[CLOSE] OSVDB ID : 68715 - Disclosed: 2010-10-18

Description:

PCDJ Karaoki is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically how it loads 'saMon2.exe' while using 'ShellExecute()'. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a M3U file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 68708 - Disclosed: 2010-10-18

Description:

Kisisel Radyo Script contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when the program stores sensitive information inside the web root with insecure access permissions, which will disclose database information to a remote attacker via a direct request for 'sevvo/eco23.mdb'.

[CLOSE] OSVDB ID : 68707 - Disclosed: 2010-10-18

Description:

IBM Informix Dynamic Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With specially crafted lengthy DBINFO keyword arguments in an SQL statement, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68706 - Disclosed: 2010-10-18

Description:

IBM Informix Dynamic Server is prone to an overflow condition. 'librpc.dll' in 'portmap.exe' fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted RPC packet with a crafted parameter size sent to TCP port 36890, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68705 - Disclosed: 2010-10-18

Description:

IBM Informix Dynamic Server is prone to an overflow condition. An unspecified logging function in 'oninit.exe' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted EXPLAIN directive, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68710 - Disclosed: 2010-10-18

Description:

Adobe RoboHelp for Word contains a flaw while generating WebHelp that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68709 - Disclosed: 2010-10-18

Description:

Kisisel Radyo Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'radyo.asp' script not properly sanitizing user-supplied input to the 'Id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 68711 - Disclosed: 2010-10-18

Description:

Adobe RoboHelp contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68860 - Disclosed: 2010-10-18

Description:

HP Systems Insight Manager contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for unspecified users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 68766 - Disclosed: 2010-10-18

Description:

TeraPad is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a TXT or HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 68774 - Disclosed: 2010-10-18

Description:

libguestfs contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a raw-format disk image is used, which will disclose arbitrary files to a local guest OS administrator via a crafted 'qcow2', 'VMDK' or 'VDI' header.

[CLOSE] OSVDB ID : 68861 - Disclosed: 2010-10-18

Description:

HP Systems Insight Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68862 - Disclosed: 2010-10-18

Description:

HP Systems Insight Manager contains an unspecified flaw that may allow a remote attacker to gain elevated privileges. No further details have been provided.

[CLOSE] OSVDB ID : 70260 - Disclosed: 2010-10-18

Description:

Linux Kernel is prone to an overflow condition. The 'econet_sendmsg' function in 'net/econet/af_econet.c' fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. By providing a large number of iovec structures, a local attacker can gain elevated privileges.

[CLOSE] OSVDB ID : 70261 - Disclosed: 2010-10-18

Description:

Linux Kernel contains a flaw that may allow a local denial of service. The issue is triggered when the 'econet_sendmsg' function in 'net/econet/af_econet.c' alows local users to use a sendmsg call which specifies a NULL value for the remote address field to cause a denial of service via a NULL pointer dereference.

[CLOSE] OSVDB ID : 71086 - Disclosed: 2010-10-18

Description:

MFC Applications made with Microsoft Visual Studio are prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .bp file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 71084 - Disclosed: 2010-10-18

Description:

Rafe 7 is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically idapi32.dll, idbat32.dll, idr20009.dll, idsql32.dll and odbc32.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 71083 - Disclosed: 2010-10-18

Description:

Brilliant Accounting System is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 71082 - Disclosed: 2010-10-18

Description:

Sahar Money Manager is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically unicows.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 71081 - Disclosed: 2010-10-18

Description:

Holoo is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically 'idapi32.dll', 'idr20009.dll' and 'odbc32.dll'. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 71080 - Disclosed: 2010-10-18

Description:

Xilisoft Video Converter is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically 'quserex.dll' and 'wintab32.dll'. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 75050 - Disclosed: 2010-10-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 75186 - Disclosed: 2010-10-18

Description:

(Description Provided by CVE) : Symantec Norton AntiVirus 2011 does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution. NOTE: the researcher indicates that a vendor response was received, stating that this issue "falls into the work of our Firewall and not our AV (per our methodology of layers of defense)."

[CLOSE] OSVDB ID : 75187 - Disclosed: 2010-10-18

Description:

(Description Provided by CVE) : AVG Anti-Virus does not properly interact with the processing of hcp:// URLs by the Microsoft Help and Support Center, which makes it easier for remote attackers to execute arbitrary code via malware that is correctly detected by this product, but with a detection approach that occurs too late to stop the code execution.

[CLOSE] OSVDB ID : 87682 - Disclosed: 2010-10-18

Description:

ExpressionEngine contains a flaw that is triggered when an unspecified error occurs, which may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 68936 - Disclosed: 2010-10-15

Description:

IBM solidDB contains a flaw that may allow a remote denial of service. The issue is triggered when solid.exe suffers from an error when processing certian input, resulting in a stack consumption vulnerability, allowing a remote attacker to cause a denial of service by sending a crafted packet with multiple integer fields to TCP port 1315, which causes multiple recursive calls of a certain function.

[CLOSE] OSVDB ID : 68937 - Disclosed: 2010-10-15

Description:

IBM solidDB contains a flaw that may allow a remote denial of service. The issue is triggered when solid.exe fails to properly perform a recursive call to a certain function when receiving packet data containing a single integer field. This may allow a remote attacker to cause a NULL pointer dereference denial of service via a TCP session on port 1315.

[CLOSE] OSVDB ID : 68938 - Disclosed: 2010-10-15

Description:

IBM solidDB contains a flaw that may allow a remote denial of service. The issue is triggered when solid.exe fails to properly perform a recursive call to a certain function when receiving packet data with multiple integer fields with two different values, allowing a remote attacker to cause an invalid memory access denial of service via a TCP session on port 1315.

[CLOSE] OSVDB ID : 68750 - Disclosed: 2010-10-15

Description:

Rocket U2 UniData contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'uvrpc_read_message()' function in 'unirpc32.dll' occurs when processing packets, which may be exploited to reference an unallocated memory region to cause a denial of service.

[CLOSE] OSVDB ID : 68753 - Disclosed: 2010-10-15

Description:

Rocket U2 UniData is prone to an overflow condition. The 'uvrpc_unpack_args()' function in 'unirpc32.dll' fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted packet, a remote attacker can potentially cause a denial of service.

[CLOSE] OSVDB ID : 68752 - Disclosed: 2010-10-15

Description:

Rocket U2 UniData contains a flaw that may allow a remote denial of service. The issue is triggered when an error in the 'uvrpc_unpack_args()' function in 'unirpc32.dll' occurs when processing packets, which may be exploited to reference an unallocated memory region to cause a denial of service.

[CLOSE] OSVDB ID : 68751 - Disclosed: 2010-10-15

Description:

Rocket U2 UniData contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error occurs when processing packets, which may be exploited to reference unallocated memory to cause a denial of service.

[CLOSE] OSVDB ID : 68812 - Disclosed: 2010-10-15

Description:

RealWin is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted 'SCPC_INITIALIZE', 'SCPC_INITIALIZE_RF' or 'SCPC_TXTEVENT' packet, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68664 - Disclosed: 2010-10-15

Description:

STDU Explorer is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a folder from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 68663 - Disclosed: 2010-10-15

Description:

MEO Encryption Software is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a MEO or CRY file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 68671 - Disclosed: 2010-10-15

Description:

RealPlayer is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted QCP file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 68673 - Disclosed: 2010-10-15

Description:

RealPlayer, Realplayer SP and RealPlayer Enterprise contain a flaw related to the improper initialization of an unspecified component while parsing a CDDA URI. This may allow a context-dependent attacker to execute arbitrary code via a long crafted URI.

[CLOSE] OSVDB ID : 68674 - Disclosed: 2010-10-15

Description:

RealPlayer, RealPlayer SP and RealPlayer Enterprise are prone to an overflow condition. The RichFX component fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. This may allow a context-dependent attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 68712 - Disclosed: 2010-10-15

Description:

Blue Coat ProxySG contains a flaw related to the Active Content Transformation or Removal feature failing to detect hex and UTF-8 encoded Javascript. This may allow a remote attacker to bypass policy rules that sanitize active content.

[CLOSE] OSVDB ID : 87497 - Disclosed: 2010-10-15

Description:

XOOPS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the kernel/module.php script not properly sanitizing user-supplied input to the getByDirname() function that is passed to modules\system\admin\modulesadmin\main.php and include\cp_header.php. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.