| OSVDB ID | Disclosure Date | Title |
|---|
|
77673
Description:
(Description Provided by CVE) : The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability."
|
2011-12-13
|
Microsoft IE XSS Filter Event Parsing Cross-Domain Remote Information Disclosure
|
|
77675
Description:
(Description Provided by CVE) : Microsoft Internet Explorer 6 through 9 does not properly use the Content-Disposition HTTP header to control rendering of the HTTP response body, which allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Content-Disposition Information Disclosure Vulnerability."
|
2011-12-13
|
Microsoft IE Content-Disposition Header Parsing Cross-Domain Remote Information Disclosure
|
|
77699
Description:
(Description Provided by CVE) : Multiple directory traversal vulnerabilities in OpenStack Nova before 2011.3.1, when the EC2 API and the S3/RegisterImage image-registration method are enabled, allow remote authenticated users to overwrite arbitrary files via a crafted (1) tarball or (2) manifest.
|
2011-12-13
|
OpenStack Nova EC2 RegisterImage Action Traversal Arbitrary File Creation
|
|
77706
Description:
(Description Provided by CVE) : Google Chrome before 16.0.912.63 does not properly perform regex matching, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome regex Matching Out-of-bounds Read Remote DoS
|
|
77707
Description:
(Description Provided by CVE) : libxml2, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome libxml Out-of-bounds Read Remote DoS
|
|
77708
Description:
(Description Provided by CVE) : The PDF parser in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome PDF Parser Out-of-bounds Read Remote DoS
|
|
77710
Description:
(Description Provided by CVE) : Google Chrome before 16.0.912.63 does not properly parse SVG documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome SVG Parsing Out-of-bounds Read Remote DoS
|
|
77711
Description:
(Description Provided by CVE) : The Cascading Style Sheets (CSS) implementation in Google Chrome before 16.0.912.63 on 64-bit platforms does not properly manage property arrays, which allows remote attackers to cause a denial of service (memory corruption) via unspecified vectors.
|
2011-12-13
|
Google Chrome CSS Property Array Unspecified Remote Memory Corruption
|
|
77712
Description:
(Description Provided by CVE) : Google Chrome before 16.0.912.63 does not properly handle YUV video frames, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome YUV Video Frames Out-of-bounds Read Remote DoS
|
|
77713
Description:
(Description Provided by CVE) : Google Chrome before 16.0.912.63 does not properly handle PDF documents, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome PDF Handling Out-of-bounds Read Remote DoS
|
|
77714
Description:
(Description Provided by CVE) : Use-after-free vulnerability in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to SVG filters.
|
2011-12-13
|
Google Chrome SVG Filters Use-after-free Remote Code Execution
|
|
77716
Description:
(Description Provided by CVE) : The internationalization (aka i18n) functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write.
|
2011-12-13
|
Google Chrome v8 i18n Handling Out-of-bounds Write Remote Code Execution
|
|
77717
Description:
(Description Provided by CVE) : Buffer overflow in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to PDF fonts.
|
2011-12-13
|
Google Chrome PDF Font Handling Remote Overflow
|
|
77718
Description:
(Description Provided by CVE) : Google Chrome before 16.0.912.63 does not properly handle PDF cross references, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
|
2011-12-13
|
Google Chrome PDF Cross References Out-of-bounds Read Remote DoS
|
|
77719
Description:
(Description Provided by CVE) : Stack-based buffer overflow in FileWatcher in Google Chrome before 16.0.912.63 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
|
2011-12-13
|
Google Chrome Filewatcher Unspecified Remote Overflow
|
|
78624
Description:
The NEED FOR SPEED FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
NEED FOR SPEED FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78625
Description:
The Assassin's Creed FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Assassin's Creed FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78626
Description:
The Where's My Water? FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Where's My Water? FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78627
Description:
The Riptide GP FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Riptide GP FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78628
Description:
The Great Little War Game FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Great Little War Game FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78671
Description:
Unknown / Incomplete
|
2011-12-13
|
Oracle Java SE / Java for Business jsse:runtime Encryption Cipher Downgrade Weakness
|
|
78670
Description:
Unknown / Incomplete
|
2011-12-13
|
Oracle Java SE / Java for Business java:compiler Malformed .java Handling DoS
|
|
80642
Description:
Family Connections contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'for' upon submission to the prayers.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-12-13
|
Family Connections CMS (FCMS) prayers.php for Parameter XSS
|
|
81866
Description:
Cisco IOS contains an unspecified flaw that may allow a remote denial of service. The issue is triggered when the system is configured as an IPsec hub with X.509 certificates in use, and will result in loss of availability for the system.
|
2011-12-13
|
Cisco IOS IPsec Hub X.509 Certificate Unspecified Remote DoS
|
|
77669
Description:
(Description Provided by CVE) : The Microsoft Office Input Method Editor (IME) for Simplified Chinese in Microsoft Pinyin IME 2010, Office Pinyin SimpleFast Style 2010, and Office Pinyin New Experience Style 2010 does not properly restrict access to configuration options, which allows local users to gain privileges via the Microsoft Pinyin (aka MSPY) IME toolbar, aka "Pinyin IME Elevation Vulnerability."
|
2011-12-13
|
Microsoft Office Pinyin IME for Simplified Chinese Insecure Configuration Option Local Privilege Escalation
|
|
77685
Description:
Fork CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-12-13
|
Fork CMS URI XSS
|
|
77693
Description:
Pulse Pro CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'd' and 'post_id' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-12-13
|
Pulse Pro CMS index.php Multiple Parameter XSS
|
|
77686
Description:
Fork CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'q_widget' parameter before returning it to the user via the canonical URL. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-12-13
|
Fork CMS Canonical URL q_widget Parameter XSS
|
|
77747
Description:
(Description Provided by CVE) : WMDrive.sys 3.4.181.224 in WinMount 3.5.1018 allows local users to cause a denial of service (NULL pointer dereference and system crash) via a crafted 0x87342000 IOCTL request to the WMDriver device.
|
2011-12-13
|
WinMount WMDrive.sys 0x87342000h IOCTL Parsing NULL Pointer Dereference Local DoS
|
|
78010
Description:
Unknown / Incomplete
|
2011-12-13
|
Microsoft Windows Phone Text Message Parsing Remote DoS
|
|
78587
Description:
360 MobileSafe Application for Android contains a flaw related that may allow a remote attacker to access and manipulate data relating to SMS and the contact list.
|
2011-12-13
|
360 MobileSafe (com.qihoo360.mobilesafe) Application for Android Unspecified User SMS / Contact List Manipulation
|
|
78629
Description:
The World of Goo FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
World of Goo FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78630
Description:
The Angry Birds FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Angry Birds FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78631
Description:
The Talking Tom Cat FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Talking Tom Cat FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
78632
Description:
The Talking Larry the Bird FREE application for Android has trojaned copies available for download on some app markets. These trojans will cause a phone to send SMS messages to premium numbers, charging the user money.
|
2011-12-13
|
Talking Larry the Bird FREE Application for Android Premium Rate SMS Message Trojaned Distribution
|
|
79498
Description:
phpDenora contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the remote.php script not properly sanitizing user-supplied input to the 'param' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-12-13
|
phpDenora remote.php param Parameter SQL Injection
|
|
79499
Description:
phpDenora contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the libs/phpdenora/graphs/pie.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme' and 'lang' parameters. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2011-12-13
|
phpDenora libs/phpdenora/graphs/pie.php Multiple Parameter Traversal Local File Inclusion
|
|
79500
Description:
phpDenora contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the libs/phpdenora/graphs/bar.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme' and 'lang' parameters. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2011-12-13
|
phpDenora libs/phpdenora/graphs/bar.php Multiple Parameter Traversal Local File Inclusion
|
|
79501
Description:
phpDenora contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the libs/phpdenora/graphs/line.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme' and 'lang' parameters. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2011-12-13
|
phpDenora libs/phpdenora/graphs/line.php Multiple Parameter Traversal Local File Inclusion
|
|
79666
Description:
Unknown / Incomplete
|
2011-12-13
|
Python httplib2 HTTPS Connection Server Validation Weakness MitM Remote Information Disclosure
|
