[CLOSE] OSVDB ID : 78554 - Disclosed: 2012-01-25

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Comments: 0, Blogs: 0, References: 3

Vulnerability Classification

[CLOSE] OSVDB ID : 78552 - Disclosed: 2012-01-26

Description:

VR GPub contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition of editor level users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

Comments: 0, Blogs: 0, References: 2

Vulnerability Classification

[CLOSE] OSVDB ID : 78550 - Disclosed: 2012-01-19

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 3

Vulnerability Classification

[CLOSE] OSVDB ID : 78548 - Disclosed: 2012-01-26

Description:

phplist contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'testtarget' parameter upon submission to the admin/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Comments: 0, Blogs: 0, References: 3

Vulnerability Classification

[CLOSE] OSVDB ID : 78546 - Disclosed: 2012-01-23

Description:

(Description Provided by CVE) : Skia, as used in Google Chrome before 16.0.912.77, does not perform all required initialization of values, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Comments: 0, Blogs: 0, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 65465 - Disclosed: 2010-06-06

Description:

WMS-CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'printpage.asp' script not properly sanitizing user-supplied input to the 'psPrice', 'pr' and 'sbr' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 76733 - Disclosed: 2011-09-28

Description:

Digital College contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the includes/tiny_mce/plugins/filemanager/classes/FileManager/FileManagerPlugin.php script not properly sanitizing user input supplied to the 'basepath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

Comments: 0, Blogs: 0, References: 6

Vulnerability Classification

[CLOSE] OSVDB ID : 18293 - Disclosed: 2005-07-15

Description:

By default, many Belkin 54G wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system as the routers come preconfigured with remote telnet access enabled.

Comments: 1, Blogs: 0, References: 5

Vulnerability Classification

[CLOSE] OSVDB ID : 66441 - Disclosed: 2008-04-11

Description:

By default, Siemens SIMATIC installs with a default password. The 'WinCCConnect' and 'WinCCAdmin' accounts have a password of '2WSXcder' which is publicly known and documented. This allows attackers to trivially access the program or system.

Comments: 0, Blogs: 0, References: 26

Vulnerability Classification

[CLOSE] OSVDB ID : 62923 - Disclosed: 2010-03-14

Description:

Domain Verkaus & Auktions Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script (when 'a' is set to 'd') not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Comments: 0, Blogs: 0, References: 6

Vulnerability Classification

[CLOSE] OSVDB ID : 78057 - Disclosed: 2011-12-28

Description:

(Description Provided by CVE) : The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Comments: 0, Blogs: 8, References: 16

Vulnerability Classification

[CLOSE] OSVDB ID : 78026 - Disclosed: 2011-12-16

Description:

A memory corruption flaw exists in Adobe Reader and Acrobat. The PRC component fails to sanitize user-supplied input when handling certain data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

Comments: 0, Blogs: 5, References: 6

Vulnerability Classification

[CLOSE] OSVDB ID : 77529 - Disclosed: 2011-12-06

Description:

A memory corruption flaw exists in Adobe Reader and Acrobat . The program fails to sanitize user-supplied input when handling U3D data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

Comments: 0, Blogs: 14, References: 12

Vulnerability Classification