[CLOSE] OSVDB ID : 75401 - Disclosed: 2011-09-09

Description:

Django contains a flaw that may allow a remote attacker to gain access to information. The issue is due to an error within the handling of redirect responses when validating URLs provided to the 'URLField' field type. With a specially crafted request containing a 'file://' URL, a remote attacker can enumerate local files.

[CLOSE] OSVDB ID : 75400 - Disclosed: 2011-09-09

Description:

Django contains a flaw in the handling of the X-Forwarded-Host HTTP header. The issue is triggered when generating full URLs for redirect responses. With a specially crafted HTTP header, a remote attacker can conduct cache poisioning attacks.

[CLOSE] OSVDB ID : 86070 - Disclosed: 2011-09-09

Description:

MelOn Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an overflow. With a specially crafted p_about.ini config file, a context-dependent attacker can cause a denial of service. Code execution may potentially be possible, but has not been confirmed.

[CLOSE] OSVDB ID : 75252 - Disclosed: 2011-09-09

Description:

Community Events Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-content/plugins/community-events/tracker.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 76298 - Disclosed: 2011-09-09

Description:

Phorum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'phorum_admin_token' parameter upon submission to the admin.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 76810 - Disclosed: 2011-09-09

Description:

(Description Provided by CVE) : The verify_exists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 originally tests a URL's validity through a HEAD request, but then uses a GET request for the new target URL in the case of a redirect, which might allow remote attackers to trigger arbitrary GET requests with an unintended source IP address via a crafted Location header.

[CLOSE] OSVDB ID : 81480 - Disclosed: 2011-09-09

Description:

(Description Provided by CVE) : OpenStack Compute (Nova) Essex before 2011.3 allows remote authenticated users to cause a denial of service (Nova-API log file and disk consumption) via a long server name.

[CLOSE] OSVDB ID : 86069 - Disclosed: 2011-09-09

Description:

A to Z Category Listing Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the post_retrive_ajax.php script not properly sanitizing user-supplied input to the 'R' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 75251 - Disclosed: 2011-09-08

Description:

Community Events Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the wp-content/plugins/community-events/tracker.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75676 - Disclosed: 2011-09-08

Description:

libpng contains a flaw in the handling of PNG files that may allow a remote denial of service. The issue is due to a division by zero within the 'png_handle_cHRM()' function in libpng/pngrutil.c when handling certain cHRM chunks. With a specially crafted PNG file, a context-dependent attacker can cause the program to crash.

[CLOSE] OSVDB ID : 75307 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the split_wildmats function in nntpd.c in nntpd in Cyrus IMAP Server before 2.3.17 and 2.4.x before 2.4.11 allows remote attackers to execute arbitrary code via a crafted NNTP command.

[CLOSE] OSVDB ID : 75286 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.

[CLOSE] OSVDB ID : 75306 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in pure-FTPd 1.0.22 and possibly other versions, when running on SUSE Linux Enterprise Server and possibly other operating systems, when the Netware OES remote server feature is enabled, allows local users to overwrite arbitrary files via unknown vectors.

[CLOSE] OSVDB ID : 75685 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

[CLOSE] OSVDB ID : 77679 - Disclosed: 2011-09-08

Description:

SCORM Cloud For WordPress Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ajax.php script not properly sanitizing user-supplied input to the 'active' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 85301 - Disclosed: 2011-09-08

Description:

Blue Coat Director contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via an HTTP TRACE request before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85714 - Disclosed: 2011-09-08

Description:

SilverStripe contains a flaw that is triggered when an error occurs in the code/sitefeatures/PageCommentInterface.php script during the handling of the deserialization of cookies during user comment submission. This may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 75236 - Disclosed: 2011-09-08

Description:

AM4SS contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition of administrator level users. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 75352 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : Unspecified vulnerability in Megalith 12th edition through 27th edition allows remote attackers to gain administrative privileges via unknown vectors.

[CLOSE] OSVDB ID : 75351 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : The CtcpParser::packedReply method in core/ctcpparser.cpp in Quassel before 0.7.3 allows remote attackers to cause a denial of service (crash) via a crafted Client-To-Client Protocol (CTCP) request, as demonstrated in the wild in September 2011.

[CLOSE] OSVDB ID : 75622 - Disclosed: 2011-09-08

Description:

(Description Provided by CVE) : The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and earlier, multiple Cisco products, and other products, does not properly associate renegotiation handshakes with an existing connection, which allows man-in-the-middle attackers to insert data into HTTPS sessions, and possibly other types of sessions protected by TLS or SSL, by sending an unauthenticated request that is processed retroactively by a server in a post-renegotiation context, related to a "plaintext injection" attack, aka the "Project Mogul" issue.

[CLOSE] OSVDB ID : 76023 - Disclosed: 2011-09-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 86068 - Disclosed: 2011-09-08

Description:

OpenCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'product_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 86067 - Disclosed: 2011-09-08

Description:

Ubuntu Linux FTP Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input to the account command, which will result in a buffer overflow. This may allow a local attacker to cause a denial of service.

[CLOSE] OSVDB ID : 86066 - Disclosed: 2011-09-08

Description:

Backtrack Linux FTP Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input to the account command, which will result in a buffer overflow. This may allow a local attacker to cause a denial of service.

[CLOSE] OSVDB ID : 75223 - Disclosed: 2011-09-07

Description:

Hastymail2 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to plugin functionality before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75222 - Disclosed: 2011-09-07

Description:

Hastymail2 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the compose page before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75225 - Disclosed: 2011-09-07

Description:

GnuCash is prone to a flaw in the way it loads the perl.exe executable file. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a .gnucash file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 75347 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : Untrusted search path vulnerability in Wireshark 1.4.x before 1.4.9 and 1.6.x before 1.6.2 allows local users to gain privileges via a Trojan horse Lua script in an unspecified directory.

[CLOSE] OSVDB ID : 75226 - Disclosed: 2011-09-07

Description:

Zikula Application Framework contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'themename' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75228 - Disclosed: 2011-09-07

Description:

wpcu3er Plugin for WordPress contains a flaw related to thewp-content/plugins/wpcu3er/php/ajaxReq.php script failing to properly validate uploaded file types. This may allow a remote attacker to upload a crafted PHP file which will then execute arbitrary PHP code.

[CLOSE] OSVDB ID : 75346 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : Wireshark 1.6.x before 1.6.2 allows remote attackers to cause a denial of service (application crash) via a malformed capture file that leads to an invalid root tvbuff, related to a "buffer exception handling vulnerability."

[CLOSE] OSVDB ID : 75653 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : Buffer overflow in the TIFF reader in gui/image/qtiffhandler.cpp in Qt 4.7.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the TIFFTAG_SAMPLESPERPIXEL tag in a greyscale TIFF image with multiple samples per pixel.

[CLOSE] OSVDB ID : 75217 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : Cumin in Red Hat Enterprise Messaging, Realtime, and Grid (MRG) 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker.

[CLOSE] OSVDB ID : 75246 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : The ACL implementation in Cisco NX-OS 5.0(2) and 5.0(3) before 5.0(3)N2(1) on Nexus 5000 series switches, and NX-OS before 5.0(3)U1(2a) on Nexus 3000 series switches, does not properly handle comments in conjunction with deny statements, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by sending packets, aka Bug IDs CSCto09813 and CSCtr61490.

[CLOSE] OSVDB ID : 75262 - Disclosed: 2011-09-07

Description:

LightNEasy contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'commentname', 'commentemail' and 'commentmessage' parameters upon submission to the LightNEasy.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75348 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : The csnStreamDissector function in epan/dissectors/packet-csn1.c in the CSN.1 dissector in Wireshark 1.6.x before 1.6.2 does not initialize a certain structure member, which allows remote attackers to cause a denial of service (application crash) via a malformed packet.

[CLOSE] OSVDB ID : 75451 - Disclosed: 2011-09-07

Description:

MYRE Real Estate Software contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'country1', 'state1' and 'city1' parameters upon submission to the 'findagent.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 75452 - Disclosed: 2011-09-07

Description:

MYRE Real Estate Software contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'findagent.php' not properly sanitizing user-supplied input to the 'page' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 75586 - Disclosed: 2011-09-07

Description:

(Description Provided by CVE) : The unxorFrame function in epan/dissectors/packet-opensafety.c in the OpenSafety dissector in Wireshark 1.6.x before 1.6.2 does not properly validate a certain frame size, which allows remote attackers to cause a denial of service (loop and application crash) via a malformed packet.