[CLOSE] OSVDB ID : 88008 - Disclosed: 2012-11-30

Description:

PRODUCT contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /nagiosql/admin/services.php script not properly sanitizing user-supplied input to the 'chbActive' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88009 - Disclosed: 2012-11-30

Description:

PRODUCT contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /nagiosql/admin/hosts.php script not properly sanitizing user-supplied input to the 'chbActive', 'tfCheckIntervalm', 'tfMaxCheckAttempts', or 'tfRetryInterval' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88010 - Disclosed: 2012-11-30

Description:

PRODUCT contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /nagiosql/admin/servicegroups.php script not properly sanitizing user-supplied input to the 'chbActive' or 'selCommandType' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88004 - Disclosed: 2012-11-30

Description:

McAfee Email Gateway contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in Secure Web Mail during the handling of a saturation of client messages. This will result in a consumption of disk space, resulting in a loss of availability for the program.

[CLOSE] OSVDB ID : 88003 - Disclosed: 2012-11-30

Description:

McAfee Email Gateway contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate attachment names before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88063 - Disclosed: 2012-11-30

Description:

Free Hosting Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the packages.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88084 - Disclosed: 2012-11-30

Description:

RSA NetWitness contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into performing an unspecified action in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 88083 - Disclosed: 2012-11-30

Description:

RSA NetWitness contains a flaw that is triggered when the application fails to properly sanitize unspecified user-supplied input. This may allow a context-dependent attacker to more easily conduct a clickjacking attack.

[CLOSE] OSVDB ID : 88164 - Disclosed: 2012-11-30

Description:

Buffalo LinkStation contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered during the handling of a direct request, which may allow an unauthenticated remote attacker gain access to arbitrary files including perm.conf, password, lighttpd.conf, and host.pem. Such requests will disclose sensitive information that can be used to elevate privileges on the server.

[CLOSE] OSVDB ID : 88163 - Disclosed: 2012-11-30

Description:

Buffalo LinkStation contains a flaw that that is triggered during the handling of POST requests requesting a password change. Due to the application not enforcing user access, an attacker can change the username in the request in order to change an arbitrary user's password. By changing the administrator password, an attacker can gain elevated privileges.

[CLOSE] OSVDB ID : 88165 - Disclosed: 2012-11-30

Description:

Symantec Messaging Gateway contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the /brightmail/export script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'logfile' parameter. This directory traversal attack would allow the attacker to gain access to arbitrary files.

[CLOSE] OSVDB ID : 88294 - Disclosed: 2012-11-30

Description:

Qt contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs in the XmlHttpRequest object, which causes an insecure redirection on a file: URL. This may allow a remote attacker to gain access to potentially sensitive information stored in local files via a Man-in-the-Middle attack.

[CLOSE] OSVDB ID : 88005 - Disclosed: 2012-11-30

Description:

The Post Oak AWAM Bluetooth Reader Traffic System contains a flaw related to authentication. The issue is due to the system not using sufficient entropy when generating authentication and host keys. A remote attacker that is able to monitor network traffic (i.e. MiTM) can use sniffed nonunique host keys to calculate private authentication keys and gain access to the system.

[CLOSE] OSVDB ID : 88085 - Disclosed: 2012-11-30

Description:

Multiple KYOCERA mobile devices contain a flaw that may allow a remote denial of service. The issue is triggered during the parsing of an email in an invalid message format, which will result in a loss of availability for the device.

[CLOSE] OSVDB ID : 88116 - Disclosed: 2012-11-30

Description:

OurWebFTP contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'ftp_host' and 'ftp_user' parameters upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88115 - Disclosed: 2012-11-30

Description:

Axis contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'data' parameter upon submission to the admin/core/site/batch-save script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88114 - Disclosed: 2012-11-30

Description:

Axis contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'answer[][]' and 'description[]' parameters upon submission to the admin/poll/save script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90291 - Disclosed: 2012-11-30

Description:

IBM Lotus Domino contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'RedirectTo' parameter upon submission to the /names.nsf script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90290 - Disclosed: 2012-11-30

Description:

IBM Lotus Domino contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate the 'RedirectTo' parameter upon submission to the /names.nsf script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

[CLOSE] OSVDB ID : 88002 - Disclosed: 2012-11-29

Description:

Video Lead Form Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'errMsg' parameter upon submission to the admin.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88001 - Disclosed: 2012-11-29

Description:

Safend Data Protector contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to the SDBagent and SDPagent installation paths having spaces and being unquoted. This may allow a local attacker to gain escalated privileges by placing their own executable in a location that will be searched before the actual program.

[CLOSE] OSVDB ID : 87998 - Disclosed: 2012-11-29

Description:

SilverStripe contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'Site Title' field before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 87997 - Disclosed: 2012-11-29

Description:

SilverStripe contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for /admin/security/EditForm/. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into creating an arbitrary administrative user in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 88062 - Disclosed: 2012-11-29

Description:

Google Chrome contains a flaw in the 'HasPermissionsForFile' function in browser/child_process_security_policy_impl.cc when handling file paths. With a specially crafted path containing directory traversal character sequences (e.g. "../../"), a context-dependent attacker can bypass the sandbox to read/write files on the system.

[CLOSE] OSVDB ID : 88061 - Disclosed: 2012-11-29

Description:

WebKit contains a use-after-free error in the 'HTMLMediaElement::clearMediaPlayer' function and HTMLMediaElement destructor in WebCore/html/HTMLMediaElement.cpp when handling media sources. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and execute arbitrary code.

[CLOSE] OSVDB ID : 88059 - Disclosed: 2012-11-29

Description:

Elastix contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Page' parameter upon submission to the xmlservices/E_book.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88058 - Disclosed: 2012-11-29

Description:

Dovecot contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in lib-storage/mail-search.c during the handling of a multiple keyword search. This will result in an infinite loop, which will cause a loss of availability.

[CLOSE] OSVDB ID : 88082 - Disclosed: 2012-11-29

Description:

Fortinet FortiDB contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'conversationContext' parameter upon submission to multiple scripts in the Java Number Format Exception Handling module. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88113 - Disclosed: 2012-11-29

Description:

JSUpload contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the writeItemContent() function in jsupload.cgi.pl. This directory traversal attack would allow the attacker to manipulate arbitrary files.

[CLOSE] OSVDB ID : 89281 - Disclosed: 2012-11-29

Description:

Simple Gmail Login Plugin for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a request which is lacking a timezone to the simple-gmail-login.php script, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 88161 - Disclosed: 2012-11-29

Description:

UMPlayer Portable Edition contains a flaw that may allow a remote denial of service. The issue is triggered when opening the umplayer.ini file via the recent files option. With a specially crafted file, a context-dependent attacker can cause the program to crash.

[CLOSE] OSVDB ID : 88055 - Disclosed: 2012-11-29

Description:

SmartCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'menuitem' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88056 - Disclosed: 2012-11-29

Description:

SmartCMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'menuitem' parameter upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88265 - Disclosed: 2012-11-29

Description:

Agilebits 1Password contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'User Agent' field in the new user agent upon submission to the troubleshooting.html script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88603 - Disclosed: 2012-11-29

Description:

Apache OpenOffice.org (OOo) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified error occurs, which may allow a remote attacker to gain access to potentially sensitive information.

[CLOSE] OSVDB ID : 91614 - Disclosed: 2012-11-29

Description:

Zend Framework contains a flaw in Zend\View\Helper\ServerUrl that is due to the helper generating URLs based on the proxy host, even if it's not desired. This may allow a remote attacker to more easily inject content into proxied traffic.

[CLOSE] OSVDB ID : 88000 - Disclosed: 2012-11-29

Description:

afend Data Protector contains a flaw that may lead to an unauthorized information disclosure. The issue is due to private key data being stored in the securitylayer.log file in the logs.9772 directory. This may allow a local attacker to gain access to key information, which could allow them to modify security policies on a user's system.

[CLOSE] OSVDB ID : 87999 - Disclosed: 2012-11-29

Description:

Safend Data Protector contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to the SDBagent and SDPagent services being given the insecure 'WRITE_DAC' permissions for all local users. This may allow a local attacker to modify the ACL and gain escalated privileges.

[CLOSE] OSVDB ID : 88060 - Disclosed: 2012-11-29

Description:

MariaDB is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow a remote attacker to execute arbitrary code under the permissions of the mysql daemon. No further details have been provided.

[CLOSE] OSVDB ID : 88057 - Disclosed: 2012-11-29

Description:

IBM WebSphere Message contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is due to insecure permissions on the uninstaller file. This may allow a local attacker to gain escalated privileges.