDB ID : 71227 - Disclosed: 2011-02-04

Description:

IBM Rational Team Concert contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via report names before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70788 - Disclosed: 2011-02-03

Description:

Multiple BMC Products are prone to an overflow condition. The BMC Patrol Agent service fails to properly sanitize user-supplied input when processing certain 'BGS_MULTIPLE_READS' commands resulting in a stack-based buffer overflow. With a specially crafted request to TCP port 6768, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 71087 - Disclosed: 2011-02-03

Description:

Majordomo 2 contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the '_list_file_get()' function, lib/Majordomo.pm, not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) when handling files. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 70753 - Disclosed: 2011-02-02

Description:

Plone contains an unspecified flaw that may allow a remote attacker to gain administrative privileges and modify the site. No further details have been provided.

[CLOSE] OSVDB ID : 72552 - Disclosed: 2011-02-01

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in TIBCO Rendezvous 8.2.1 through 8.3.0, Enterprise Message Service (EMS) 5.1.0 through 6.0.0, Runtime Agent (TRA) 5.6.2 through 5.7.0, Silver BPM Service before 1.0.4, Silver CAP Service vebefore 1.0.2, and Silver BusinessWorks Service 1.0.0, when running on Unix systems, allow local users to gain root privileges via unknown vectors related to SUID and (1) Rendezvous Routing Daemon (rvrd), (2) Rendezvous Secure Daemon (rvsd), (3) Rendezvous Secure Routing Daemon (rvsrd), and (4) EMS Server (tibemsd).

[CLOSE] OSVDB ID : 70770 - Disclosed: 2011-02-01

Description:

MediaWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input passed via CSS Comments before it is displayed to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70798 - Disclosed: 2011-02-01

Description:

MediaWiki contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'languages/Language.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'Language::factory' function. This may allow an attacker to include a PHP file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 70799 - Disclosed: 2011-02-01

Description:

MediaWiki contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/StubObject.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'Language::factory' function. This may allow an attacker to include a PHP file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 70754 - Disclosed: 2011-01-31

Description:

HP OpenView Performance Insight contains a flaw related to a hidden account within the 'com.trinagy.security.XMLUserManager' Java class. This may allow a remote attacker access to the 'com.trinagy.servlet.HelpManagerServlet' class, where they gain acess to the 'doPost()' method, which they may use to upload arbitrary files and execute arbitrary code.

[CLOSE] OSVDB ID : 70755 - Disclosed: 2011-01-31

Description:

Symantec IM Manager contains a flaw related to the 'ScheduleTask()' function in 'IMAdminSchedTask.asp'. The function does not properly sanitise certain input before using it in an 'Eval()' call. This may allow a context-dependent attacker who tricks an administrator into visiting a crafted link to execute arbitrary ASP code.

[CLOSE] OSVDB ID : 70740 - Disclosed: 2011-01-31

Description:

PostgreSQL is prone to an overflow condition. The 'gettoken' function in 'contrib/intarray/_int_bool.c' in the intarray array module fails to properly sanitize user-supplied input resulting in a buffer overflow. With specially crafted integers with large numbers of digits to unspecified functions, a remote authenticated attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70763 - Disclosed: 2011-01-30

Description:

IBM Rational Build Forge contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'bf_session' and 'PHPSESSID' cookies, and the 'mod', 'type', 'count', 'offset' and 'filter' parameters upon submission to the 'fullcontrol/' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73463 - Disclosed: 2011-01-28

Description:

(Description Provided by CVE) : Buffer overflow in the mainloop function in nbd-server.c in the server in Network Block Device (nbd) before 2.9.20 might allow remote attackers to execute arbitrary code via a long request. NOTE: this issue exists because of a CVE-2005-3534 regression.

[CLOSE] OSVDB ID : 70693 - Disclosed: 2011-01-28

Description:

Microsoft Windows contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the MHTML protocol handler does not properly interpret MIME-formatted requests for content blocks. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70734 - Disclosed: 2011-01-28

Description:

Apache CouchDB contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70686 - Disclosed: 2011-01-27

Description:

EMC NetWorker contains a flaw related to the RPC library 'librpc.dll' located within the 'nsrexecd' daemon. This may be exploited by a remote attacker using spoofed UDP packets to bypass access restrictions and execute certain service commands.

[CLOSE] OSVDB ID : 70682 - Disclosed: 2011-01-27

Description:

RealPlayer is prone to an overflow condition. The 'vidplin.dll 'module fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted AVI file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70712 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to an overflow condition. The suite tool, oowriter, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted RTF document which triggers an out-of-bounds memory read, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70713 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to an overflow condition. The suite tool, oowriter, fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted RTF file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70714 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to an overflow condition. The WW8ListManager::WW8ListManager function in oowriter fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted .DOC file containing certain WW8 data which triggers an out-of-bounds write, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70715 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to an overflow condition. The 'WW8DopTypography::ReadFromMem' function in oowriter fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With specially crafted typography information in a crafted .DOC file which triggers an out-of-bound write, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70694 - Disclosed: 2011-01-26

Description:

Novell ZENworks Handheld Management is prone to an overflow condition. The 'ZfHIPCnd.exe 'Access Point process fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted request to TCP port 2400, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70680 - Disclosed: 2011-01-26

Description:

ISC DHCP contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs while processing a previously declined address's DHCPv6 messages, which may be exploited to cause an assertion failure denial of service.

[CLOSE] OSVDB ID : 70711 - Disclosed: 2011-01-26

Description:

OpenOffice.org contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via an XSLT JAR filter description file, an Extension (.oxt) file, or possibly other JAR or ZIP files. This directory traversal attack would allow the attacker to overwrite arbitrary files.

[CLOSE] OSVDB ID : 70716 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to a flaw in the way it handles a a zero-length directory name in the LD_LIBRARY_PATH. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 70717 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to an overflow condition. The Impress component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted PNG file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70718 - Disclosed: 2011-01-26

Description:

OpenOffice.org is prone to an overflow condition. The Impress component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted TGA file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 75041 - Disclosed: 2011-01-26

Description:

(Description Provided by CVE) : Intel Alert Management System (aka AMS or AMS2), as used in Symantec Antivirus Corporate Edition (SAVCE) 10.x before 10.1 MR10, Symantec System Center (SSC) 10.x, and Symantec Quarantine Server 3.5 and 3.6, allows remote attackers to execute arbitrary commands via crafted messages over TCP, as discovered by Junaid Bohio, a different vulnerability than CVE-2010-0110 and CVE-2010-0111. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 70676 - Disclosed: 2011-01-25

Description:

Novell GroupWise Internet Agent is prone to an overflow condition. The 'gwwww1.dll' module fails to properly sanitize user-supplied input when parsing an email message's VCALENDAR data, resulting in a buffer overflow. With a specially crafted string greater than 65535 bytes sent to the TZID variable, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70667 - Disclosed: 2011-01-25

Description:

Mail Gem for Ruby contains a flaw related to the failure to properly sanitise input passed from an email from address in the 'deliver()' function in 'lib/mail/network/delivery_methods/sendmail.rb' before being used as a command line argument. This may allow a remote attacker to inject arbitrary shell commands.

[CLOSE] OSVDB ID : 70696 - Disclosed: 2011-01-25

Description:

Exim contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the 'open_log()' function in 'log.c' fails to properly check the return values of the 'setuid()' and 'setgid()' functions, allowing a local attacker to use symlink attacks to cause root to append log data to arbitrary files, resulting in the attacker gaining root privileges.

[CLOSE] OSVDB ID : 70699 - Disclosed: 2011-01-24

Description:

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not properly handle whitespace preceding javascript: or data: URI, allowing a remote attacker to conduct an XSS attack via the URL (bug_file_loc) field. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70700 - Disclosed: 2011-01-24

Description:

Bugzilla contains a flaw related to the generating of random values for cookies and tokens. This may allow a remote attacker to obtain access to arbitrary accounts via a vector related to insufficiently random calls to the srand function.

[CLOSE] OSVDB ID : 70703 - Disclosed: 2011-01-24

Description:

Bugzilla contains a flaw related to 'chart.cgi'. This may allow a remote attacker to conduct HTTP response splitting attacks via the query string and inject arbitrary HTTP headers.

[CLOSE] OSVDB ID : 70704 - Disclosed: 2011-01-24

Description:

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application creates a clickable link for javascript: or data: URI in the 'bug_file_loc' URL field, which is not santised before being returned to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70657 - Disclosed: 2011-01-24

Description:

HP OpenView Storage Data Protector contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error occurs, and will result in loss of availability.

[CLOSE] OSVDB ID : 70701 - Disclosed: 2011-01-24

Description:

Bugzilla contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'real name' field of a user account before returning it to the user when using the YUI AutoComplete widget, which renders textual data as HTML markup. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.