[CLOSE] OSVDB ID : 71408 - Disclosed: 2011-02-19

Description:

Novell Netware is prone to an overflow condition. The 'xdrDecodeString()' function in XNFS.NLM fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted signed value in a NFS RPC request to UDP port 1234, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70958 - Disclosed: 2011-02-19

Description:

Ruby contains a race condition flaw that may allow a malicious local user to delete arbitrary files on the system. The issue is due to the 'FileUtils.remove_entry_secure' method creating temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 70895 - Disclosed: 2011-02-18

Description:

shadow contains multiple CRLF injection vulnerabilities related to the 'chfn' and 'chsh' utilities failing to handle newlines characters properly. This may allow a local attacker to add new groups or users to the 'etc/passwd' file via the GECOS field.

[CLOSE] OSVDB ID : 70947 - Disclosed: 2011-02-18

Description:

PyWebDAV contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'get_userinfo()' method in 'DAVServer/mysqlauth.py' not properly sanitizing user-supplied input to the 'user' and 'pw' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 70957 - Disclosed: 2011-02-18

Description:

Ruby contains a flaw related to the safe-level feature. The issue is triggered when a context-dependent attacker exploits a flaw within the exception '#to_s' handling. This may allow an attacker to bypass safe-level protection and modify strings via the 'Exception#to_s' method.

[CLOSE] OSVDB ID : 72536 - Disclosed: 2011-02-17

Description:

(Description Provided by CVE) : jingle-factory.c in Telepathy Gabble 0.11 before 0.11.7, 0.10 before 0.10.5, and 0.8 before 0.8.15 allows remote attackers to sniff audio and video calls via a crafted google:jingleinfo stanza that specifies an alternate server for streamed media.

[CLOSE] OSVDB ID : 71403 - Disclosed: 2011-02-17

Description:

Novell ZENworks Configuration Management is prone to an overflow condition. The novell-tftp.exe component fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted long TFTP request sent to UDP port 69, a remote attacker can potentially cause execute arbitrary code.

[CLOSE] OSVDB ID : 71011 - Disclosed: 2011-02-16

Description:

Best Practical Solutions Request Tracker contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when 'Scrips_Overlay.pm' fails to properly restrict access to 'TicketObj' in a 'Scrip' following a 'CurrentUser' change, which will disclose potentially sensitive information to a remote authenticated attacker.

[CLOSE] OSVDB ID : 71012 - Disclosed: 2011-02-16

Description:

Best Practical Solutions Request Tracker contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program fails to perform certain redirect actions upon login, which will disclose login credentials to a physically present attacker who uses a web browser's back button after a logout.

[CLOSE] OSVDB ID : 71358 - Disclosed: 2011-02-16

Description:

Logwatch contains a flaw related to logwatch.pl failing to properly sanitize log file filenames before use in 'system()' calls. This may allow a remote attacker to inject and execute shell commands.

[CLOSE] OSVDB ID : 71682 - Disclosed: 2011-02-16

Description:

(Description Provided by CVE) : IBM FileNet P8 Content Engine (aka P8CE) 4.0.1 through 5.0.0, as used in FileNet P8 Content Manager (CM) and FileNet P8 Business Process Manager (BPM), does not require the PRIVILEGED_WRITE access role for all intended Object Store modifications, which allows remote attackers to change a privileged property of an object via unspecified vectors.

[CLOSE] OSVDB ID : 70884 - Disclosed: 2011-02-16

Description:

Cisco Security Agent contains a flaw related to the Management Center web interface, webagent.exe failing to properly process certain POST parameters when handling an 'st_upload' request. This may allow a remote attacker to create arbitrary files with a crafted 'st_upload' request, allowing for the execution of arbitrary code through those files.

[CLOSE] OSVDB ID : 71075 - Disclosed: 2011-02-16

Description:

Apache Archiva contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain requests containing specially crafted request parameters upon submission to the user management page. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70952 - Disclosed: 2011-02-16

Description:

IBM FileNet Content Manager contains an unspecified flaw related to the Rendition Engine. This may allow a remote attacker to bypass access restrictions and gain permission to configure the internal database. No further details have been provided.

[CLOSE] OSVDB ID : 70898 - Disclosed: 2011-02-15

Description:

F-Secure Internet Gatekeeper contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program fails to require authentication for reading access logs, which will disclose potentially sensitive information to a remote attacker attacker via an admin UI port TCP session.

[CLOSE] OSVDB ID : 71773 - Disclosed: 2011-02-14

Description:

Microsoft Windows is prone to an overflow condition. The 'BowserWriteErrorLogEntry' function in the CIFS browser service in 'Mrxsmb.sys' or 'bowser.sys' in Active Directory fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted BROWSER ELECTION message, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70936 - Disclosed: 2011-02-14

Description:

Mailman contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'full name' or 'username' fields in confirmation messages upon submission to the Cgi/confirm.py script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 72528 - Disclosed: 2011-02-13

Description:

OpenLDAP contains a flaw in the 'back-ldap' component. The issue is due to an error within chain.c when a slave server forwards password failures to a master server. With a specially crafted request containing an invalid password, a remote attacker can bypass authentication settings.

[CLOSE] OSVDB ID : 72529 - Disclosed: 2011-02-13

Description:

OpenLDAP contains a flaw in the 'back-ndb' component. The issue is due to an error within bind.cpp when handling authentication for a 'rootdn' Distinguished Name (DN). This flaw may allow a remote attacker to bypass authentication settings and perform arbitrary actions.

[CLOSE] OSVDB ID : 72530 - Disclosed: 2011-02-13

Description:

OpenLDAP contains a flaw in the handling of certain MODRDN requests that may allow a remote denial of service. The issue is due to an error when handling relative Distinguished Name (DN) modification requests (aka MODRDN operation). With a specially crafted request containing an empty value for the OldDN field, a remote attacker can cause the service to crash.

[CLOSE] OSVDB ID : 70868 - Disclosed: 2011-02-12

Description:

ProFTPD contains a flaw that may allow a remote denial of service. The issue is triggered when the 'mod_sftp' module fails to restrict the maximum payload size of SSH packets, which may be exploited via crafted SSH packets sent to the server to cause a denial of service.

[CLOSE] OSVDB ID : 70925 - Disclosed: 2011-02-11

Description:

Apache Continuum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70960 - Disclosed: 2011-02-11

Description:

MySQL Eventum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input appended to the URL upon submission to the forgot_password.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70961 - Disclosed: 2011-02-11

Description:

MySQL Eventum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'keywords', 'customer_id', 'status', 'priority', 'category', 'customer_email', 'reporter', 'release' and 'pageRow' parameters upon submission to the list.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70962 - Disclosed: 2011-02-11

Description:

phpMyAdmin contains a flaw related to the 'PMA_Bookmark_get' function in 'libraries/bookmark.lib.php' failing to properly restrict bookmark queries. This makes it easier for a remote authenticated attacker to cause another user to execute bookmarked SQL queries.

[CLOSE] OSVDB ID : 70924 - Disclosed: 2011-02-11

Description:

Apache Continuum contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for administrative credential modification actions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 70872 - Disclosed: 2011-02-11

Description:

ManageEngine ADSelfService Plus contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'searchString', 'searchType' and 'actionID' parameters upon submission to the EmployeeSearch.cc script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70869 - Disclosed: 2011-02-10

Description:

ManageEngine ADSelfService Plus contains a flaw related to the password reset mechanism. This may allow an attacker to bypass security questions to change an arbitrary user's password by directly accessing the 'accounts/ResetResult' page.

[CLOSE] OSVDB ID : 70870 - Disclosed: 2011-02-10

Description:

ManageEngine ADSelfService Plus contains a flaw related to the security question verification mechanism. This may allow a remote attacker to eliminate the captcha verification and reduce the required number of questions to one, making it possible to brute force the answer to the question and change an arbitrary user's password.

[CLOSE] OSVDB ID : 70904 - Disclosed: 2011-02-10

Description:

A memory corruption flaw exists in Microsoft Office Excel. The program fails to properly handle errors during Office Art record parsing, resulting in memory corruption. With a specially crafted Excel document, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 70852 - Disclosed: 2011-02-10

Description:

Novell iPrint is prone to an overflow condition. The /opt/novell/iprint/bin/ipsmd component of the ilprsrvd service fails to properly sanitize user-supplied input when handling multiple LPR opcodes, which will result in a stack-based buffer overflow. This may allow a remote attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70857 - Disclosed: 2011-02-10

Description:

Metasploit Framework on Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the application is installed with insecure filesystem permissions, allowing a local attacker to create arbitrary files in certain directories, resulting in a privilege escalation which will allow arbitrary code execution with LocalSystem privileges upon the restarting of the 'frameworkPostgreSQL' service.

[CLOSE] OSVDB ID : 72574 - Disclosed: 2011-02-10

Description:

(Description Provided by CVE) : FFmpeg 0.5.x, as used in MPlayer and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a malformed VC-1 file.

[CLOSE] OSVDB ID : 73303 - Disclosed: 2011-02-10

Description:

(Description Provided by CVE) : The Live DVD for Edubuntu 9.10, 10.04 LTS, and 10.10 does not correctly regenerate iTALC private keys after installation, which causes each installation to have the same fixed key, which allows remote attackers to gain privileges.

[CLOSE] OSVDB ID : 73766 - Disclosed: 2011-02-10

Description:

(Description Provided by CVE) : Unspecified vulnerability in Hex-Rays IDA Pro 5.7 and 6.0 has unknown impact and attack vectors related to "converson of string encodings" and "inconsistencies in the handling of UTF8 sequences by the user interface."

[CLOSE] OSVDB ID : 70910 - Disclosed: 2011-02-09

Description:

Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL pointer dereference occurs in the Key Distribution Center, allowing a remote attacker to use a crafted packet to cause a denial of service.

[CLOSE] OSVDB ID : 70909 - Disclosed: 2011-02-09

Description:

Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered when the Key Distribution Center improperly processes certain principal names which causes a NULL pointer dereference error, when an LDAP backend is used, allowing a remote attacker to cause a denial of service via a crafted request.

[CLOSE] OSVDB ID : 70908 - Disclosed: 2011-02-09

Description:

Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered when the unparse implementation in the Key Distribution Center improperly processes certain principal names which trigger backslash escape sequences, when an LDAP backend is used, allowing a remote attacker to cause a denial of service via a crafted request.

[CLOSE] OSVDB ID : 70907 - Disclosed: 2011-02-09

Description:

Kerberos contains a flaw that may allow a remote denial of service. The issue is triggered when the 'do_standalone' function in the KDC database propagation daemon fails to properly handle a worker child process exiting abnormally, allowing a remote attacker to cause a denial of service.

[CLOSE] OSVDB ID : 70980 - Disclosed: 2011-02-09

Description:

Google Chrome contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle anonymous blocks, allowing a remote attacker to cause a stale pointer condition, leading to a denial of service.