[CLOSE] OSVDB ID : 71337 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus', 'description' and 'trans_no' parameters upon submission to the /admin/attachments.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71338 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a 'POST HTTP' request upon submission to the /admin/change_current_user_password.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71339 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus', 'percent_dec', 'prices_dec', 'qty_dec', 'query_size' and 'rates_dec' parameters upon submission to the /admin/display_prefs.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71340 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'from_date' and 'to_date' parameters upon submission to the /admin/fiscalyears.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71341 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus', 'id0', 'id1', 'id10', 'id11', 'id12', 'id13', 'id16', 'id17', 'id18', id2', 'id20' and 'id21' parameters upon submission to the /admin/forms_setup.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71342 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus' parameter upon submission to the /admin/print_profiles.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71343 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'descr', 'host', 'name', 'port', 'queue', 'selected_id' and 'tout' parameters upon submission to the /admin/printers.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71344 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'FromTransNo', 'ToTransNo' and '_focus' parameters upon submission to the /admin/view_print_transaction.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71345 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus' and 'date_' parameters upon submission to the /admin/void_transaction.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71346 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'date_', 'due_date', 'memo_', 'name', 'ref' and 'trans_no' parameters upon submission to the /dimensions/dimension_entry.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71347 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'FromDate', 'OrderNumber', 'ToDate' and '_focus' parameters upon submission to the /dimensions/inquiry/search_dimensions.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71348 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'trans_no' parameter upon submission to the /dimensions/view/view_dimension.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71349 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus' and 'reconcile_date' parameters upon submission to the /gl/bank_account_reconcile.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71350 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'DatePaid', '_focus', 'amount', 'charge', 'memo_' and 'ref' parameters upon submission to the /gl/bank_transfer.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71351 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '_focus', 'begin', 'days', 'description', 'end', 'monthly' and 'selected_id' parameters upon submission to the /sales/manage/recurrent_invoices.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71432 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dimensions/dimension_entry.php script not properly sanitizing user-supplied input to the 'ref' and 'trans_no' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71433 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dimensions/view/view_dimension.php script not properly sanitizing user-supplied input to the 'trans_no' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71434 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/bank_account_reconcile.php script not properly sanitizing user-supplied input to the 'reconcile_date' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71435 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/balance_sheet.php script not properly sanitizing user-supplied input to the 'TransToDate' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71436 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/bank_inquiry.php script not properly sanitizing user-supplied input to the 'TransToDate' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71437 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/gl_account_inquiry.php script not properly sanitizing user-supplied input to the 'TransToDate' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71438 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/gl_trial_balance.php script not properly sanitizing user-supplied input to the 'TransToDate' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71439 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/profit_loss.php script not properly sanitizing user-supplied input to the 'TransToDate' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71440 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/tax_inquiry.php script not properly sanitizing user-supplied input to the 'TransToDate' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71441 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gl/inquiry/journal_inquiry.php script not properly sanitizing user-supplied input to the 'FromDate', 'Memo', 'Ref' and 'ToDate' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71442 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the inventory/inquiry/stock_movements.php script not properly sanitizing user-supplied input to the 'AfterDate' and 'BeforeDate' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71443 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the manufacturing/work_order_add_finished.php script not properly sanitizing user-supplied input to the 'ref', 'selected_id' and 'trans_no' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71444 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the manufacturing/work_order_issue.php script not properly sanitizing user-supplied input to the 'IssueType', 'Location', 'WorkCentre', '_focus', '_stock_id_edit', '_stock_id_update', 'date', 'memo', 'qty', 'ref', 'std_cost', 'stock_id' and 'trans_no' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71445 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the purchasing/po_receive_items.php script not properly sanitizing user-supplied input to the 'PONumber' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71446 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the purchasing/supplier_credit.php script not properly sanitizing user-supplied input to the 'invoice_no', 'receive_begin' and 'receive_end' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71447 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the reporting/prn_redirect.php script not properly sanitizing user-supplied input to the 'PARAM_1' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71448 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the sales/customer_credit_invoice.php script not properly sanitizing user-supplied input to the 'InvoiceNumber' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 71471 - Disclosed: 2010-10-29

Description:

Front Accounting contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'trans_no' parameter upon submission to the /purchasing/allocations/supplier_allocate.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73354 - Disclosed: 2010-10-29

Description:

(Description Provided by CVE) : The Session Initiation Protocol (SIP) Proxy in the HTTP Transport component in IBM WebSphere Application Server (WAS) before 7.0.0.15 allows remote attackers to cause a denial of service (worker thread exhaustion and UDP messaging outage) by sending many UDP messages.

[CLOSE] OSVDB ID : 73580 - Disclosed: 2010-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 73537 - Disclosed: 2010-10-29

Description:

(Description Provided by CVE) : Use-after-free vulnerability in the proxy-server implementation in IBM Tivoli Directory Server (TDS) 6.0 before 6.0.0.65 (aka 6.0.0.8-TIV-ITDS-IF0007) and 6.3 before 6.3.0.1 (aka 6.3.0.0-TIV-ITDS-IF0001) allows remote authenticated users to cause a denial of service (daemon crash) via a paged search that is interrupted by an LDAP Unbind operation.

[CLOSE] OSVDB ID : 80340 - Disclosed: 2010-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 90381 - Disclosed: 2010-10-29

Description:

Google Chrome contains a flaw in the PDF parser that is triggered as user-supplied input is not properly sanitized. With a specially crafted PDF file, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68991 - Disclosed: 2010-10-28

Description:

Linux-PAM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error in the 'pam_env' module when dropping privileges occurs, allowing a local attacker to gain access to arbitrary files by symlinking the '.pam_environment' file to a restricted file.

[CLOSE] OSVDB ID : 68934 - Disclosed: 2010-10-28

Description:

AlstraSoft E-Friends contains a flaw related to the uploading of files. The issue is triggered when a remote attacker uploads arbitary files to a folder within the webroot while adding files to a group. This may allow an attacker to execute arbitrary PHP code.