| OSVDB ID | Disclosure Date | Title |
|---|
|
57574
Description:
BIGACE Web CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' parameters upon submission to the 'public/index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-31
|
BIGACE Web CMS public/index.php id Parameter XSS
|
|
57570
Description:
(Description Provided by CVE) : SolarWinds TFTP Server 9.2.0.111 and earlier allows remote attackers to cause a denial of service (service stop) via a crafted Option Acknowledgement (OACK) request. NOTE: some of these details are obtained from third party information.
|
2009-08-31
|
SolarWinds TFTP Server OACK Request Remote DoS
|
|
57584
Description:
(Description Provided by CVE) : Stack-based buffer overflow in TriceraSoft Swift Ultralite 1.032 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long string in a .M3U playlist file.
|
2009-08-31
|
Swift Ultralite M3U File Handling Overflow
|
|
57595
Description:
Basic PHP Lister contains a flaw that may allow a malicious user to reset passwords. The issue is triggered when directly requests admin/reset.php. It is possible that the flaw may allow a malicious user to reset the admin's password resulting in a loss of integrity.
|
2009-08-31
|
Basic PHP Events Lister admin/reset.php Admin Password Reset Weakness
|
|
57588
Description:
Rock Band CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'news.php' script not properly sanitizing user-supplied input to the 'year' and 'id' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-31
|
Rock Band CMS news.php Multiple Parameter SQL Injection
|
|
57592
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
|
2009-08-31
|
Dnsmasq src/tftp.c tftp_request() Function Remote Overflow
|
|
57593
Description:
(Description Provided by CVE) : The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
|
2009-08-31
|
Dnsmasq src/ftpd.c tftp_request() Function NULL Dereference Remote DoS
|
|
57683
Description:
Joker Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'notice' parameters upon submission to the 'editform.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-31
|
Joker Board editform.php notice Parameter XSS
|
|
57684
Description:
Joker Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'edit_user_message' parameters upon submission to the 'core/edit_user_message.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-31
|
Joker Board core/edit_user_message.php edit_user_message Parameter XSS
|
|
57685
Description:
Joker Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'user_title' parameters upon submission to the 'inc/head.inc.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-31
|
Joker Board inc/head.inc.php user_title Parameter XSS
|
|
57686
Description:
Joker Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'core/select.php' script not properly sanitizing user-supplied input to an unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-31
|
Joker Board core/select.php Unspecified Parameter SQL Injection
|
|
57687
Description:
Joker Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'top_add.inc.php' script not properly sanitizing user-supplied input to the 'city' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-31
|
Joker Board top_add.inc.php city Parameter SQL Injection
|
|
57805
Description:
Unknown / Incomplete
|
2009-08-31
|
FluxBB Unspecified XSS
|
|
57884
Description:
(Description Provided by CVE) : The Servlet Engine/Web Container component in IBM WebSphere Application Server (WAS) 6.0.2 before 6.0.2.37 does not properly implement security constraints on the (1) doGet and (2) doTrace methods, which allows remote attackers to bypass intended access restrictions and obtain sensitive information via a crafted HTTP HEAD request to a Web Application.
|
2009-08-31
|
IBM WebSphere Application Server (WAS) Servlet Engine/Web Container Component HEAD Request Multiple Method Access Restriction Bypass
|
|
58255
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.
|
2009-08-31
|
Ultimate Player Multiple Playlist File Overflows
|
|
58683
Description:
Puppet contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to file{} creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity and availability.
|
2009-08-31
|
Puppet Symlink Arbitrary File Overwrite
|
|
58682
Description:
Unknown / Incomplete
|
2009-08-31
|
Puppet puppetmaster Client Certificate Validation Weakness
|
|
60018
Description:
osCommerce Online Merchant contains a flaw in file_manager.php that may allow an unauthenticated attacker to upload, download and edit files, leading to arbitrary code execution as the web server user.
|
2009-08-31
|
osCommerce Online Merchant Admin Console file_manager.php Remote Privilege Escalation
|
|
61121
Description:
Unknown / Incomplete
|
2009-08-31
|
urlShort Unspecified XSS
|
|
61122
Description:
Unknown / Incomplete
|
2009-08-31
|
urlShort Unspecified SQL Injection
|
|
62576
Description:
(Description Provided by CVE) : gnome-screensaver 2.14.3, 2.22.2, 2.27.x, 2.28.0, and 2.28.3, when the X configuration enables the extend screen option, allows physically proximate attackers to bypass screen locking, access an unattended workstation, and view half of the GNOME desktop by attaching an external monitor.
|
2009-08-31
|
gnome-screensaver Extend Screen Option Authentication Bypass
|
|
62656
Description:
Unknown / Incomplete
|
2009-08-31
|
Google Chrome Math.random Random Number Generation Weakness
|
|
57575
Description:
ikiwiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user uses unsafe Tex commands, which will disclose arbitrary files resulting in a loss of confidentiality.
|
2009-08-30
|
teximg Plugin for ikiwiki TEX Command Arbitrary File Local Disclosure
|
|
87486
Description:
AWStats contains a security key weakness related to awredir.pl that may allow an attacker to potentially conduct a cross-site referencing attack. No further details have been provided.
|
2009-08-30
|
AWStats awredir.pl Security Key Weakness
|
|
60460
Description:
Unknown / Incomplete
|
2009-08-29
|
Zoph Multiple Unspecified XSS
|
|
60945
Description:
Unknown / Incomplete
|
2009-08-28
|
Circumference WebAuth Secret Token Truncation Weakness
|
|
57633
Description:
(Description Provided by CVE) : src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.
|
2009-08-28
|
Qt X.509 Certificate Authority (CA) Subject Alternative Name Null Byte Handling SSL MiTM Weakness
|
|
57571
Description:
FlexCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'Login Cookie' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-08-28
|
FlexCMS Login Cookie SQL Injection
|
|
57569
Description:
Unknown / Incomplete
|
2009-08-28
|
XEROX WorkCentre Web Server Unspecified Unauthorized Access
|
|
89547
Description:
uTorrent contains an overflow condition in the create torrent dialog functionality. The issue is triggered as user-supplied input is not properly validated during the handling of TXT files. With a specially crafted file, a remote attacker can cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.
|
2009-08-28
|
uTorrent Create Torrent Dialog Functionality TXT File Handling Overflow DoS
|
|
57749
Description:
(Description Provided by CVE) : Maxthon Browser 3.0.0.145 Alpha with Ultramode does not properly block javascript: and data: URIs in Refresh headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains a javascript: URI, (2) entering a javascript: URI when specifying the content of a Refresh header, (3) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header; does not properly block data: URIs in Location headers in HTTP responses, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location header that contains JavaScript sequences in a data:text/html URI or (6) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within (a) 301 and (b) 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (7) injecting a Location HTTP response header or (8) specifying the content of a Location HTTP response header.
|
2009-08-28
|
Maxthon Browser Refresh / Location Header Multiple Method XSS
|
|
57750
Description:
(Description Provided by CVE) : Orca Browser 1.2 build 5 does not properly block data: URIs in Refresh and Location headers in HTTP responses, which allows remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (1) injecting a Refresh header that contains JavaScript sequences in a data:text/html URI, (2) entering a data:text/html URI with JavaScript sequences when specifying the content of a Refresh header, (3) injecting a Location header that contains JavaScript sequences in a data:text/html URI, or (4) entering a data:text/html URI with JavaScript sequences when specifying the content of a Location header; and does not properly handle javascript: URIs in HTML links within 302 error documents sent from web servers, which allows user-assisted remote attackers to conduct cross-site scripting (XSS) attacks via vectors related to (5) injecting a Location HTTP response header or (6) specifying the content of a Location HTTP response header.
|
2009-08-28
|
Orca Browser Refresh / Location Header Multiple Method XSS
|
|
57808
Description:
Silurus Classifieds contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'wcategory.php' script not properly sanitizing user-supplied input to the 'ID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-28
|
Silurus Classifieds wcategory.php ID Parameter SQL Injection
|
|
57911
Description:
QuarkMail contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'get_message.cgi' not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'tf' parameter. This directory traversal attack would allow the attacker to read arbitrary files.
|
2009-08-28
|
QuarkMail get_message.cgi tf Parameter Traversal Arbitrary File Access
|
|
57913
Description:
Download System mSF (dsmsf) Module for PHP-Fusion contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'screen.php' script not properly sanitizing user-supplied input to the 'view_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-28
|
Download System mSF (dsmsf) Module for PHP-Fusion screen.php view_id Parameter SQL Injection
|
|
57914
Description:
v contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'category.php' script not properly sanitizing user-supplied input to the ID parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-28
|
Silurus Classifieds category.php ID Parameter SQL Injection
|
|
58256
Description:
LiveStreet contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'asd' parameters upon submission to the 'include/ajax/blogInfo.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-28
|
LiveStreet include/ajax/blogInfo.php asd Parameter XSS
|
|
58257
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in LiveStreet 0.2 allows remote attackers to inject arbitrary web script or HTML via the header of the topic in a comment.
|
2009-08-28
|
LiveStreet Comment Topic Header XSS
|
|
57428
Description:
(Description Provided by CVE) : The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to the atalk_getname function in net/appletalk/ddp.c; (2) an AF_IRDA socket, related to the irda_getname function in net/irda/af_irda.c; (3) an AF_ECONET socket, related to the econet_getname function in net/econet/af_econet.c; (4) an AF_NETROM socket, related to the nr_getname function in net/netrom/af_netrom.c; (5) an AF_ROSE socket, related to the rose_getname function in net/rose/af_rose.c; or (6) a raw CAN socket, related to the raw_getname function in net/can/raw.c.
|
2009-08-27
|
Linux Kernel proto_ops .getname Function Arbitrary Kernel Memory Disclosure
|
|
57566
Description:
Danneo CMS Poll contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the '/mod/poll/comment.php' script not properly sanitizing user-supplied input to the 'comtitle' and 'comtext' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2009-08-27
|
Danneo CMS Poll /mod/poll/comment.php Multiple Parameter SQL Injection
|
