| OSVDB ID | Disclosure Date | Title |
|---|
|
60573
Description:
Unknown / Incomplete
|
2009-12-02
|
AlienForm2 alienform.cgi (af.cgi) _browser_out Parameter Crafted Traversal Arbitrary File Access
|
|
60574
Description:
Unknown / Incomplete
|
2009-12-02
|
AlienForm2 alienform.cgi (af.cgi) _browser_out Parameter Malformed Input Path Disclosure
|
|
60585
Description:
Roxio Creator is prone to an integer overflow condition. The program fails to properly sanitize user-supplied input when parsing image dimensions, resulting in a heap-based buffer overflow. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code on a user's system.
|
2009-12-02
|
Roxio Creator Crafted Image Handling Overflow
|
|
60648
Description:
Lateral Arts Photobox Uploader ActiveX is prone to an overflow condition. The ActiveX control fails to properly sanitize user-supplied input assigned to various properties (e.g. LogURL, ConnectURL, SkinURL, AlbumCreateURL, ErrorURL, and httpsinglehost), resulting in a stack-based buffer overflow. With a specially crafted web page, a context-dependent attacker can execute arbitrary code on a user's system.
|
2009-12-02
|
Lateral Arts Photobox Uploader ActiveX Multiple Property Overflows
|
|
60814
Description:
(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
2009-12-02
|
Moodle Multiple Unspecified CSRF
|
|
60815
Description:
(Description Provided by CVE) : The LAMS module (mod/lams) for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 stores the (1) username, (2) firstname, and (3) lastname fields within the user table, which allows attackers to obtain user account information via unknown vectors.
|
2009-12-02
|
Moodle LAMS Module Unspecified Information Disclosure
|
|
60816
Description:
(Description Provided by CVE) : mod/glossary/showentry.php in the Glossary module for Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 does not properly perform access control, which allows attackers to read unauthorized Glossary entries via unknown vectors.
|
2009-12-02
|
Moodle mod/glossary/showentry.php Glossary Entry Access Restriction Weakness
|
|
60817
Description:
(Description Provided by CVE) : mnet/lib.php in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7, when MNET services are enabled, does not properly check permissions, which allows remote authenticated servers to execute arbitrary MNET functions.
|
2009-12-02
|
Moodle mnet/lib.php MNET Interface Access Restriction Weakness MNET Function Execution
|
|
60818
Description:
(Description Provided by CVE) : SQL injection vulnerability in the SCORM module in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allows remote authenticated users to execute arbitrary SQL commands via vectors related to an "escaping issue when processing AICC CRS file (Course_Title)."
|
2009-12-02
|
Moodle SCORM Module Unspecified SQL Injection
|
|
71878
Description:
TimThumb contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input passed via the PATH_INFO and 'src' parameter upon submission to the timthumb.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
TimThumb timthumb.php Multiple Parameter XSS
|
|
86444
Description:
Simple Machines Forum (SMF) contains a flaw that allows a remote attacker to access arbitrary files outside of a restricted path. The issue is due to the Sources/ManageErrors.php script not properly establishing restrictions on accessible files for administrative requests. Using the log viewing functionality via index.php, an administrator can view any file on the system by requesting it with an absolute path.
|
2009-12-02
|
Simple Machines Forum (SMF) index.php Admin Log Viewing Function file Parameter Arbitrary File Disclosure
|
|
91814
Description:
Juniper IVE OS Secure Access (SA) and Unified Access Control (UAC) contain a flaw that is triggered when using NTLMv1 or NTLMv2 protocols for Active Directory based authentication. This may allow a remote attacker to bypass the authentication step of the login process.
|
2009-12-02
|
Juniper IVE OS Secure Access (SA) / Unified Access Control (UAC) Active Directory NTLM Authentication Bypass
|
|
91813
Description:
Juniper IVE OS Secure Access (SA) and Unified Access Control (UAC) contain an unspecified flaw that is due to the programs failing to properly enforce a timeout when certain sub-menus are used by an administrator. This may allow a remote attacker to more easily gain administrative access.
|
2009-12-02
|
Juniper IVE OS Secure Access (SA) / Unified Access Control (UAC) Unspecified Admin Sub-menu Authentication Timeout Weakness
|
|
60597
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header parameter upon submission to the admin/admin_config.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg admin/admin_config.php HTTP Referer Header XSS
|
|
60580
Description:
Joaktree Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'treeId' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-12-02
|
Joaktree Component for Joomla! index.php treeId Parameter SQL Injection
|
|
60583
Description:
Theeta CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'blog/index.php' script not properly sanitizing user-supplied input to the 'start' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-12-02
|
Theeta CMS blog/index.php start Parameter SQL Injection
|
|
60632
Description:
(Description Provided by CVE) : Buffer overflow in Adobe Illustrator CS4 14.0.0, CS3 13.0.3 and earlier, and CS3 13.0.0 allows remote attackers to execute arbitrary code via a long DSC comment in an Encapsulated PostScript (.eps) file. NOTE: some of these details are obtained from third party information.
|
2009-12-02
|
Adobe Illustrator EPS File DSC Comment Handling Overflow
|
|
60593
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in src/Task.cc in the FastCGI program in IIPImage Server before 0.9.8 might allow remote attackers to execute arbitrary code via vectors associated with crafted arguments to the (1) RGN::run, (2) JTLS::run, or (3) SHD::run function. NOTE: some of these details are obtained from third party information.
|
2009-12-02
|
IIPImage Server FastCGI src/Task.cc Multiple Function Overflows
|
|
60598
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header upon submission to the admin/admin_modules.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg admin/admin_modules.php HTTP Referer Header XSS
|
|
60599
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header XSS parameter upon submission to the delete.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg delete.php HTTP Referer Header XSS
|
|
60600
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header upon submission to the editlink.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg editlink.php HTTP Referer Header XSS
|
|
60601
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header upon submission to the submit.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg submit.php HTTP Referer Header XSS
|
|
60602
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header upon submission to the submit_groups.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg submit_groups.php HTTP Referer Header XSS
|
|
60603
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header upon submission to the user_add_remove_links.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg user_add_remove_links.php HTTP Referer Header XSS
|
|
60604
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP Referer Header upon submission to the user_settings.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-02
|
Pligg user_settings.php HTTP Referer Header XSS
|
|
60605
Description:
Pligg 1.0.2 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2009-12-02
|
Pligg Admin User Creation CSRF
|
|
60606
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "return" parameter upon submission to the login.php script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. This could be leveraged to direct a user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
|
2009-12-02
|
Pligg pligg/login.php Arbitrary Site Redirect
|
|
60607
Description:
Pligg 1.0.2 contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the "return" parameter upon submission to the user_settings.php script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. This could be leveraged to direct a user to a web page containing attacks that target client side software such as a web browser or document rendering programs.
|
2009-12-02
|
Pligg pligg/user_settings.php Arbitrary Site Redirect
|
|
60798
Description:
(Description Provided by CVE) : The U.S. Defense Information Systems Agency (DISA) Security Readiness Review (SRR) script for the Solaris x86 platform executes files in arbitrary directories as root for filenames equal to (1) java, (2) openssl, (3) php, (4) snort, (5) tshark, (6) vncserver, or (7) wireshark, which allows local users to gain privileges via a Trojan horse program.
|
2009-12-02
|
DISA SRR Script for Solaris x86 Multiple Filename SUID Execution Local Privilege Escalation
|
|
60875
Description:
(Description Provided by CVE) : Off-by-one error in src/http.c in CoreHTTP 0.5.3.1 and earlier allows remote attackers to cause a denial of service or possibly execute arbitrary code via an HTTP request with a long first line that triggers a buffer overflow. NOTE: this vulnerability reportedly exists because of an incorrect fix for CVE-2007-4060.
|
2009-12-02
|
CoreHTTP src/http.c HTTP Request Off-by-one Remote Overflow
|
|
62135
Description:
(Description Provided by CVE) : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.
|
2009-12-02
|
Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext Data Injection
|
|
89880
Description:
By default, AVTech AVC-787 DVR installs with default user credentials (username/password combination). The 'admin' account has a password of 'admin', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
|
2009-12-02
|
AVTech AVC-787 DVR Default Admin Credentials
|
|
86460
Description:
Simple Machines Forum (SMF) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a the body of a message post before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-01
|
Simple Machines Forum (SMF) Post Body XSS
|
|
60859
Description:
Unknown / Incomplete
|
2009-12-01
|
Network Security Services (NSS) TLS Renegotiation Handshakes MiTM Plaintext Data Injection
|
|
60570
Description:
(Description Provided by CVE) : The _rtld function in the Run-Time Link-Editor (rtld) in libexec/rtld-elf/rtld.c in FreeBSD 7.1, 7.2, and 8.0 does not clear the LD_PRELOAD environment variable, which allows local users to gain privileges by executing a setuid or setguid program with a modified LD_PRELOAD variable containing an untrusted search path that points to a Trojan horse library, a different vector than CVE-2009-4147.
|
2009-12-01
|
FreeBSD Dynamic Linker libexec/rtld-elf/rtld.c _rtld() Function Multiple Variable Local Privilege Escalation
|
|
60589
Description:
(Description Provided by CVE) : Integer overflow in Novell eDirectory 8.7.3.x before 8.7.3.10 ftf2 and 8.8.x before 8.8.5.2 allows remote attackers to execute arbitrary code via an NDS Verb 0x1 request containing a large integer value that triggers a heap-based buffer overflow.
|
2009-12-01
|
Novell eDirectory dhost.exe NDS Verb 0x1 Service Request Handling Remote Overflow
|
|
86461
Description:
Simple Machines Forum (SMF) contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions related to the ManageServer.php script. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2009-12-01
|
Simple Machines Forum (SMF) ManageServer.php Arbitrary Command Execution CSRF
|
|
86459
Description:
Simple Machines Forum (SMF) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the replacing of censored words, which will cause the malformed code to be inserted for every censored word on a forum. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-01
|
Simple Machines Forum (SMF) Censored Word Replacement XSS
|
|
86458
Description:
Simple Machines Forum (SMF) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input when editing smiley group names. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-01
|
Simple Machines Forum (SMF) Smiley Administration XSS
|
|
86457
Description:
Simple Machines Forum (SMF) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the invalid file error message upon submission to the ManageErrors.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-12-01
|
Simple Machines Forum (SMF) ManageErrors.php Invalid File Error Message XSS
|
