[CLOSE] OSVDB ID : 79266 - Disclosed: 2012-02-14

Description:

A memory corruption flaw exists in Microsoft Internet Explorer. The program fails to sanitize user-supplied input when an error occurs during the handling of deleted objects, which will result in a memory corruption. With a specially crafted layout, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 79769 - Disclosed: 2012-02-14

Description:

Parallels Plesk Panel contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/plib/api-rpc/Agent.php script not properly sanitizing certain unspecified user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79251 - Disclosed: 2012-02-14

Description:

Adobe RoboHelp for Word contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified generated output before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79236 - Disclosed: 2012-02-14

Description:

Oracle Java SE contains a flaw related to the 2D component that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79234 - Disclosed: 2012-02-14

Description:

Oracle Java SE contains a flaw that that is due to the JavaFX Jar file being signed by the program and installed to a users system without interaction. This may allow an attacker to invoke an arbitrary argument and trusted call stack within the main method of any trusted class, which in-turn will allow the attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 79235 - Disclosed: 2012-02-14

Description:

Oracle Java SE contains a flaw related to the Sound component that may allow a remote attacker to cause a denial of service and gain unauthorized access to information. No further details have been provided.

[CLOSE] OSVDB ID : 79238 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains an unspecified overflow flaw that may allow a context-dependent attacker to execute arbitrary code. The issue is due to dirapi.dll not properly parsing cupt atom objects.

[CLOSE] OSVDB ID : 79241 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79242 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79244 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79252 - Disclosed: 2012-02-14

Description:

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the Ancillary Function Driver (afd.sys). When parsing input passed from user mode to the kernel a local attacker may be able to gain escalated privileges.

[CLOSE] OSVDB ID : 79262 - Disclosed: 2012-02-14

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input upon submission to the inplview.aspx script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79265 - Disclosed: 2012-02-14

Description:

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an input error occurs during the copying and pasting of operations, which will disclose cross-domain to an attacker.

[CLOSE] OSVDB ID : 79261 - Disclosed: 2012-02-14

Description:

A memory corruption flaw exists in Microsoft .NET Framework and Microsoft Silverlight. The program fails to sanitize user-supplied input calculating the length of an unspecified buffer resulting in memory corruption. With a specially crafted XAML browser application, a remote attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 79263 - Disclosed: 2012-02-14

Description:

Microsoft SharePoint contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input upon submission to the themeweb.aspx script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79267 - Disclosed: 2012-02-14

Description:

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs during the creation of strings when handling a NULL byte process. This will disclose memory information to an attacker.

[CLOSE] OSVDB ID : 79269 - Disclosed: 2012-02-14

Description:

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when a use-after-free error occurs in win32k.sys. With a specially crafted keyboard layout that may dereference memory, a local attacker may potentially be able to gain escalated privileges.

[CLOSE] OSVDB ID : 79847 - Disclosed: 2012-02-14

Description:

Exponent CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the cron/send_reminders.php script not properly sanitizing user-supplied input to the 'src' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79896 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management and Maximo Asset Management Essentials contain a flaw that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'controlid' parameter upon submission to the 'imicon.jsp' script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79897 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management and Maximo Asset Management Essentials contain a flaw that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'reportType' parameter upon submission to an unspecified script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79898 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management, Asset Management Essentials, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and the Tivoli Change and Configuration Management Database contain a flaw that allow a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into performing a request in the context of their session with the application, without further prompting or verification. This may allow the remote attacker to gain authentication information or tokens for the application.

[CLOSE] OSVDB ID : 79899 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management, Asset Management Essentials, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and the Tivoli Change and Configuration Management Database contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'KPI' component not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79900 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management, Asset Management Essentials, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and the Tivoli Change and Configuration Management Database contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered due the application showing the username in the 'About' option in the 'Help' menu resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 79901 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management and Asset Management Essentials contain a flaw that allow a remote cross site redirection attack. This flaw exists because the application does not validate the 'uisessionid' parameter upon submission to an unspecified script. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

[CLOSE] OSVDB ID : 79902 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management and Maximo Asset Management Essentials contain a flaw that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'uisesionid' parameter upon submission to the 'maximo.jsp' script and the default URI under '/ui'. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79903 - Disclosed: 2012-02-14

Description:

IBM Maximo Asset Management, Asset Management Essentials, Tivoli Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and the Tivoli Change and Configuration Management Database contain a flaw that allow a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'Start Center Layout and Configuration' component. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 80824 - Disclosed: 2012-02-14

Description:

ODVA EtherNet/IP Protocol contains an unspecified flaw that may allow a remote denial of service.

[CLOSE] OSVDB ID : 80724 - Disclosed: 2012-02-14

Description:

Java contains a flaw related to the JRE sandbox. The issue is triggered when a context-dependent attacker uses AtomicReferenceArray to bypass sandbox protections and load additional classes. This may allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 79226 - Disclosed: 2012-02-14

Description:

Oracle Java SE contains a flaw related to the 2D component that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79233 - Disclosed: 2012-02-14

Description:

Oracle Java SE contains a flaw related to the CORBA component that may allow a remote attacker to affect integrity. No further details have been provided.

[CLOSE] OSVDB ID : 79240 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79243 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79245 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79260 - Disclosed: 2012-02-14

Description:

Microsoft .NET Framework and Silverlight contain a flaw that is triggered when an unspecified error occurs during the handling of unmanaged objects. With a specially crafted XAML browser application, a remote attacker may be able to execute arbitrary code.

[CLOSE] OSVDB ID : 79253 - Disclosed: 2012-02-14

Description:

Microsoft Windows contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an error occurs in the Ancillary Function Driver (afd.sys). When parsing input passed from user mode to the kernel a local attacker may be able to gain escalated privileges.

[CLOSE] OSVDB ID : 79338 - Disclosed: 2012-02-14

Description:

The SecureSphere Web Application Firewall contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'username' field upon submission to the violations table. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 79895 - Disclosed: 2012-02-14

Description:

Multiple IBM Maximo Asset Management products contain a flaw that may allow a remote denial of service. The issue is due to an error when handling multiple UI sessions during an HTTP session which causes the application to consume a large amount of memory, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 84087 - Disclosed: 2012-02-14

Description:

FreePBX contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a direct request is sent to admin/modules/framework/bin/gen_amp_conf.php, which will disclose admin credential information in plaintext to a remote attacker.

[CLOSE] OSVDB ID : 79237 - Disclosed: 2012-02-14

Description:

Adobe Shockwave Player contains a memory corruption flaw related to the Shockwave 3D Asset that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 79229 - Disclosed: 2012-02-14

Description:

Oracle Java SE contains a flaw related to the AWT component that may allow a remote attacker to cause a denial of service and gain unauthorized access to information. No further details have been provided.