[CLOSE] OSVDB ID : 76952 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Mozilla Firefox before 3.6.24 and 4.x through 7.0 and Thunderbird before 3.1.6 and 5.0 through 7.0 do not properly handle JavaScript files that contain many functions, which allows user-assisted remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted file that is accessed by debugging APIs, as demonstrated by Firebug.

[CLOSE] OSVDB ID : 76953 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Mozilla Firefox 7.0 and Thunderbird 7.0, when the Direct2D (aka D2D) API is used on Windows in conjunction with the Azure graphics back-end, allow remote attackers to bypass the Same Origin Policy, and obtain sensitive image data from a different domain, by inserting this data into a canvas. NOTE: this issue exists because of a CVE-2011-2986 regression.

[CLOSE] OSVDB ID : 76954 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Mozilla Firefox before 8.0 and Thunderbird before 8.0 on Mac OS X do not properly interact with the GPU memory behavior of a certain driver for Intel integrated GPUs, which allows remote attackers to bypass the Same Origin Policy and read image data via vectors related to WebGL textures.

[CLOSE] OSVDB ID : 76966 - Disclosed: 2011-11-08

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The DIRAPI.dll library fails to sanitize user-supplied input resulting in a memory corruption. With a specially crafted director file header, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 76968 - Disclosed: 2011-11-08

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The TextXtra.x32 file fails to sanitize user-supplied input when an unspecified error occurs, which will result in a memory corruption. With a specially crafted director file, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 76967 - Disclosed: 2011-11-08

Description:

A memory corruption flaw exists in Adobe Shockwave Player. The DIRAPI.dll library fails to sanitize user-supplied input when an error occurs during the handling of director file headers, which will result in a memory corruption. With a specially crafted RCSL chunk, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 77043 - Disclosed: 2011-11-08

Description:

Aviosoft Digital TV Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a stack buffer overflow. With a specially crafted playlist (.plf) file, a context-dependent attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 86519 - Disclosed: 2011-11-08

Description:

Mozilla Firefox is prone to an overflow condition. The gfxImageSurface::gfxImageSurface function fails to properly sanitize user-supplied input resulting in an integer overflow. This may allow a context-dependent attacker to potentially execute arbitrary code or cause a denial of service.

[CLOSE] OSVDB ID : 76936 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/.

[CLOSE] OSVDB ID : 76944 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : org/apache/catalina/core/DefaultInstanceManager.java in Apache Tomcat 7.x before 7.0.22 does not properly restrict ContainerServlets in the Manager application, which allows local users to gain privileges by using an untrusted web application to access the Manager application's functionality.

[CLOSE] OSVDB ID : 76945 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in openpam_configure.c in OpenPAM before r478 on FreeBSD 8.1 allows local users to load arbitrary DSOs and gain privileges via a .. (dot dot) in the service_name argument to the pam_start function, as demonstrated by a .. in the -c option to kcheckpass.

[CLOSE] OSVDB ID : 76961 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket.

[CLOSE] OSVDB ID : 77004 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Use-after-free vulnerability in the Response API in ProFTPD before 1.3.3g allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.

[CLOSE] OSVDB ID : 78281 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : kcheckpass passes a user-supplied argument to the pam_start function, often within a setuid environment, which allows local users to invoke any configured PAM stack, and possibly trigger unintended side effects, via an arbitrary valid PAM service name, a different vulnerability than CVE-2011-4122. NOTE: the vendor indicates that the possibility of resultant privilege escalation may be "a bit far-fetched."

[CLOSE] OSVDB ID : 83321 - Disclosed: 2011-11-08

Description:

11in1 CMS contains a flaw that is triggered when input passed via the 'content' parameter is not properly sanitized before being used in the do.php script. When handling the CRLF, a remote attacker can inject arbitrary HTTP headers in a response to the server.

[CLOSE] OSVDB ID : 76940 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76946 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Buffer overflow in Aviosoft DTV Player 1.0.1.2 allows remote attackers to execute arbitrary code via a crafted .plf (aka playlist) file.

[CLOSE] OSVDB ID : 77007 - Disclosed: 2011-11-08

Description:

osCSS2 contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the content.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the '_ID' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 77008 - Disclosed: 2011-11-08

Description:

osCSS2 contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the shopping_cart.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the '_ID' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 77030 - Disclosed: 2011-11-08

Description:

iGuard Biometric Access Control contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to employee records before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 77039 - Disclosed: 2011-11-08

Description:

(Description Provided by CVE) : Buffer overflow in ChaSen 2.4.x allows remote attackers to execute arbitrary code via a crafted string.

[CLOSE] OSVDB ID : 91404 - Disclosed: 2011-11-08

Description:

Citrix MetaFrame XP contains a flaw that is triggered when an application is launched from a server that does not publish said application. This may allow a remote attacker to launch a published desktop in-place of the application.

[CLOSE] OSVDB ID : 91469 - Disclosed: 2011-11-08

Description:

Citrix NetScaler and Access Gateway contain an unspecified flaw in the configuration utility that may allow an attacker to have an unspecified impact. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 91403 - Disclosed: 2011-11-08

Description:

Citrix MetaFrame Presentation Server contains a flaw that may lead to unauthorized disclosure of sensitive information. By misusing the debugging feature, a remote attacker can gain access to logs of keyboard scan codes that are sent during an ICA connection.

[CLOSE] OSVDB ID : 77314 - Disclosed: 2011-11-07

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Jenkins Core in CloudBees Jenkins before 1.438, and 1.409 LTS before 1.409.3 LTS, when a stand-alone container is used, allows remote attackers to inject arbitrary web script or HTML via vectors related to error messages.

[CLOSE] OSVDB ID : 76913 - Disclosed: 2011-11-07

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the SetDevNames method of the Tidestone Formula One ActiveX control (TTF16.ocx) 6.3.5 Build 1 in Oracle Hyperion Strategic Finance 12.x and possibly earlier allows remote attackers to execute arbitrary code via a long string to the DriverName parameter.

[CLOSE] OSVDB ID : 77754 - Disclosed: 2011-11-07

Description:

WHMCompleteSolution contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the submitticket.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'templatefile' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 77755 - Disclosed: 2011-11-07

Description:

WHMCompleteSolution contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the downloads.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'templatefile' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 77756 - Disclosed: 2011-11-07

Description:

WHMCompleteSolution contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the admin/reports.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'report' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 83322 - Disclosed: 2011-11-07

Description:

LabStoRe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index_short.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83323 - Disclosed: 2011-11-06

Description:

LabStoRe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83324 - Disclosed: 2011-11-06

Description:

LabStoRe contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index_long.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83325 - Disclosed: 2011-11-06

Description:

OrderSys contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index_short.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 85086 - Disclosed: 2011-11-06

Description:

PHP contains a flaw that allows an attacker to bypass protection against HTTP response splitting attacks. This flaw exists because the sapi_header_op function in main/SAPI.c does not properly handle %0D sequences. This may allow an attacker to bypass protection against the insertion of arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.

[CLOSE] OSVDB ID : 83326 - Disclosed: 2011-11-06

Description:

OrderSys contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 83327 - Disclosed: 2011-11-06

Description:

OrderSys contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index_long.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 90810 - Disclosed: 2011-11-06

Description:

By default, Composite C1 installs with default administrator credentials (username/password combination). The Administrator account has a password of 'admin', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 77100 - Disclosed: 2011-11-06

Description:

(Description Provided by CVE) : The NFSv4 implementation in the Linux kernel before 3.2.2 does not properly handle bitmap sizes in GETACL replies, which allows remote NFS servers to cause a denial of service (OOPS) by sending an excessive number of bitmap words.

[CLOSE] OSVDB ID : 76956 - Disclosed: 2011-11-06

Description:

LabStoRe and OrderSys contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the stocks/interface_creator/index.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76957 - Disclosed: 2011-11-06

Description:

LabStoRe and OrderSys contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the stocks/interface_creator/index_short.php script not properly sanitizing user-supplied input to the 'where_clause' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.