| OSVDB ID | Disclosure Date | Title |
|---|
|
57151
Description:
(Description Provided by CVE) : The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.
|
2009-08-17
|
Solaris Kernel Filesystem / Virtual Memory Subsystem Interaction Unspecified Local DoS
|
|
57265
Description:
(Description Provided by CVE) : cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.
|
2009-08-17
|
Linux Kernel net/wireless/scan.c cfg80211 Malformed Beacon Frames NULL Dereference Remote DoS
|
|
57258
Description:
Unknown / Incomplete
|
2009-08-17
|
Valve Source Engine engine.dll Player Disconnect reason Parameter Remote Format String
|
|
57184
Description:
Adobe ColdFusion contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a query string upon submission to the wizards/common/_authenticatewizarduser.cfm script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-08-17
|
Adobe ColdFusion Server wizards/common/_authenticatewizarduser.cfm Query String XSS
|
|
57182
Description:
Adobe ColdFusion contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'startRow' parameter upon submission to the administrator/logviewer/searchlog.cfm script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-08-17
|
Adobe ColdFusion Server administrator/logviewer/searchlog.cfm startRow Parameter XSS
|
|
57183
Description:
Adobe ColdFusion contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a query string upon submission to the wizards/common/_logintowizard.cfm script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-08-17
|
Adobe ColdFusion Server wizards/common/_logintowizard.cfm Query String XSS
|
|
57185
Description:
Adobe ColdFusion contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a query string upon submission to the administrator/enter.cfm script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-08-17
|
Adobe ColdFusion Server administrator/enter.cfm Query String XSS
|
|
57186
Description:
Adobe JRun contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the logviewer.jsp script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the logfile parameter.
|
2009-08-17
|
Adobe JRun Application Server Management Console logging/logviewer.jsp logfile Parameter Traversal Arbitrary File Access
|
|
57188
Description:
Adobe ColdFusion contains a flaw that allows multiple remote cross-site scripting (XSS) attacks. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-08-17
|
Adobe ColdFusion Multiple Unspecified XSS
|
|
57190
Description:
Adobe ColdFusion contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2009-08-17
|
Adobe ColdFusion Unspecified XSS
|
|
57126
Description:
Piwigo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'comments.php' script not properly sanitizing user-supplied input to the 'items_number' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2009-08-17
|
Piwigo comments.php items_number Parameter SQL Injection
|
|
57187
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Adobe JRun 4.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
2009-08-17
|
Adobe JRun Management Console Multiple Unspecified XSS
|
|
57189
Description:
(Description Provided by CVE) : Adobe ColdFusion 8.0.1 and earlier might allow attackers to obtain sensitive information via unspecified vectors, related to a "double-encoded null character vulnerability."
|
2009-08-17
|
Adobe ColdFusion Double-encoded Null Character Information Disclosure
|
|
57191
Description:
(Description Provided by CVE) : Session fixation vulnerability in Adobe ColdFusion 8.0.1 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
2009-08-17
|
Adobe ColdFusion Unspecified Session Fixation
|
|
58392
Description:
(Description Provided by CVE) : OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate.
|
2009-08-17
|
OpenSAML KeyDescriptor Element use Tag Metadata Security Bypass
|
|
60536
Description:
Unknown / Incomplete
|
2009-08-17
|
LionWiki Multiple Unspecified Issues
|
|
57201
Description:
(Description Provided by CVE) : Insecure method vulnerability in the Acer LunchApp (aka AcerCtrls.APlunch) ActiveX control in acerctrl.ocx allows remote attackers to execute arbitrary commands via the Run method, a different vulnerability than CVE-2006-6121.
|
2009-08-16
|
Acer AcerCtrls.APlunch ActiveX (acerctrl.ocx) Run Method Arbitrary Local File Execution
|
|
61875
Description:
gzip contains a flaw in the decompression functionality that may allow a remote denial of service. The issue is due to the 'huft_build()' function in inflate.c not validating user-supplied input. With a specially crafted archive file, a context-dependent attacker can cause the program to go into an infinite loop.
|
2009-08-16
|
GNU gzip inflate.c huft_build() Function Infinite Loop DoS
|
|
62441
Description:
Unknown / Incomplete
|
2009-08-16
|
DUgallery /admin/edit.asp Direct Request Authentication Bypass
|
|
79040
Description:
Unknown / Incomplete
|
2009-08-16
|
Links GIF Header Handling Memory Allocation Overflow
|
|
57515
Description:
(Description Provided by CVE) : Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
|
2009-08-15
|
Microsoft IE window.open() New Window URL Path Spoofing Weakness
|
|
57754
Description:
(Description Provided by CVE) : K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
|
2009-08-15
|
K-Meleon window.open() New Window URL Path Spoofing Weakness
|
|
57758
Description:
(Description Provided by CVE) : Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
|
2009-08-15
|
Mozilla Multiple Browsers window.open() New Window URL Path Spoofing Weakness
|
|
57759
Description:
(Description Provided by CVE) : Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.
|
2009-08-15
|
Flock Browser window.open() New Window URL Path Spoofing Weakness
|
|
57755
Description:
(Description Provided by CVE) : Maxthon Browser 2.5.3.80 UNICODE allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.
|
2009-08-15
|
Maxthon Browser window.open() New Window URL Path Spoofing Weakness
|
|
57756
Description:
(Description Provided by CVE) : Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.
|
2009-08-15
|
Lunascape window.open() New Window URL Path Spoofing Weakness
|
|
57748
Description:
Multiple web browsers contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate and allow the attacker to spoof the URL or content from a non existing file or path. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-15
|
Avant Browser window.open Relative URI Address Bar Spoofing Weakness
|
|
68260
Description:
Unknown / Incomplete
|
2009-08-15
|
Accton-based Gigabit Switches Default Backdoor Password
|
|
57139
Description:
(Description Provided by CVE) : The tgbvpn.sys driver in TheGreenBow IPSec VPN Client 4.61.003 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted request to the 0x80000034 IOCTL, probably involving an input or output buffer size of 0.
|
2009-08-15
|
TheGreenBow VPN Client TgbVPN.sys IOCTL Handling Local DoS
|
|
67963
Description:
Unknown / Incomplete
|
2009-08-15
|
Edge-corE ES4649 Switch Hardcoded __super User Password Generation Algorithm Weakness
|
|
57431
Description:
(Description Provided by CVE) : Unspecified vulnerability in JNLPAppletlauncher in Sun Java SE, and SE for Business, in JDK and JRE 6 Update 14 and earlier and JDK and JRE 5.0 Update 19 and earlier; and Java SE for Business in SDK and JRE 1.4.2_21 and earlier; allows remote attackers to create or modify arbitrary files via vectors involving an untrusted Java applet that accesses an old version of JNLPAppletLauncher.
|
2009-08-14
|
Sun Java JDK / JRE JNLPAppletlauncher Unspecified Arbitrary File Manipulation
|
|
57128
Description:
(Description Provided by CVE) : Sun Virtual Desktop Infrastructure (VDI) 3.0, when anonymous binding is enabled, does not properly handle a client's attempt to establish an authenticated and encrypted connection, which might allow remote attackers to read cleartext VDI configuration-data requests by sniffing LDAP sessions on the network.
|
2009-08-14
|
Solaris Virtual Desktop Infrastructure (VDI) Configuration Data LDAP Request Disclosure
|
|
57234
Description:
Unknown / Incomplete
|
2009-08-14
|
IBM DB2 Universal Database Multiple DoS
|
|
57313
Description:
BuildBot contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate unspecified parameters upon submission to unspecified scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2009-08-14
|
BuildBot Web Status Multiple Unspecified XSS
|
|
57229
Description:
(Description Provided by CVE) : Memory leak in the Security component in IBM DB2 8.1 before FP18 on Unix platforms allows attackers to cause a denial of service (memory consumption) via unspecified vectors, related to private memory within the DB2 memory structure.
|
2009-08-14
|
IBM DB2 Universal Database Security Component Unspecified Private Memory Leak
|
|
57230
Description:
(Description Provided by CVE) : IBM DB2 8.1 before FP18 allows attackers to obtain unspecified access via a das command.
|
2009-08-14
|
IBM DB2 Universal Database DAS Command Unspecified Privilege Escalation
|
|
57231
Description:
(Description Provided by CVE) : Unspecified vulnerability in db2jds in IBM DB2 8.1 before FP18 allows remote attackers to cause a denial of service (service crash) via "malicious packets."
|
2009-08-14
|
IBM DB2 Universal Database db2jds Malformed Packets Remote DoS
|
|
57232
Description:
Unknown / Incomplete
|
2009-08-14
|
IBM DB2 Universal Database Crafted CONNECT Data Stream Unspecified Remote DoS (IZ37696)
|
|
57233
Description:
Unknown / Incomplete
|
2009-08-14
|
IBM DB2 Universal Database Crafted Data Stream Unspecified DoS (IZ39652)
|
|
68098
Description:
Unknown / Incomplete
|
2009-08-14
|
asyncore Module for Python accept() Method Incorrect Error Handling DoS
|
