[CLOSE] OSVDB ID : 67995 - Disclosed: 2010-09-12

Description:

UltraEdit is prone to a flaw in the way it loads dynamic-link libraries (e.g., dwmapi.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a bin, cpp, css, c, dat, hpp, html, h, ini, java, log, mak, php, prj, txt or xml file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 67971 - Disclosed: 2010-09-12

Description:

Open Classifieds contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'desc', 'price', 'title', and 'place' parameters upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67972 - Disclosed: 2010-09-12

Description:

Open Classifieds contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'subject' parameter upon submission to the 'content/contact.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67997 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'date1' parameter upon submission to the 'pvm_messagestore.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67998 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'userfilter' parameter upon submission to the 'pvm_user_management.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67999 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'ping' parameter upon submission to the 'sys_tools.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68000 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the 'pvm_cert_commaction.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68001 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the 'pvm_cert_serveraction.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68002 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'action' parameter upon submission to the 'pvm_smtpstore.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68003 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'l' parameter upon submission to the 'sla/index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68004 - Disclosed: 2010-09-12

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.

[CLOSE] OSVDB ID : 68005 - Disclosed: 2010-09-12

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to inject arbitrary web script or HTML via (1) the date1 parameter to pvm_messagestore.php, (2) the userfilter parameter to pvm_user_management.php, (3) the ping parameter to sys_tools.php in a sys_ping.php action, (4) the action parameter to pvm_cert_commaction.php, (5) the action parameter to pvm_cert_serveraction.php, (6) the action parameter to pvm_smtpstore.php, (7) the l parameter to sla/index.php, or (8) unspecified stored data; and allow remote authenticated users to inject arbitrary web script or HTML via (9) saved search filters.

[CLOSE] OSVDB ID : 68006 - Disclosed: 2010-09-12

Description:

(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5.0.2 allow remote attackers to hijack the authentication of administrators for requests that (1) change settings or (2) conduct denial of service attacks.

[CLOSE] OSVDB ID : 68007 - Disclosed: 2010-09-12

Description:

The Local Management Interface (LMI) on the IBM Proventia Network Mail Security System contains a flaw that allows a remote authenticated user to traverse outside of a restricted path. The issue is due to the 'sla/index.php' not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'l' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 68008 - Disclosed: 2010-09-12

Description:

(Description Provided by CVE) : CRLF injection vulnerability in load.php in the Local Management Interface (LMI) on the IBM Proventia Network Mail Security System (PNMSS) appliance with firmware before 2.5 allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the javaVersion parameter.

[CLOSE] OSVDB ID : 68038 - Disclosed: 2010-09-12

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

[CLOSE] OSVDB ID : 68039 - Disclosed: 2010-09-12

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in eshtery CMS (aka eshtery.com) allow remote attackers to execute arbitrary SQL commands via the (1) Criteria field in an unspecified form related to catlgsearch.aspx or (2) user name to an unspecified form related to adminlogin.aspx.

[CLOSE] OSVDB ID : 68022 - Disclosed: 2010-09-11

Description:

PaysiteReviewCMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'q' parameter upon submission to the 'search.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68023 - Disclosed: 2010-09-11

Description:

PaysiteReviewCMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'image' parameter upon submission to the 'image.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 67993 - Disclosed: 2010-09-11

Description:

QuickBooks is prone to a flaw in the way it loads dynamic-link libraries (e.g. dbicudtx11.dll, mfc90enu.dll, and mfc90loc.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a DES, QBO, or QPG file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 67968 - Disclosed: 2010-09-11

Description:

Piwigo contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions such as change the administrator's password . By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 68182 - Disclosed: 2010-09-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 69387 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (assertion failure and server crash) via vectors related to view preparation, pre-evaluation of LIKE predicates, and IN Optimizers.

[CLOSE] OSVDB ID : 69396 - Disclosed: 2010-09-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 69395 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : Unspecified vulnerability in MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via vectors related to "materializing a derived table that required a temporary table for grouping" and "user variable assignments."

[CLOSE] OSVDB ID : 69394 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (mysqld server crash) by performing a user-variable assignment in a logical expression that is calculated and stored in a temporary table for GROUP BY, then causing the expression value to be used after the table is created, which causes the expression to be re-evaluated instead of accessing its value from the table.

[CLOSE] OSVDB ID : 69393 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a prepared statement that uses GROUP_CONCAT with the WITH ROLLUP modifier, probably triggering a use-after-free error when a copied object is modified in a way that also affects the original object.

[CLOSE] OSVDB ID : 69392 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (server crash) via a query that uses the (1) GREATEST or (2) LEAST function with a mixed list of numeric and LONGBLOB arguments, which is not properly handled when the function's result is "processed using an intermediate temporary table."

[CLOSE] OSVDB ID : 69391 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : MySQL 5.1 before 5.1.51 and 5.5 before 5.5.6 allows remote authenticated users to cause a denial of service (infinite loop) via multiple invocations of a (1) prepared statement or (2) stored procedure that creates a query with nested JOIN statements.

[CLOSE] OSVDB ID : 69390 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : MySQL 5.0 before 5.0.92, 5.1 before 5.1.51, and 5.5 before 5.5.6 does not properly propagate type errors, which allows remote attackers to cause a denial of service (server crash) via crafted arguments to extreme-value functions such as (1) LEAST and (2) GREATEST, related to KILL_BAD_DATA and a "CREATE TABLE ... SELECT."

[CLOSE] OSVDB ID : 69389 - Disclosed: 2010-09-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 69388 - Disclosed: 2010-09-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 68110 - Disclosed: 2010-09-10

Description:

Haudenschilt Family Connections CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'familynews.php' script not properly sanitizing user input supplied to the 'current_user_id' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 68111 - Disclosed: 2010-09-10

Description:

Haudenschilt Family Connections CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'settings.php' script not properly sanitizing user input supplied to the 'current_user_id' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 68736 - Disclosed: 2010-09-10

Description:

Adobe Flash Player is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. This can be done by tricking a user into opening an unspecified file from the local file system or a USB drive in some cases. This attack scenario is certainly possible, but rare.

[CLOSE] OSVDB ID : 89992 - Disclosed: 2010-09-10

Description:

Portable SDK for UPnP Devices contains a flaw in libupnp that may allow a remote denial of service when parsing malformed XML content. This may allow a context-dependent attacker to crash a client's session when a specially crafted XML response is sent to the device.

[CLOSE] OSVDB ID : 67945 - Disclosed: 2010-09-10

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in futomi CGI Cafe Access Analyzer CGI Professional, and Standard 4.0.2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 68084 - Disclosed: 2010-09-10

Description:

Symphony CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'fields[website]' parameter upon submission to the 'articles/a-primer-to-symphony-2s-default-theme/' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68085 - Disclosed: 2010-09-10

Description:

Symphony CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'send-email[recipient]' parameter upon submission to the 'about/' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 68086 - Disclosed: 2010-09-10

Description:

Symphony CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'about/' script not properly sanitizing user-supplied input to the 'send-email[recipient]' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.