| OSVDB ID | Disclosure Date | Title |
|---|
|
76083
Description:
(Description Provided by CVE) : Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when IPv6 is used, allows remote attackers to cause a denial of service (memory corruption and module crash or hang) via vectors that trigger syslog message 302015, aka Bug ID CSCti83875.
|
2011-10-05
|
Cisco Firewall Services Module (FWSM) IPv6 Syslog Message 302015 Log Generation Remote Memory Corruption
|
|
76084
Description:
(Description Provided by CVE) : Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7), when certain authentication configurations are used, allows remote attackers to cause a denial of service (module crash) by making many authentication requests for network access, aka Bug ID CSCtn15697.
|
2011-10-05
|
Cisco Firewall Services Module (FWSM) Authentication Request Saturation Remote DoS
|
|
76086
Description:
(Description Provided by CVE) : Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92380 and CSCtq09972.
|
2011-10-05
|
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3299)
|
|
76087
Description:
(Description Provided by CVE) : Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06065 and CSCtq09978.
|
2011-10-05
|
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3300)
|
|
76088
Description:
(Description Provided by CVE) : Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCtq06062 and CSCtq09986.
|
2011-10-05
|
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3301)
|
|
76089
Description:
(Description Provided by CVE) : Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 and 8.2 before 8.2(5.11), 8.3 before 8.3(2.23), 8.4 before 8.4(2.6), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via crafted SunRPC traffic, aka Bug IDs CSCto92398 and CSCtq09989.
|
2011-10-05
|
Cisco Multiple Product SunRPC Message Packet Parsing Remote DoS (2011-3302)
|
|
76090
Description:
(Description Provided by CVE) : Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.4), 8.0 before 8.0(5.25), 8.1 before 8.1(2.50), 8.2 before 8.2(5.6), 8.3 before 8.3(2.23), 8.4 before 8.4(2.7), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to cause a denial of service (device reload) via malformed ILS traffic, aka Bug IDs CSCtq57697 and CSCtq57802.
|
2011-10-05
|
Cisco Multiple Product ILS Message Packet Parsing Remote DoS
|
|
76096
Description:
(Description Provided by CVE) : Stack-based buffer overflow in Iceni Argus 6.20 and earlier and Infix 5.04 allows remote attackers to execute arbitrary code via a crafted PDF document that uses flate compression.
|
2011-10-05
|
Iceni Multiple Product Flate Compressed PDF File Handling Remote Overflow
|
|
76138
Description:
vTiger CRM contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'onlyforuser' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-10-05
|
vtiger CRM index.php onlyforuser Parameter SQL Injection
|
|
76139
Description:
(Description Provided by CVE) : PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.
|
2011-10-05
|
vtiger CRM cron/class.phpmailer.php phpmailer File Remote Command Execution
|
|
76140
Description:
Unknown / Incomplete
|
2011-10-05
|
vtiger CRM phpversionfail.php PHP Version Disclosure
|
|
76176
Description:
(Description Provided by CVE) : net/packet/af_packet.c in the Linux kernel before 2.6.39.3 does not properly restrict user-space access to certain packet data structures associated with VLAN Tag Control Information, which allows local users to obtain potentially sensitive information via a crafted application.
|
2011-10-05
|
Linux Kernel Multiple Function Local Information Disclosure
|
|
76178
Description:
(Description Provided by CVE) : oowriter in OpenOffice.org 3.3.0 and LibreOffice before 3.4.3 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers an out-of-bounds read in the DOC sprm parser.
|
2011-10-05
|
OpenOffice.org (OOo) Out-of-of Bounds Read DOC FIle Handling Remote DoS
|
|
84208
Description:
WebKit contains a flaw that allows an attacker to conduct an HTTP response splitting attack. This flaw exists because window.location.href and similar needlessly decode URI-encoded characters. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.
|
2011-10-05
|
WebKit WebSockets Handling HTTP Header Response Splitting
|
|
76080
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Cisco Network Admission Control (NAC) Manager 4.8.x allows remote attackers to read arbitrary files via crafted traffic to TCP port 443, aka Bug ID CSCtq10755.
|
2011-10-05
|
Cisco Network Admission Control (NAC) Management Interface URI Traversal Arbitrary File Access
|
|
76085
Description:
(Description Provided by CVE) : Cisco Adaptive Security Appliances (ASA) 5500 series devices, and the ASA Services module in Cisco Catalyst 6500 series devices, with software 7.0 before 7.0(8.13), 7.1 and 7.2 before 7.2(5.3), 8.0 before 8.0(5.24), 8.1 before 8.1(2.50), 8.2 before 8.2(5), 8.3 before 8.3(2.18), 8.4 before 8.4(1.10), and 8.5 before 8.5(1.1) and Cisco Firewall Services Module (aka FWSM) 3.1 before 3.1(21), 3.2 before 3.2(22), 4.0 before 4.0(16), and 4.1 before 4.1(7) allow remote attackers to bypass authentication via a crafted TACACS+ reply, aka Bug IDs CSCto40365 and CSCto74274.
|
2011-10-05
|
Cisco Multiple Product TACACS+ Reply Parsing Authentication Bypass
|
|
76094
Description:
Petition Node Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input when signing a petition before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-05
|
Petition Node Module for Drupal Petition Signing Unspecified XSS
|
|
76095
Description:
Unknown / Incomplete
|
2011-10-05
|
Homebox Module for Drupal OG Submodule Unspecified XSS
|
|
76100
Description:
(Description Provided by CVE) : Openswan 2.6.29 through 2.6.35 allows remote attackers to cause a denial of service (NULL pointer dereference and pluto IKE daemon crash) via an ISAKMP message with an invalid KEY_LENGTH attribute, which is not properly handled by the error handling function.
|
2011-10-05
|
Openswan pluto/ike_alg.c ike_alg_enc_ok() Function ISAKMP Message IKE Packet Parsing Remote DoS
|
|
76101
Description:
Rate Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'content_type' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-05
|
Rate Module for Drupal index.php content_type Parameter XSS
|
|
76103
Description:
Unknown / Incomplete
|
2011-10-05
|
Echo Module for Drupal Unspecified XSS
|
|
76104
Description:
Unknown / Incomplete
|
2011-10-05
|
Echo Module for Drupal Unspecified URL Spoofing Weakness
|
|
76108
Description:
Unknown / Incomplete
|
2011-10-05
|
OG Features Module for Drupal Local Task Menu Item Handling Multiple Admin Page Access Restriction Bypass
|
|
78051
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-05
|
kexec-tools StrictHostKeyChecking SSH-Parameter MitM Weakness kdump Core Field Disclosure
|
|
78052
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-05
|
kexec-tools mkdumprd initrd Permission Weakness Information Disclosure
|
|
78053
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-05
|
kexec-tools mkdumprd initrd File Exposure Weakness
|
|
76057
Description:
(Description Provided by CVE) : imap/nntpd.c in the NNTP server (nntpd) for Cyrus IMAPd 2.4.x before 2.4.12 allows remote attackers to bypass authentication by sending an AUTHINFO USER command without sending an additional AUTHINFO PASS command.
|
2011-10-04
|
Cyrus IMAP Server NNTP AUTHINFO USER Command Parsing Authentication Bypass Arbitrary Command Execution
|
|
76062
Description:
(Description Provided by CVE) : Google Chrome before 14.0.835.202 does not properly handle SVG text, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that lead to "stale font."
|
2011-10-04
|
Google Chrome Stale Font SVG Text Handling Remote Code Execution
|
|
76063
Description:
WebKit contains a flaw in the 'V8DOMWindow::namedSecurityCheck' function [WebCore/bindings/v8/custom/V8DOMWindowCustom.cpp] as access to the window prototype is not properly restricted. With a specially crafted web page, a context-dependent attacker can bypass the same-origin policy restrictions.
|
2011-10-04
|
WebKit Window Prototype Named Property Confusion Same Origin Policy Bypass
|
|
76097
Description:
Unknown / Incomplete
|
2011-10-04
|
concrete5 index.php/tools/blocks/page_list/blog_rss cID Parameter Malformed Input Path Disclosure
|
|
76098
Description:
Unknown / Incomplete
|
2011-10-04
|
concrete5 index.php/login/forgot_password rcID Parameter XSS
|
|
76005
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.
|
2011-10-04
|
vtiger CRM index.php Multiple Parameter XSS
|
|
76006
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in vTiger CRM 5.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) viewname parameter in a CalendarAjax action, (2) activity_mode parameter in a DetailView action, (3) contact_id and (4) parent_id parameters in an EditView action, (5) day, (6) month, (7) subtab, (8) view, and (9) viewOption parameters in the index action, and (10) start parameter in the ListView action to the Calendar module; (11) return_action and (12) return_module parameters in the EditView action, and (13) query parameter in an index action to the Campaigns module; (14) return_url and (15) workflow_id parameters in an editworkflow action to the com_vtiger_workflow module; (16) display_view parameter in an index action to the Dashboard module; (17) closingdate_end, (18) closingdate_start, (19) date_closed, (20) owner, (21) leadsource, (22) sales_stage, and (23) type parameters in a ListView action to the Potentials module; (24) folderid parameter in a SaveandRun action to the Reports module; (25) returnaction and (26) groupId parameters in a createnewgroup action, (27) mode and (28) parent parameters in a createrole action, (29) src_module in a ModuleManager action, (30) mode and (31) profile_id parameters in a profilePrivileges action, and (32) roleid parameter in a RoleDetailView to the Settings module; and (33) action parameter to the Home module and (34) module parameter to phprint.php.
|
2011-10-04
|
vtiger CRM phprint.php Multiple Parameter XSS
|
|
76061
Description:
(Description Provided by CVE) : Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving a text line box.
|
2011-10-04
|
Google Chrome Use-after-free Text Line Box Handling Remote Code Execution
|
|
76060
Description:
(Description Provided by CVE) : Buffer overflow in VMware Workstation 7.x before 7.1.5, VMware Player 3.x before 3.1.5, VMware Fusion 3.1.x before 3.1.3, and VMware AMS allows remote attackers to execute arbitrary code via a crafted UDF filesystem in an ISO image.
|
2011-10-04
|
VMware Multiple Product UDF Filesystem ISO Image Handling Overflow
|
|
76064
Description:
(Description Provided by CVE) : Google Chrome before 14.0.835.202 does not properly consider object lifetimes and thread safety during the handling of audio nodes, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
2011-10-04
|
Google Chrome Lifetime / Threading Weakness Audio Node Handling Unspecified Issue
|
|
76065
Description:
(Description Provided by CVE) : Use-after-free vulnerability in Google Chrome before 14.0.835.202 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the Google V8 bindings.
|
2011-10-04
|
Google Chrome Use-after-free V8 Bindings Remote Code Execution
|
|
76066
Description:
(Description Provided by CVE) : Google Chrome before 14.0.835.202 does not properly handle Google V8 hidden objects, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
|
2011-10-04
|
Google Chrome V8 Hidden Objects Remote Memory Corruption
|
|
76067
Description:
(Description Provided by CVE) : Google Chrome before 14.0.835.202 does not properly implement shader translation, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
2011-10-04
|
Google Chrome Shader Translator Remote Memory Corruption
|
|
76099
Description:
Unknown / Incomplete
|
2011-10-04
|
concrete5 index.php/dashboard/reports/surveys ccm_order_dir Parameter SQL Injection
|
