[CLOSE] OSVDB ID : 78661 - Disclosed: 2012-01-31

Description:

LuraWave JP2 contains an overflow condition in the jp2_x.dll library. The issue is triggered as user-supplied input is not properly sanitized when processing the Quantization Default (QCD) marker segment. With a specially crafted JPEG2000 (JP2) file, a context-dependent attacker can cause a stack-based buffer overflow to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78662 - Disclosed: 2012-01-31

Description:

LuraWave JP2 contains an overflow condition in the npjp2.dll library. The issue is triggered as user-supplied input is not properly sanitized when when processing the Quantization Default (QCD) marker segment. With a specially crafted JPEG2000 (JP2) file, a context-dependent attacker can cause a stack-based buffer overflow to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78673 - Disclosed: 2012-01-31

Description:

Hitach uCosminexus EUR Print Manager, Hitachi uCosminexus Stream Data Platform and Hitachi HiRDB RealTime Monitor contain a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the applications do not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78674 - Disclosed: 2012-01-31

Description:

Hitachi JP1/IT Desktop Management contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78675 - Disclosed: 2012-01-31

Description:

Hitachi JP1/IT Service Level Management and Hitachi JP1/IT Resource Management contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78775 - Disclosed: 2012-01-31

Description:

JBoss Web contains a flaw in the UTF-8 character encoding feature that may allow a remote denial of service. The issue is triggered when handling surrogate pair characters. With a specially crafted request, a remote attacker can cause the service to stop responding.

[CLOSE] OSVDB ID : 78725 - Disclosed: 2012-01-31

Description:

MindManager is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a MMAP file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 78726 - Disclosed: 2012-01-31

Description:

phpShowtime contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'r' parameter. This directory traversal attack would allow the attacker to view arbitrary directories and images.

[CLOSE] OSVDB ID : 78778 - Disclosed: 2012-01-31

Description:

Novell iPrint Server is prone to an overflow condition. The mod_ipp Apache module fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted request containing a malformed 'attributes-natural-language' attribute, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 78888 - Disclosed: 2012-01-31

Description:

Campaign Enterprise contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the command function not properly sanitizing user-supplied input to the 'SID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78958 - Disclosed: 2012-01-31

Description:

Vastal I-Tech Agent Zone contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'price_from' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78959 - Disclosed: 2012-01-31

Description:

Scriptsez.net Ez Album contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 80074 - Disclosed: 2012-01-31

Description:

phpCAS contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the application having an insecure default path of /tmp, which will disclose the PGT session and debug log information to a local attacker.

[CLOSE] OSVDB ID : 80157 - Disclosed: 2012-01-31

Description:

GE Proficy Historian contains a flaw in the Data Archiver Service (ihDataArchiver.exe and ihDataArchiver_x64.exe). The issue is triggered as user-supplied input is not properly validated parsing network messages with opcodes 6, 7, 8, 10, and 12. With a specially crafted request, a remote attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 80160 - Disclosed: 2012-01-31

Description:

GE Proficy Real-Time Information Portal contains a flaw that allows an attacker to traverse outside of a restricted path. The issue is due to the Remote Interface Service (rifsrvd.exe) not properly sanitizing user-supplied input, specifically directory traversal style attacks (e.g. ../../), in ID_SAVE_SRVC_CFG packets when creating a configuration file. This directory traversal attack would allow a remote attacker to write files in arbitrary locations with partially controlled content, allowing execution of arbitrary code with SYSTEM privileges.

[CLOSE] OSVDB ID : 81035 - Disclosed: 2012-01-31

Description:

slock contains a flaw related to the current active window. The issue is triggered when handling the XRaiseWindow() event on a locked screen. This may allow an attacker to bypass security restrictions.

[CLOSE] OSVDB ID : 90738 - Disclosed: 2012-01-31

Description:

passenger Gem for Ruby contains a flaw that is triggered during application startup. This issue may allow a local attacker to delete arbitrary files via an application process. If the program has completed the start up process this vulnerability is no longer exploitable.

[CLOSE] OSVDB ID : 78783 - Disclosed: 2012-01-31

Description:

The Software Properties apt-add-repository tool contains a flaw in the validation of PPA GPG keys. The issue is due to the application not properly verifying SSL certificates when downloading GPG key fingerprints of a Personal Package Archive, which may allows a remote attacker to install arbitrary package repository GPG keys via a man-in-the-middle attack (MITM).

[CLOSE] OSVDB ID : 78744 - Disclosed: 2012-01-31

Description:

Ubuntu Linux contains a flaw in the AccountsService feature. The issue is due to the application applying insecure permissions on certain files when updating the language settings. This flaw may allow a local attacker to manipulate arbitrary files.

[CLOSE] OSVDB ID : 78956 - Disclosed: 2012-01-31

Description:

4images contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/categories.php' script not properly sanitizing user-supplied input to the 'cat_parent_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78963 - Disclosed: 2012-01-31

Description:

Siemens SIMATIC WinCC flexible contains a flaw in the project feature. The issue is due to an error when handling project files. With a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78964 - Disclosed: 2012-01-31

Description:

Siemens SIMATIC WinCC flexible contains a flaw in the TELNET daemon. The issue is due to the service not providing authentication methods, which may allow a remote attacker to gain unauthorized access.

[CLOSE] OSVDB ID : 79288 - Disclosed: 2012-01-31

Description:

Google Native Client (NaCl) contains a flaw related to super instructions not being marked during dynamic code modification. With specially crafted injected code, a context-dependent attacker can escape the sandbox.

[CLOSE] OSVDB ID : 82322 - Disclosed: 2012-01-31

Description:

EdrawSoft Office Viewer Component is prone to an overflow condition related to the officeviewermme.ocx ActiveX control. The FtpUploadFile() function fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 86523 - Disclosed: 2012-01-31

Description:

Mozilla Firefox is prone to an overflow condition. This issue is triggered by an error that occurs when the nsLocalFile::EnsureShortPath method makes a call for the GetShortPathName function, which will result in a buffer overflow. This may allow a context-dependent attacker to potentially execute arbitrary code or cause a denial of service.

[CLOSE] OSVDB ID : 78645 - Disclosed: 2012-01-31

Description:

(Description Provided by CVE) : The avpriv_dv_produce_packet function in libavcodec in FFmpeg 0.7.x before 0.7.12 and 0.8.x before 0.8.11 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.5, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) and possibly execute arbitrary code via a crafted DV file.

[CLOSE] OSVDB ID : 78644 - Disclosed: 2012-01-31

Description:

(Description Provided by CVE) : The dpcm_decode_frame function in dpcm.c in libavcodec in FFmpeg before 0.10 and in Libav 0.5.x before 0.5.9, 0.6.x before 0.6.6, 0.7.x before 0.7.6, and 0.8.x before 0.8.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted stereo stream in a media file.

[CLOSE] OSVDB ID : 78659 - Disclosed: 2012-01-31

Description:

A format string flaw exists in sudo. The sudo_debug() function fails to properly sanitize format string specifiers (e.g., %s and %x). With a specially crafted request, a local attacker can crash the service or possibly execute arbitrary code with elevated privileges.

[CLOSE] OSVDB ID : 78672 - Disclosed: 2012-01-31

Description:

HP Network Automation contains an unspecified flaw that may allow an attacker to bypass access restrictions. No further details have been provided.

[CLOSE] OSVDB ID : 78733 - Disclosed: 2012-01-31

Description:

Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey contain an unspecified flaw that may allow an attacker to corrupt memory. No further details have been provided.

[CLOSE] OSVDB ID : 78734 - Disclosed: 2012-01-31

Description:

Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey contain an unspecified flaw that may allow an attacker to corrupt memory. No further details have been provided.

[CLOSE] OSVDB ID : 78735 - Disclosed: 2012-01-31

Description:

Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey contain a flaw in the handling of sub-frames. The issue is triggered when replacing a sub-frame in another domain's document by using the name attribute of the sub-frame as a form submission target. With a specially crafted sub-frame, a context-dependent attacker potentially can conduct phishing attacks.

[CLOSE] OSVDB ID : 78736 - Disclosed: 2012-01-31

Description:

Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey contain a user-after-free error when handling child nodes. The issue is due to the 'AttributeChildRemoved()' method when removing child nodes from the 'nsDOMAttribute' node. This may allow a remote attacker to dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78737 - Disclosed: 2012-01-31

Description:

Mozilla Firefox contains a flaw in the XPConnect function. The issue is due to an error within the implementation of XPConnect security checks when calling untrusted objects, which may allow a remote attacker to conduct cross-site scripting attacks.

[CLOSE] OSVDB ID : 78738 - Disclosed: 2012-01-31

Description:

Multiple Mozilla products contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs in the mImageBufferSize() method during the encoding of an image as image/vnd.microsoft.icon. This will cause an image to be initialized with a different value than that of the source image, which may allow an attacker to gain access to potentially sensitive information when converting an image from ICO format to PNG.

[CLOSE] OSVDB ID : 78740 - Disclosed: 2012-01-31

Description:

Mozilla Firefox, Mozilla Thunderbird, and Mozilla SeaMonkey contain a flaw in the handling of XSLT stylesheets. The issue is triggered as user-supplied input is not properly sanitized when handling XSLT stylesheets. With a specially crafted XSLT stylesheet, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78834 - Disclosed: 2012-01-31

Description:

WebsiteBaker contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the HTTP-Referer upon submission to the wb/search/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78962 - Disclosed: 2012-01-31

Description:

Siemens SIMATIC WinCC flexible contains a flaw that allows an attacker to conduct an HTTP response splitting attack. This flaw exists because the application does not validate HTTP headers. This could allow a remote attacker to insert arbitrary HTTP headers, which are included in a response sent to the server. If an application does not properly filter such a request, it could be used to inject additional headers that manipulate cookies, authentication status, or more.

[CLOSE] OSVDB ID : 79222 - Disclosed: 2012-01-31

Description:

D-Link DAP-1150 contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions of multiple functions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into changing the administrator's password, rebooting the device, or changing the device configuration in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 82320 - Disclosed: 2012-01-31

Description:

Snort Report contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ipdetail.php script not properly sanitizing user-supplied input to the 'ipAddress' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.