[CLOSE] OSVDB ID : 79493 - Disclosed: 2012-02-03

Description:

Notmuch contains a flaw that may lead to an unauthorized information disclosure. The issue is due to /emacs/notmuch-mua.el not properly sanitizing user-supplied input when parsing MML tags, which will disclose attached files to a context-dependent attacker.

[CLOSE] OSVDB ID : 78785 - Disclosed: 2012-02-03

Description:

Category-System Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78787 - Disclosed: 2012-02-03

Description:

Documents download Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78820 - Disclosed: 2012-02-03

Description:

WP-RecentComments Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' parmaeter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78823 - Disclosed: 2012-02-03

Description:

project-open contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the register/account-closed.adp script does not validate the 'message' parameter upon submission to register/account-closed. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78827 - Disclosed: 2012-02-03

Description:

Foswiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'text', FirstName', 'LastName', 'OrganisationName', 'OrganisationUrl', 'Profession', 'Country', 'State', 'Address', 'Location', 'Telephone', 'VoIP', 'InstantMessagingIM', 'Email', 'HomePage', and 'Comment' parameters upon submission to UI/Register.pm. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78925 - Disclosed: 2012-02-03

Description:

GForge Advanced Server contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'subdir' parameter upon submission to the project/test/docman/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78929 - Disclosed: 2012-02-03

Description:

GForge Advanced Server contains a flaw related to an unspecified bypassing of authentication settings, that may allow an attacker to login to the application prior to an administrator's approval. No further details have been provided.

[CLOSE] OSVDB ID : 79988 - Disclosed: 2012-02-03

Description:

SquirrelMail Autocomplete plugin contains a flaw that allows a remote cross-site scripting (XSS) attack. The flaw occurs in specific fields when searching for registered email addresses in user contacts. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78784 - Disclosed: 2012-02-03

Description:

Category-System Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78924 - Disclosed: 2012-02-03

Description:

GForge Advanced Server contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'startdate' and 'enddate' parameters upon submission to the search/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 80047 - Disclosed: 2012-02-03

Description:

OllyDBG is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted export table, a context-dependent attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 80221 - Disclosed: 2012-02-03

Description:

FTPServer for Android contains a flaw related to the authentication mechanism. The issue is due to the application not providing proper validation of credentials, which may allow a remote attacker to bypass authentication and execute arbitrary FTP commands.

[CLOSE] OSVDB ID : 80870 - Disclosed: 2012-02-03

Description:

phpPgAdmin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified user-supplied input upon submission to the functions.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 81484 - Disclosed: 2012-02-03

Description:

PHP is prone to an overflow condition. The 'htmlspecialchars()' function fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted request containing overly long entities, a remote attacker can potentially cause the service to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 81485 - Disclosed: 2012-02-03

Description:

torrent-stats contains a flaw that may allow a local denial of service. The issue is due to an error within httpd.c when parsing malformed requests, which may causes the service to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 78788 - Disclosed: 2012-02-03

Description:

Documents download Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78918 - Disclosed: 2012-02-03

Description:

Simple Groupware contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the sys_die() function in the bin/core/functions.php script does not validate the 'export' parameter upon submission to the bin/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78981 - Disclosed: 2012-02-03

Description:

zenphoto contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'msg' parameter or input passed via the URL upon submission to the zp-core/admin.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78982 - Disclosed: 2012-02-03

Description:

zenphoto contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'album' parameter upon submission to the zp-core/admin-edit.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78996 - Disclosed: 2012-02-03

Description:

OpenConf contains a flaw that may allow an attacker to carry out a blind SQL injection attack. The issue is due to the author/edit.php script not properly sanitizing user-supplied input passed via the 'pid' POST parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 82471 - Disclosed: 2012-02-03

Description:

OSCommerce Online Merchant contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'value_title' parameter upon submission to the main.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 84154 - Disclosed: 2012-02-03

Description:

WebKit contains a use-after-free error in the 'ContainerNode::appendChild' function in WebCore/dom/ContainerNode.cpp, when nodes are created as a part of setting document.title and simultaneously removing the body. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 78750 - Disclosed: 2012-02-02

Description:

Modern FAQ Extension for TYPO3 contains a flaw that allows a remote cross site redirection attack. This flaw exists because the application does not validate certain unspecified input before use in site redirection. This could allow a user to create a specially crafted URL, that if clicked, would redirect a victim from the intended legitimate web site to an arbitrary web site of the attacker's choosing. Such attacks are useful as the crafted URL initially appear to be a web page of a trusted site. This could be leveraged to direct an unsuspecting user to a web page containing attacks that target client side software such as a web browser or document rendering programs.

[CLOSE] OSVDB ID : 78790 - Disclosed: 2012-02-02

Description:

Post data records to facebook Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78792 - Disclosed: 2012-02-02

Description:

Webservices Extension for TYPO3 contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 78794 - Disclosed: 2012-02-02

Description:

Euro Calculator Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78795 - Disclosed: 2012-02-02

Description:

Yet another Google search Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78798 - Disclosed: 2012-02-02

Description:

BE User Switch Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78799 - Disclosed: 2012-02-02

Description:

BE User Switch Extension for TYPO3 contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker takes certain unspecified action.

[CLOSE] OSVDB ID : 78818 - Disclosed: 2012-02-02

Description:

Skype contains an unspecified flaw that may allow a remote attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 78825 - Disclosed: 2012-02-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in Joomla! 1.7.x before 1.7.5 allows attackers to read the error log via unknown vectors.

[CLOSE] OSVDB ID : 78826 - Disclosed: 2012-02-02

Description:

(Description Provided by CVE) : Joomla! 1.7.x before 1.7.5 and 2.5.x before 2.5.1 allows attackers to obtain the installation path via unspecified vectors related to "administrator."

[CLOSE] OSVDB ID : 78896 - Disclosed: 2012-02-02

Description:

Mathopd contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the application not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the Host Headers. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 78979 - Disclosed: 2012-02-02

Description:

ZENphoto contains a flaw related to the viewing of uploaded images. The issue is due to the 'viewer_size_image_saved' cookie value not properly sanitizing user-supplied input before being used in an 'eval()' call. This may allow a remote attacker to execute arbitrary PHP code.

[CLOSE] OSVDB ID : 78980 - Disclosed: 2012-02-02

Description:

ZENphoto contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the zp-core/admin-albumsort.php script not properly sanitizing user-supplied input to the 'sortableList' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78989 - Disclosed: 2012-02-02

Description:

Opera is reportedly prone to multiple overflow conditions. The applications fails to properly sanitize user-supplied input resulting in an integer overflow. With a specially crafted request containing large integer arguments, a remote attacker can potentially cause the application to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 78748 - Disclosed: 2012-02-02

Description:

Kitchen recipe Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 78749 - Disclosed: 2012-02-02

Description:

Modern FAQ Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 78786 - Disclosed: 2012-02-02

Description:

White Papers Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.