[CLOSE] OSVDB ID : 71494 - Disclosed: 2011-04-01

Description:

IBM solidDB contains a flaw related to the solid.exe process failing to verify password hash lengths properly. This may allow a remote attacker to specify the password hash length, allowing them to bypass authentication via a crafted request which contains the first few bytes of the password hash.

[CLOSE] OSVDB ID : 71883 - Disclosed: 2011-03-31

Description:

(Description Provided by CVE) : tmux 1.3 and 1.4 does not properly drop group privileges, which allows local users to gain utmp group privileges via a filename to the -S command-line option.

[CLOSE] OSVDB ID : 72300 - Disclosed: 2011-03-31

Description:

WebSphere contains a flaw related to the Application Server on z/OS. The issue is triggered when incorrect permissions are set, which may grant users unintended access to WebSphere applications.

[CLOSE] OSVDB ID : 71468 - Disclosed: 2011-03-31

Description:

IBM WEBi contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71585 - Disclosed: 2011-03-30

Description:

HP Network Node Manager i (NNMi) contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an unspecified condition occurs, which will disclose unspecified information to a remote attacker.

[CLOSE] OSVDB ID : 72289 - Disclosed: 2011-03-30

Description:

Cisco ACS contains a flaw related to the web interface. The issue is triggered when a remote attacker uses a malformed URL to change any user password to an arbitrary value. This may allow an attacker to reset any user password.

[CLOSE] OSVDB ID : 72186 - Disclosed: 2011-03-30

Description:

Cyrus IMAP Server contains a flaw related to the TLS implementation failing to properly clear transport layer buffers when changing from plaintext to ciphertext upon receipt of the 'STARTTLS' command. This may allow a remote attacker to inject arbitrary plaintext data which will be executed upon transition to ciphertext.

[CLOSE] OSVDB ID : 71426 - Disclosed: 2011-03-29

Description:

HP Operations for UNIX contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71427 - Disclosed: 2011-03-29

Description:

HP Operations for UNIX contains an unspecified flaw that may allow an attacker to bypass access restrictions. No further details have been provided.

[CLOSE] OSVDB ID : 71783 - Disclosed: 2011-03-29

Description:

(Description Provided by CVE) : VMware vmrun, as used in VIX API 1.x before 1.10.3 and VMware Workstation 6.5.x and 7.x before 7.1.4 build 385536 on Linux, might allow local users to gain privileges via a Trojan horse shared library in an unspecified directory.

[CLOSE] OSVDB ID : 72551 - Disclosed: 2011-03-28

Description:

(Description Provided by CVE) : GNOME Display Manager (gdm) 2.x before 2.32.1 allows local users to change the ownership of arbitrary files via a symlink attack on a (1) dmrc or (2) face icon file under /var/cache/gdm/.

[CLOSE] OSVDB ID : 71353 - Disclosed: 2011-03-28

Description:

HP Diagnostics contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71287 - Disclosed: 2011-03-27

Description:

Andys PHP Knowledgebase Project contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the plugins/pdfClasses/pdfgen.php not properly sanitizing user-supplied input to the 'pdfa' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71281 - Disclosed: 2011-03-25

Description:

Picasa is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 72267 - Disclosed: 2011-03-25

Description:

Google Chrome contains an array-indexing error condition in the 'ToUpper' and 'ToLower' functions [ui/base/l10n/l10n_util.cc]. The issue is triggered as user-supplied input containing embedded NULLs is not properly handled when selecting and right-clicking text. With a specially crafted web page, a context-dependent attacker can cause data to be written outside the bounds of an array, resulting in the browser crashing and potentially allowing code execution.

[CLOSE] OSVDB ID : 72262 - Disclosed: 2011-03-25

Description:

WebKit contains a stale pointer flaw in the SVG component. The issue is triggered as SVGHKernElement::insertedIntoDocument [Source/WebCore/svg/SVGHKernElement.cpp] and SVGVKernElement::insertedIntoDocument [Source/WebCore/svg/SVGVKernElement.cpp] do not call SVGElement::insertedIntoDocument, resulting in descendants of these elements not being informed of insertion and removal from the DOM. With a specially crafted web page, a context-dependent attacker can dereference incorrect memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 71685 - Disclosed: 2011-03-25

Description:

(Description Provided by CVE) : EMC Data Protection Advisor Collector 5.7 and 5.7.1 on Solaris SPARC platforms uses weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.

[CLOSE] OSVDB ID : 72266 - Disclosed: 2011-03-25

Description:

Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when by an unspecified issue in the Frame Loader, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 72265 - Disclosed: 2011-03-25

Description:

Chrome contains a flaw that may allow a remote denial of service. The issue is triggered by an unspecified HTMLCollection issue, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 72264 - Disclosed: 2011-03-25

Description:

Chrome contains a flaw that may allow a remote denial of service. The issue is triggered by malformed CSS token sequences, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 72263 - Disclosed: 2011-03-25

Description:

Chrome contains a flaw that may allow a remote denial of service. The issue is triggered by broken node parentage, and will result in loss of availability for the application.

[CLOSE] OSVDB ID : 71277 - Disclosed: 2011-03-23

Description:

VLC Media Player is prone to an overflow condition. libdirectx_plugin.dll fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted width in an AMV file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 71278 - Disclosed: 2011-03-23

Description:

VLC Media Player is prone to an overflow condition. libdirectx_plugin.dll fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted width in an NSV file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 71876 - Disclosed: 2011-03-23

Description:

KDE Konqueror contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the URL when it is displayed via the error page upon submission to the 'HTMLPart::htmlError()' function in 'khtml/khtml_part.cpp'. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 72302 - Disclosed: 2011-03-23

Description:

A memory corruption flaw exists in t1lib. The font handling function fails to sanitize user-supplied input using Type 1 fonts resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 73600 - Disclosed: 2011-03-23

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in component handlers in the javatemplates (aka Java Templates) plugin in Apache Struts 2.x before 2.2.3 allow remote attackers to inject arbitrary web script or HTML via an arbitrary parameter value to a .action URI, related to improper handling of value attributes in (1) FileHandler.java, (2) HiddenHandler.java, (3) PasswordHandler.java, (4) RadioHandler.java, (5) ResetHandler.java, (6) SelectHandler.java, (7) SubmitHandler.java, and (8) TextFieldHandler.java.

[CLOSE] OSVDB ID : 76075 - Disclosed: 2011-03-23

Description:

(Description Provided by CVE) : The Fibre Channel driver for QLogic adapters in IBM AIX 6.1 and 7.1 does not properly handle DMA resource limitations, which allows local users to cause a denial of service (system hang) via vectors that generate a large amount of DMA I/O, related to a deadlock in timer processing across CPUs.

[CLOSE] OSVDB ID : 71279 - Disclosed: 2011-03-22

Description:

Loggerhead contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input related to the filename is in loggerhead/templatefunctions.py script before being displayed in revision view filenames. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 74630 - Disclosed: 2011-03-22

Description:

(Description Provided by CVE) : The default configuration of the shell_escape_commands directive in conf/texmf.d/95NonPath.cnf in the tex-common package before 2.08.1 in Debian GNU/Linux squeeze, Ubuntu 10.10 and 10.04 LTS, and possibly other operating systems lists certain programs, which might allow remote attackers to execute arbitrary code via a crafted TeX document.

[CLOSE] OSVDB ID : 71259 - Disclosed: 2011-03-22

Description:

Quagga contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL-pointer dereference error occurs, allowing a remote attacker to use crafted extended community attributes to crash the 'bgpd' daemon, resulting in a loss of availability.

[CLOSE] OSVDB ID : 71258 - Disclosed: 2011-03-22

Description:

Quagga contains a flaw that may allow a remote denial of service. The issue is triggered when the AS path limit/TTL functionality encounters an error when parsing some specific AS_PATHLIMIT attributes, allowing a remote attacker to use crafted AS_PATHLIMIT attributes to reset BGP sessions, resulting in a loss of availability.

[CLOSE] OSVDB ID : 71261 - Disclosed: 2011-03-22

Description:

Symantec LiveUpdate Administrator contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the execution of arbitrary commands, creation of administrative users, or insertion of scripts. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 72827 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : Multiple integer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via crafted (1) On_FC_MISC_FCS_MSGBROADCAST and (2) On_FC_MISC_FCS_MSGSEND packets, which trigger a heap-based buffer overflow.

[CLOSE] OSVDB ID : 72834 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : Ecava IntegraXor HMI before n 3.60 (Build 4032) allows remote attackers to bypass authentication and execute arbitrary SQL statements via unspecified vectors related to a crafted POST request. NOTE: some sources have reported this issue as SQL injection, but this might not be accurate.

[CLOSE] OSVDB ID : 72354 - Disclosed: 2011-03-21

Description:

IGSS contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to IGSSdataServer.exe not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 0xd opcode. This directory traversal attack would allow the attacker to manipulate arbitrary files.

[CLOSE] OSVDB ID : 73222 - Disclosed: 2011-03-21

Description:

(Description Provided by CVE) : HP Discovery & Dependency Mapping Inventory (DDMI) 7.50, 7.51, 7.60, 7.61, 7.70, and 9.30 launches the Windows SNMP service with its default configuration, which allows remote attackers to obtain potentially sensitive information or have unspecified other impact by leveraging the public read community.

[CLOSE] OSVDB ID : 72353 - Disclosed: 2011-03-21

Description:

IGSS is prone to an overflow condition. IGSSdataServer.exe fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 72352 - Disclosed: 2011-03-21

Description:

IGSS is prone to an overflow condition. IGSSdataServer.exe fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 72351 - Disclosed: 2011-03-21

Description:

A format string flaw exists in IGSS. IGSSdataServer.exe fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a remote attacker can crash the service or possibly execute arbitrary code.

[CLOSE] OSVDB ID : 72350 - Disclosed: 2011-03-21

Description:

IGSS is prone to an overflow condition. IGSSdataServer fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted STDREP request, a remote attacker can potentially cause arbitrary code execution.