[CLOSE] OSVDB ID : 77485 - Disclosed: 2011-10-31

Description:

(Description Provided by CVE) : Integer overflow in the oom_badness function in mm/oom_kill.c in the Linux kernel before 3.1.8 on 64-bit platforms allows local users to cause a denial of service (memory consumption or process termination) by using a certain large amount of memory.

[CLOSE] OSVDB ID : 80804 - Disclosed: 2011-10-31

Description:

WP Glossary Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ajax.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76726 - Disclosed: 2011-10-31

Description:

HM Community Component Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'language[]', 'university[]', 'persent[]', 'company_name[]', 'designation[]', 'music[]', 'books[]', 'movies[]', 'games[]', 'syp[]', 'ft[]' and 'fa[]' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 76728 - Disclosed: 2011-10-31

Description:

(Description Provided by CVE) : Buffer overflow in MiniSmtp 3.0.11818 in NJStar Communicator allows remote attackers to execute arbitrary code via a crafted packet.

[CLOSE] OSVDB ID : 76727 - Disclosed: 2011-10-31

Description:

HM Community Component Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76923 - Disclosed: 2011-10-31

Description:

Barracuda Link Balancer contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'zoneid' and 'scope' parameters upon submission to the Authoritative DNS - DNS Zones module. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 83371 - Disclosed: 2011-10-31

Description:

jbShop for e107 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the jbshop.php script not properly sanitizing user-supplied input to the 'item_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76868 - Disclosed: 2011-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76869 - Disclosed: 2011-10-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76839 - Disclosed: 2011-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 78889 - Disclosed: 2011-10-30

Description:

NexorONE contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'message' parameter upon submission to the secure/login.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 76665 - Disclosed: 2011-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76739 - Disclosed: 2011-10-30

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76740 - Disclosed: 2011-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76741 - Disclosed: 2011-10-30

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76743 - Disclosed: 2011-10-30

Description:

Megatops YaTFTPSvr contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the TFTP service not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to access and manipulate arbitrary files.

[CLOSE] OSVDB ID : 77048 - Disclosed: 2011-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76708 - Disclosed: 2011-10-29

Description:

Vik Real Estate Extension for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'contract' and 'imm' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76915 - Disclosed: 2011-10-29

Description:

JEEMA SMS Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'filter_subsearch' and 'groupid' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76927 - Disclosed: 2011-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76916 - Disclosed: 2011-10-29

Description:

JEEMA SMS Component for Joomla! contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the transfer of user credits. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 77753 - Disclosed: 2011-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76624 - Disclosed: 2011-10-28

Description:

FFFTP is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .txt (or possibly other) file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 76859 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : Unspecified vulnerability in Twilight Frontier Touhou Hisouten 1.06 and earlier allows remote attackers to cause a denial of service (daemon crash) via unknown network traffic.

[CLOSE] OSVDB ID : 77204 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : Unspecified vulnerability in IBM DB2 9.7 before FP5 on UNIX, when the Self Tuning Memory Manager (STMM) feature and the AUTOMATIC DATABASE_MEMORY setting are configured, allows local users to cause a denial of service (daemon crash) via unknown vectors.

[CLOSE] OSVDB ID : 76628 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : Buffer overflow in the SSH server functionality on the D-Link DES-3800 with firmware before 4.50B052, DWL-2100AP with firmware before 2.50RC548, and DWL-3200AP with firmware before 2.55RC549 allows remote attackers to execute arbitrary code or cause a denial of service via unspecified vectors.

[CLOSE] OSVDB ID : 76729 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : The server process in Novell Messenger 2.1 and 2.2.x before 2.2.1, and Novell GroupWise Messenger 2.04 and earlier, allows remote attackers to read from arbitrary memory locations via a crafted command.

[CLOSE] OSVDB ID : 76725 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : Use-after-free vulnerability in the cryptographic helper handler functionality in Openswan 2.3.0 through 2.6.36 allows remote authenticated users to cause a denial of service (pluto IKE daemon crash) via vectors related to the (1) quick_outI1_continue and (2) quick_outI1 functions.

[CLOSE] OSVDB ID : 76867 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : EMC RSA Key Manager (RKM) Appliance 2.7 SP1 before 2.7.1.6, when Firefox 4.x or 5.0 is used, does not properly terminate a user session upon a logout action, which makes it easier for remote attackers to execute arbitrary code by leveraging an unattended workstation.

[CLOSE] OSVDB ID : 83417 - Disclosed: 2011-10-28

Description:

Techfolio Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the frontend/models/techfoliodetail.php script not properly sanitizing user-supplied input to the 'catid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 84058 - Disclosed: 2011-10-28

Description:

X.Org contains a flaw related to the X window system (X11) X Wrapper on Debian. The issue may allow an attacker to bypass unspecified restrictions. No further details have been provided.

[CLOSE] OSVDB ID : 76722 - Disclosed: 2011-10-28

Description:

Simple Balance Theme for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the wp-content/themes/simplebalance/search.php script does not validate the 's parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78569 - Disclosed: 2011-10-28

Description:

(Description Provided by CVE) : The Bluetooth service (com/android/phone/BluetoothHeadsetService.java) in Android 2.3 before 2.3.6 allows remote attackers within Bluetooth range to obtain contact data via an AT phonebook transfer.

[CLOSE] OSVDB ID : 83418 - Disclosed: 2011-10-28

Description:

GFI Faxmaker contains a flaw related to Fax Viewer that may allow for a denial of service. The issue is triggered when a user opens a malformed fax file, resulting in a loss of availability for the program. This can be exploited remotely by tricking a user into opening the crafted file (e.g., via email), or locally by placing it in a location that may seem safe (e.g., a network share).

[CLOSE] OSVDB ID : 94240 - Disclosed: 2011-10-28

Description:

Jenkins OpenID Plugin contains an unspecified flaw in SSO mode that may allow an attacker to gain unauthorized administrative access. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 77446 - Disclosed: 2011-10-27

Description:

(Description Provided by CVE) : Integer overflow in the exif_process_IFD_TAG function in exif.c in the exif extension in PHP 5.4.0beta2 on 32-bit platforms allows remote attackers to read the contents of arbitrary memory locations or cause a denial of service via a crafted offset_val value in an EXIF header in a JPEG file, a different vulnerability than CVE-2011-0708.

[CLOSE] OSVDB ID : 76621 - Disclosed: 2011-10-27

Description:

(Description Provided by CVE) : The default configuration of the Sametime configuration servlet (SCS) in the server in IBM Lotus Sametime 7.0 through 8.5.2 does not enable an authentication requirement, which allows remote attackers to read the configuration settings by examining a response message.

[CLOSE] OSVDB ID : 76777 - Disclosed: 2011-10-27

Description:

(Description Provided by CVE) : The LiveData Service in CSWorks before 2.0.4115.1 allows remote attackers to cause a denial of service (service crash) via crafted TCP packets.

[CLOSE] OSVDB ID : 76858 - Disclosed: 2011-10-27

Description:

(Description Provided by CVE) : ** DISPUTED ** Untrusted search path vulnerability in Mozilla Network Security Services (NSS), as used in Google Chrome before 17 on Windows and Mac OS X, might allow local users to gain privileges via a Trojan horse pkcs11.txt file in a top-level directory. NOTE: the vendor's response was "Strange behavior, but we're not treating this as a security bug."

[CLOSE] OSVDB ID : 78039 - Disclosed: 2011-10-27

Description:

(Description Provided by CVE) : Tor before 0.2.2.24-alpha continues to use a reachable bridge that was previously configured but is not currently configured, which might allow remote attackers to obtain sensitive information about clients in opportunistic circumstances by monitoring network traffic to the bridge port.