| OSVDB ID | Disclosure Date | Title |
|---|
|
72572
Description:
Unknown / Incomplete
|
2011-02-28
|
HP StorageWorks File Migration Agent (HsmCfgSvc.exe) Unauthenticated Archive Manipulation
|
|
71229
Description:
Avactis Shopping Cart contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition of administrator users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.
|
2011-02-28
|
Avactis Shopping Cart Admin User Creation CSRF
|
|
71550
Description:
Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when 'epan/dissectors/packet-ldap.c' (LDAP Dissector) fails to properly process filter strings, allowing an attacker to use a crafted filter string to cause a denial of service via memory consumption.
|
2011-02-28
|
Wireshark LDAP Dissector Filter String Memory Consumption DoS
|
|
75010
Description:
(Description Provided by CVE) : crontab.c in crontab in FreeBSD allows local users to determine the existence of arbitrary directories via a command-line argument composed of a directory name concatenated with a directory traversal sequence that leads to the /etc/crontab pathname.
|
2011-02-28
|
crontab crontab.c realpath() Temporary File Symlink Directory Enumeration
|
|
74890
Description:
(Description Provided by CVE) : Buffer overflow in the PPP Access Concentrator (PPPAC) on the SEIL/x86 with firmware 1.00 through 1.61, SEIL/B1 with firmware 1.00 through 3.11, SEIL/X1 with firmware 1.00 through 3.11, SEIL/X2 with firmware 1.00 through 3.11, SEIL/Turbo with firmware 1.80 through 2.10, and SEIL/neu 2FE Plus with firmware 1.80 through 2.10 might allow remote attackers to execute arbitrary code via a PPPoE packet.
|
2011-02-28
|
SEIL Routers PPP Access Concentrator (PPPAC) Crafted PPPoE Packet Handling Remote Overflow
|
|
73337
Description:
(Description Provided by CVE) : A certain ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) does not properly verify the signature of an unspecified downloaded program, which allows remote attackers to execute arbitrary code by spoofing the CSD installation process, a different vulnerability than CVE-2010-0589.
|
2011-02-28
|
Cisco Secure Desktop (CSD) CSDWebInstaller.ocx ActiveX Installation Process Signature Verification Weakness Arbitrary Code Execution
|
|
73338
Description:
(Description Provided by CVE) : The CSDWebInstallerCtrl ActiveX control in CSDWebInstaller.ocx in Cisco Secure Desktop (CSD) allows remote attackers to download an unintended Cisco program onto a client machine, and execute this program, by identifying a Cisco program with a Cisco digital signature and then renaming this program to inst.exe, a different vulnerability than CVE-2010-0589 and CVE-2011-0926.
|
2011-02-28
|
Cisco Secure Desktop (CSD) CSDWebInstaller.ocx ActiveX inst.exe Program Name Remote Program Execution
|
|
73712
Description:
Unknown / Incomplete
|
2011-02-28
|
FreeBSD crontab crontab.c stat() Function Local File Enumeration
|
|
73525
Description:
PSnapProof contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'retPageID' parameter upon submission to the cart.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-28
|
SnapProof cart.php retPageID Parameter XSS
|
|
73713
Description:
Unknown / Incomplete
|
2011-02-28
|
FreeBSD crontab realpath() Function Local Directory Enumeration
|
|
75009
Description:
(Description Provided by CVE) : crontab.c in crontab in FreeBSD and Apple Mac OS X allows local users to (1) determine the existence of arbitrary files via a symlink attack on a /tmp/crontab.XXXXXXXXXX temporary file and (2) perform MD5 checksum comparisons on arbitrary pairs of files via two symlink attacks on /tmp/crontab.XXXXXXXXXX temporary files.
|
2011-02-28
|
crontab crontab.c stat() Call Temporary File Symlink Arbitrary File Enumeration
|
|
75011
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2011-02-28
|
crontab crontab.c Temporary File Symlink Arbitrary MD5 Hash Comparison
|
|
75084
Description:
(Description Provided by CVE) : Wee Enhanced Environment for Chat (aka WeeChat) 0.3.4 and earlier does not properly verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL chat server via an arbitrary certificate, related to incorrect use of the GnuTLS API.
|
2011-02-27
|
WeeChat SSL Certificate Validation MitM Server Spoofing Weakness
|
|
71165
Description:
Citrix Secure Gateway contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided.
|
2011-02-27
|
Citrix Secure Gateway Unspecified Code Execution
|
|
71223
Description:
coRED CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /coRED/content/rubric/index.php script not properly sanitizing user-supplied input to the 'rubID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-02-27
|
coRED CMS /coRED/content/rubric/index.php rubID Parameter SQL Injection
|
|
73581
Description:
Imageview contains a flaw that may allow a remote attacker to execute arbitrary commands or code, or obtain access to arbitrary files. The issue is due to the /admin/index.php script not properly sanitizing user input supplied to the 'page' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server, or access arbitrary files.
|
2011-02-27
|
Imageview /admin/index.php page Parameter Remote File Inclusion
|
|
73707
Description:
(Description Provided by CVE) : Race condition in the createOutputFile function in logrotate.c in logrotate 3.7.9 and earlier allows local users to read log data by opening a file before the intended permissions are in place.
|
2011-02-27
|
logrotate logrotate.c createOutputFile Function Race Condition Log Data Local Access
|
|
75761
Description:
(Description Provided by CVE) : DeluxeBB 1.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by header_html.php.
|
2011-02-27
|
DeluxeBB Multiple Script Direct Request Path Disclosure
|
|
75086
Description:
Unknown / Incomplete
|
2011-02-26
|
libpam-pgsql src/backend_pgsql.c pg_execParam() Function Incorrect Format Specifier Remote Overflow
|
|
71371
Description:
Xmap Component for Joomla! contains a trojaned distribution of the '/administrator/components/com_xmap/install.xmap.php' script which has a backdoor a remote attacker may use to execute arbitrary PHP code.
|
2011-02-26
|
Xmap Component for Joomla! /administrator/components/com_xmap/install.xmap.php Trojaned Distribution
|
|
75085
Description:
Unknown / Incomplete
|
2011-02-26
|
Movavi Video Suite ConvertManager.dll Module Image File Handling Remote Memory Corruption
|
|
75897
Description:
SweetRice contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to the _plugin/tiny_mce/plugins/advimage/images.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2011-02-26
|
SweetRice _plugin/tiny_mce/plugins/advimage/images.php Direct Request Path Disclosure
|
|
72298
Description:
Edraw Office Viewer Component is prone to an overflow condition. The ActiveX control fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted website, a context-dependent attacker can potentially cause arbitrary code execution.
|
2011-02-25
|
Edraw Office Viewer Component ActiveX HttpPost() Method WebUrl Parameter Overflow
|
|
71269
Description:
Things BBS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-25
|
Things BBS Unspecified XSS
|
|
71270
Description:
Things BBS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-25
|
Things BBS Thread Unspecified XSS
|
|
70945
Description:
PolarSSL has been reported to contain a flaw related to the use of weak keys in a Diffie-Hellman key exchange, allowing Man-in-The-Middle (MiTM) attacks. However, the attack described in the PolarSSL advisory does not appear to work in the real world: while the server may accept a weak DH key, the client is supposed to validate the signature of the server's DH key, so a 3rd party must intercept and replace both keys in the exchange. At that point of the exchange, the attacker could just as well establish a direct SSL session with the server to achieve the same results.
|
2011-02-25
|
PolarSSL Diffie-Hellman Key Exchange Predictable Secret MiTM Weakness
|
|
71003
Description:
Hiawatha contains a flaw that may allow a remote denial of service. The issue is triggered when when parsing HTTP header data, allowing a remote attacker to use a large value Content-Length header to cause a denial of service.
|
2011-02-25
|
Hiawatha HTTP Content-Length Header Parsing DoS
|
|
71239
Description:
XCloner Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'mosmsg' and 'option' parameters upon submission to the wp-content/plugins/xcloner-backup-and-restore/admin.cloner.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-25
|
XCloner Plugin for WordPress wp-content/plugins/xcloner-backup-and-restore/admin.cloner.php Multiple Parameter XSS
|
|
71238
Description:
XCloner Plugin for WordPress contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'config' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2011-02-25
|
XCloner Plugin for WordPress wp-content/plugins/xcloner-backup-and-restore/cloner.cron.php config Parameter Traversal Arbitrary File Access
|
|
71241
Description:
XCloner Component for Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'mosmsg' and 'option' parameters upon submission to the administrator/components/com_xcloner-backupandrestore/admin.cloner.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-25
|
XCloner Component for Joomla! administrator/components/com_xcloner-backupandrestore/admin.cloner.php Multiple Parameter XSS
|
|
70956
Description:
Novell Vibe OnPrem contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided.
|
2011-02-25
|
Novell Vibe OnPrem Unspecified Arbitrary Code Execution (2011-0464)
|
|
71240
Description:
XCloner Component for Joomla! contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the administrator/components/com_xcloner-backupandrestore/cloner.cron.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'config' parameter. This directory traversal attack would allow the attacker to access arbitrary files.
|
2011-02-25
|
XCloner Component for Joomla! administrator/components/com_xcloner-backupandrestore/cloner.cron.php config Parameter Traversal Arbitrary File Access
|
|
73518
Description:
Unknown / Incomplete
|
2011-02-25
|
Prestashop Cartium Module cart.php id_product Parameter SQL Injection
|
|
73517
Description:
Unknown / Incomplete
|
2011-02-25
|
Prestashop Cartium Module category.php id_category Parameter SQL Injection
|
|
73715
Description:
Unknown / Incomplete
|
2011-02-25
|
Altigen VoIP Phone System Gateway Service Port Scan Remote DoS
|
|
73519
Description:
Unknown / Incomplete
|
2011-02-25
|
Prestashop Cartium Module product.php id_product Parameter SQL Injection
|
|
80367
Description:
FreePBX contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the $type, $action, $old_custom_dest, and $custom_dest parameters upon submission to the config.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-25
|
FreePBX config.php Multiple Parameter XSS
|
|
71647
Description:
Apache HttpComponents contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the HttpClient failing to properly send the Proxy-Authorization header to its final target host. This may allow a remote attacker to gain access to authorization credential information.
|
2011-02-25
|
Apache HttpComponents HttpClient Proxy-Authorization Credentials Remote Disclosure
|
|
71169
Description:
Recent Topics on Index page Plugin for MyBB contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'subject' parameter upon submission to the newthread.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-02-25
|
Recent Topics on Index Page Plugin for MyBB newthread.php subject Parameter XSS
|
|
71410
Description:
Foxit Reader is prone to an overflow condition. The program suffers an integer overflow when parsing certain ICC chunks, which may be further exploited to cause a heap-based buffer overflow. With a specially crafted ICC chunks in a PDF file, a context-dependent attacker can potentially execute arbitrary code.
|
2011-02-25
|
Foxit Reader ICC Chunk Processing Unspecified Overflow
|
