| OSVDB ID | Disclosure Date | Title |
|---|
|
76106
Description:
(Description Provided by CVE) : The CMFEditions component 2.x in Plone 4.0.x through 4.0.9, 4.1, and 4.2 through 4.2a2 does not prevent the KwAsAttributes classes from being publishable, which allows remote attackers to access sub-objects via unspecified vectors, a different vulnerability than CVE-2011-3587.
|
2011-10-04
|
Plone CMFEditions Component KwAsAttributes Class Handling Remote Command Execution
|
|
83373
Description:
Octopussy contains a flaw that is triggered by ReadOnly users (RO) having excessive privileges. This may allow an attacker to cause a reload on the program, remove alerts, reload or delete a device, remove entries within a list,acknowledge alerts, and trigger a report.
|
2011-10-04
|
Octopussy ReadOnly User (RO) Permission Excessive Privilege Weakness
|
|
84059
Description:
Easy Hosting Control Panel contains a flaw that is triggered when the administrator function used in creating an FTP account and a domain do not properly restrict access to users not logged in. This may allow an attacker to bypass authentication and create an FTP account and domain.
|
2011-10-04
|
Easy Hosting Control Panel Multiple Admin Function Authentication Bypass
|
|
76059
Description:
CF Image Hosting Script contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'q' parameter upon submission to the inc/tesmodrewite.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-04
|
CF Image Hosting Script inc/tesmodrewite.php q Parameter XSS
|
|
76092
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in (1) view/admin/log_item.php and (2) view/admin/log_item_details.php in the Redirection plugin 2.2.9 for WordPress allow remote attackers to inject arbitrary web script or HTML via the Referer HTTP header in a request to a post that does not exist.
|
2011-10-04
|
Redirection Plugin for WordPress view/admin/log_item.php Non-existent Posts Referer HTTP Header XSS
|
|
76102
Description:
Unknown / Incomplete
|
2011-10-04
|
Tine 2.0 Multiple Library file Parameter XSS
|
|
76112
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
Autonomy Keyview jtdsr.dll Ichitaro Document QLST Chunk Handling Overflow
|
|
76113
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
Autonomy Keyview jtdsr.dll Ichitaro Document Text Data Block Handling Overflow
|
|
76114
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
Autonomy Keyview jtdsr.dll Ichitaro Document Text Data Reconstructing Handling Overflow
|
|
76127
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
radvd process.c process_ra() Function ND_OPT_DNSSL_INFORMATION Option Parsing Overflow
|
|
76128
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
radvd device-linux.c set_interface_var() Function Symlink / Traversal Local Arbitrary File Overwrite
|
|
76129
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
radvd privsep_init() Error Weakness Privilege Escalation
|
|
76130
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
radvd process.c process_ra() Function len() Check Weakness Out-of-bounds Read DoS
|
|
76131
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-04
|
radvd process_rs() Function mdelay() Call ND_ROUTER_SOLICIT Saturation DoS
|
|
76612
Description:
Tine 2.0 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'lang' parameter and input passed via the URL upon submission to the library/idnaconvert/example.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-04
|
Tine 2.0 library/idnaconvert/example.php Multiple Parameter XSS
|
|
76613
Description:
Tine 2.0 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the library/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-04
|
Tine 2.0 library/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php URI XSS
|
|
77447
Description:
Unknown / Incomplete
|
2011-10-04
|
Redirection Plugin for WordPress view/admin/log_item_details.php Non-existent Posts Referer HTTP Header XSS
|
|
83883
Description:
Burning Studio Elements is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap overflow. With a specially crafted .ashprj file, a context-dependent attacker can potentially execute arbitrary code.
|
2011-10-04
|
Burning Studio Elements .ashprj File Handling Overflow
|
|
76016
Description:
KSSL in KDE contains a flaw related to certificate validation. The issue is due to the application not using a certain font when rendering certificate fields in a security dialog. This may allow an attacker with access to network traffic (e.g. MiTM, DNS cache poisoning) to spoof the SSL server via an arbitrary certificate containing rich text that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.
|
2011-10-03
|
KDE KSSL Certificate Text Format CN Field RTF Data Parsing Certificate Spoofing Weakness
|
|
75997
Description:
phpPgAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate a web page title upon submission to the 'classes/Misc.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-03
|
phpPgAdmin classes/Misc.php Page Title XSS
|
|
75998
Description:
phpPgAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'return_url' and 'return_desc' parameters upon submission to the 'display.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-03
|
phpPgAdmin display.php Multiple Parameter XSS
|
|
76025
Description:
(Description Provided by CVE) : The Crypt::DSA (aka Crypt-DSA) module 1.17 and earlier for Perl, when /dev/random is absent, uses the Data::Random module, which makes it easier for remote attackers to spoof a signature, or determine the signing key of a signed message, via a brute-force attack.
|
2011-10-03
|
Crypt-DSA Module for Perl /dev/random Absence Random Number Generator Weakness
|
|
76026
Description:
Phorum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the admin.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-10-03
|
Phorum admin.php URI XSS
|
|
76021
Description:
(Description Provided by CVE) : Rekonq 0.7.0 and earlier does not use a certain font when rendering certificate fields in a security dialog, which allows remote attackers to spoof the common name (CN) of a certificate via rich text.
|
2011-10-03
|
rekonq Certificate Text Format CN Field RTF Data Parsing Certificate Spoofing Weakness
|
|
77302
Description:
(Description Provided by CVE) : The mod_pubsub module (mod_pubsub.erl) in ejabberd 2.1.8 and 3.0.0-alpha-3 allows remote authenticated users to cause a denial of service (infinite loop) via a stanza with a publish tag that lacks a node attribute.
|
2011-10-03
|
ejabberd mod_pubsub Module <publish> Stanza Parsing Remote DoS
|
|
76014
Description:
Unknown / Incomplete
|
2011-10-03
|
ThinVNC Pro /ft/ URL Request Parsing Authentication Bypass Arbitrary File Access
|
|
75995
Description:
Unknown / Incomplete
|
2011-10-03
|
Radfa Sabadkharid wysiwyg/editor/filemanager/upload/php/upload.php File Upload Arbitrary PHP Code Execution
|
|
75999
Description:
Unknown / Incomplete
|
2011-10-03
|
ezCourses admin/add_admin.asp Admin User Addition
|
|
76000
Description:
Unknown / Incomplete
|
2011-10-03
|
ezCourses admin/admin_db.asp Admin User Profile Manipulation
|
|
76003
Description:
Unknown / Incomplete
|
2011-10-03
|
QtWeb Browser URL Display Spoofing Weakness
|
|
76022
Description:
Unknown / Incomplete
|
2011-10-03
|
SmoothGallery plugin for WordPress wp-content/plugins/smoothgallery/extra/resizer.php src Parameter File Upload PHP Code Execution
|
|
76058
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-10-03
|
Samba mtab Lock File Handling Local DoS
|
|
76126
Description:
Netvolution CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the default.asp script not properly sanitizing user-supplied input to the 'Referer' HTTP header. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-10-03
|
Netvolution CMS default.asp Referer HTTP Header SQL Injection
|
|
76134
Description:
OfficeWatch Call Accounting contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the web interface. This directory traversal attack would allow the attacker to access arbitrary files.
|
2011-10-03
|
OfficeWatch Call Accounting Web Interface Unspecified Traversal Arbitrary File Access
|
|
80317
Description:
Unknown / Incomplete
|
2011-10-03
|
phpFK Multiple Script URI XSS
|
|
84060
Description:
Online Bookstore contains a flaw that is triggered when input passed via the 'Form_member_id' and 'p_Form_member_id' parameters is not properly sanitized upon submission to the MyInfo.aspx script. This may allow a remote attacker to reset an administrators password.
|
2011-10-03
|
Online Bookstore MyInfo.aspx Multiple Parameter Admin Password Manipulation
|
|
87507
Description:
Oracle MySQL contains a method in suppressing the statement logging feature. When the server is started with the --log-raw option, a local attacker may be able to gain access to password information due to the program no longer modifying multiple fields such as CREATE USER or GRANT.
|
2011-10-03
|
Oracle MySQL Statement Logging Multiple Log Plaintext Local Password Disclosure
|
|
83882
Description:
Banana Dance contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the user.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-10-02
|
Banana Dance user.php id Parameter SQL Injection
|
|
75990
Description:
(Description Provided by CVE) : Eval injection vulnerability in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor.
|
2011-10-02
|
Digest Module for Perl Digest->new() Function eval() Call Remote Perl Code Execution
|
|
75991
Description:
Unknown / Incomplete
|
2011-10-02
|
Cytel Multiple Product CeCEDll.dll Boundary Error Data File Handling Overflow
|
