[CLOSE] OSVDB ID : 78542 - Disclosed: 2012-01-24

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 78540 - Disclosed: 2012-01-20

Description:

SAP NetWeaver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'cc0Host', 'cc0Id', 'cc0Path', 'cc0Port', 'cc0Protocol', 'cc0ProxyHost', 'cc0ProxyPort', 'cc1Host', 'cc1Id', 'cc1Path', 'cc1Port', 'cc1Protocol', 'cc1ProxyHost' and 'cc1ProxyPort' parameters upon submission to the bcbadmSettings.jsp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Comments: 0, Blogs: 0, References: 7

Vulnerability Classification

[CLOSE] OSVDB ID : 78538 - Disclosed: 2012-01-20

Description:

SAP NetWeaver contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'TXVDestination' parameter upon submission to the TextContainerAdmin/administration_setup.jsp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Comments: 0, Blogs: 0, References: 7

Vulnerability Classification

[CLOSE] OSVDB ID : 78536 - Disclosed: 2012-01-20

Description:

Unknown / Incomplete

Comments: 0, Blogs: 0, References: 7

Vulnerability Classification

[CLOSE] OSVDB ID : 78534 - Disclosed: 2012-01-24

Description:

Ocean Data Systems Dream Report contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Comments: 0, Blogs: 0, References: 4

Vulnerability Classification

[CLOSE] OSVDB ID : 65465 - Disclosed: 2010-06-06

Description:

WMS-CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'printpage.asp' script not properly sanitizing user-supplied input to the 'psPrice', 'pr' and 'sbr' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Comments: 0, Blogs: 0, References: 9

Vulnerability Classification

[CLOSE] OSVDB ID : 76733 - Disclosed: 2011-09-28

Description:

Digital College contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the includes/tiny_mce/plugins/filemanager/classes/FileManager/FileManagerPlugin.php script not properly sanitizing user input supplied to the 'basepath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

Comments: 0, Blogs: 0, References: 6

Vulnerability Classification

[CLOSE] OSVDB ID : 18293 - Disclosed: 2005-07-15

Description:

By default, many Belkin 54G wireless routers using a default ssid of "belkin54g" are preconfigured with a default password. The "admin" account has a null password which is publicly known and documented. This allows attackers to trivially access the program or system as the routers come preconfigured with remote telnet access enabled.

Comments: 1, Blogs: 0, References: 5

Vulnerability Classification

[CLOSE] OSVDB ID : 13834 - Disclosed: 2005-02-14

Description:

(Description Provided by CVE) : awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.

Comments: 0, Blogs: 0, References: 13

Vulnerability Classification

[CLOSE] OSVDB ID : 62780 - Disclosed: 2010-03-07

Description:

Bild Flirt Community contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

Comments: 0, Blogs: 0, References: 8

Vulnerability Classification

[CLOSE] OSVDB ID : 78057 - Disclosed: 2011-12-28

Description:

(Description Provided by CVE) : The CaseInsensitiveHashProvider.getHashCode function in the HashTable implementation in the ASP.NET subsystem in Microsoft .NET Framework 1.1 SP1, 2.0 SP2, 3.5 SP1, 3.5.1, and 4.0 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters, aka "Collisions in HashTable May Cause DoS Vulnerability."

Comments: 0, Blogs: 8, References: 16

Vulnerability Classification

[CLOSE] OSVDB ID : 78026 - Disclosed: 2011-12-16

Description:

A memory corruption flaw exists in Adobe Reader and Acrobat. The PRC component fails to sanitize user-supplied input when handling certain data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

Comments: 0, Blogs: 5, References: 6

Vulnerability Classification

[CLOSE] OSVDB ID : 77529 - Disclosed: 2011-12-06

Description:

A memory corruption flaw exists in Adobe Reader and Acrobat . The program fails to sanitize user-supplied input when handling U3D data, resulting in memory corruption. With a specially crafted PDF file, a context-dependent attacker can execute arbitrary code.

Comments: 0, Blogs: 14, References: 12

Vulnerability Classification