[CLOSE] OSVDB ID : 85085 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into performing an unspecified action in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 85934 - Disclosed: 2012-08-31

Description:

WarFTPd contains a format string flaw in war-ftpd.exe. The issue is triggered as format string specifiers (e.g. %s and %x) are not properly sanitized in usernames supplied during the authentication process. With a specially crafted request, a remote attacker can crash the service causing a denial of service.

[CLOSE] OSVDB ID : 85106 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program stores credential information in the local database, in some cases even when using an external authentication plugin. This may allow an attacker to gain unauthorized access to a system using an old password via the strict function.

[CLOSE] OSVDB ID : 85147 - Disclosed: 2012-08-31

Description:

iCagenda Component for Joomla! contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends malformed input to the index.php script via the 'ItemID' and 'id' parameters, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 85889 - Disclosed: 2012-08-31

Description:

A memory corruption flaw exists in Internet Download Manager. The program fails to sanitize user-supplied input resulting in memory corruption. With a specially crafted EF2 file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 85109 - Disclosed: 2012-08-31

Description:

Cyobozu Live for Android contains an unspecified flaw that may allow a remote attacker to execute arbitrary Java methods. No further details have been provided.

[CLOSE] OSVDB ID : 85105 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw that is triggered when the GlobalBlocking extension fails to properly handle IP address blocking. This may allow a remote attacker to bypass the blocking mechanism and create a new account.

[CLOSE] OSVDB ID : 85108 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw related to external authentication plugins. The issue is triggered when the plugin returns false in its strict function. This may allow an attacker to use an old password for an account indefinitely.

[CLOSE] OSVDB ID : 85088 - Disclosed: 2012-08-31

Description:

Oracle Java SE / JRE contains an multiple flaws that may allow an attacker to bypass sandbox restrictions and execute arbitrary code.

[CLOSE] OSVDB ID : 85148 - Disclosed: 2012-08-31

Description:

iCagenda Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 85723 - Disclosed: 2012-08-31

Description:

Linux Kernel contains a flaw that may allow a remote denial of service. The issue is triggered when a synchronization failure occurs during the handling of socket options. This will result in a loss of availability for the system.

[CLOSE] OSVDB ID : 86400 - Disclosed: 2012-08-31

Description:

BBPress Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-content/plugins/bbpress/forum.php script not properly sanitizing user-supplied input to the 'page' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 85007 - Disclosed: 2012-08-31

Description:

By default, GarrettCom Magnum MNS-6K Management Software installs with a default, hardcoded password that may allow a normal user account to authenticate with admin privileges. This allows attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 85103 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via a 'File:' tag's comment to a non-existing file before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85104 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'uselang' parameter upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85107 - Disclosed: 2012-08-31

Description:

MediaWiki contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an admin attempts to block a use who has already been blocked while using the 'Hide username from edits and lists' option. This may disclose the block reason to the second admin, even if they do not have privileges to view it.

[CLOSE] OSVDB ID : 85888 - Disclosed: 2012-08-31

Description:

Yet Another Awards System for vBulletin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the request_award.php script not properly sanitizing user-supplied input to the 'award_request_uid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 86399 - Disclosed: 2012-08-31

Description:

BBPress Plugin for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when certain input is not properly sanitized before being used in the wp/wp-content/plugins/bbpress/topic.php and wp/wp-content/plugins/bbpress/forum.php scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 85032 - Disclosed: 2012-08-30

Description:

Google Chrome contains a NULL pointer dereference flaw that is triggered when handling incomplete SPDY headers. With a specially crafted response, a context-dependent attacker can crash the browser process.

[CLOSE] OSVDB ID : 85035 - Disclosed: 2012-08-30

Description:

Libxslt contains a use-after-free error in the 'xsltGenerateIdFunction' function [libxslt/functions.c] that is triggered when applying the 'generate-id()' method to the context node inside nested templates. With a specially crafted XSL stylesheet, an attacker can dereference already freed memory to cause a crash or potentially execute arbitrary code in an application linked against the library.

[CLOSE] OSVDB ID : 85078 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw related to the logging functionality that may allow a remote attacker to execute arbitrary code. The issue is due to the administrator being able to specify any name for a log file, including one with a .php extension. By renaming the file and injecting log content, the log can be called directly to execute arbitrary PHP code.

[CLOSE] OSVDB ID : 84981 - Disclosed: 2012-08-30

Description:

Oracle Java SE and JRE contain a flaw in the java.beans.Expression class. The issue is due to the program failing to properly handle a reflection of privileged classes inside the expression class. This may allow a remote attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 84982 - Disclosed: 2012-08-30

Description:

Oracle Java SE / JRE contains an unspecified flaw related to the Beans subcomponent that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 85110 - Disclosed: 2012-08-30

Description:

Opera contains a flaw that may allow an attacker to hide the file download dialogue by displaying it in a small box. This may allow the attacker to more easily trick a user into downloading the file by entering a certain keystroke sequence.

[CLOSE] OSVDB ID : 85030 - Disclosed: 2012-08-30

Description:

WebKit contains a flaw in the 'RenderBlock::LineBreaker::nextLineBreak' function [WebCore/rendering/RenderBlockLineLayout.cpp] that is triggered when looking for line breaks on the first line. With a specially crafted web page, a context-dependent attacker can crash the browser and potentially disclose memory.

[CLOSE] OSVDB ID : 85037 - Disclosed: 2012-08-30

Description:

Google Chrome contains a flaw in the 'SSLErrorInfo::CreateError' function [browser/ssl/ssl_error_info.cc] that allows a cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Issued to' field of a SSL certificate before returning it to the user as part of the SSL certificate error page. This may allow a context-dependent attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between the browser and a web server.

[CLOSE] OSVDB ID : 85074 - Disclosed: 2012-08-30

Description:

OTRS (Open Ticket Request System) Help Desk contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via an HTML email message before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85111 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a direct request is sent for the cache/include/externalAPI.cache.js file, which will disclose the full installation path to a remote attacker.

[CLOSE] OSVDB ID : 85081 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when ical_server.php has an open key, which will disclose schedule information to a remote attacker.

[CLOSE] OSVDB ID : 85080 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input when handling files upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85079 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs during the parsing of a JSON query meant for the index.php script. This will disclose password hash information to a remote attacker.

[CLOSE] OSVDB ID : 85077 - Disclosed: 2012-08-30

Description:

Spider Calendar Lite Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'date' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 85033 - Disclosed: 2012-08-30

Description:

Google Chrome contains a use-after-free error in ResourceResponse.cpp that is triggered when a race condition occurs with workers and xmlhttprequests. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 85034 - Disclosed: 2012-08-30

Description:

Google Chrome contains a use-after-free error in the 'PPB_URLLoader_Impl::FinishLoading' function in webkit/plugins/ppapi/ppb_url_loader_impl.cc when handling URL loading. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

[CLOSE] OSVDB ID : 85076 - Disclosed: 2012-08-30

Description:

Carousel Slideshow Plugin for WordPress contains multiple unspecified flaws. No further details have been provided.

[CLOSE] OSVDB ID : 85075 - Disclosed: 2012-08-30

Description:

neptuneScripts Booking System Pro contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into adding an admin user in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 85071 - Disclosed: 2012-08-30

Description:

Bugzilla contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the application fails to properly restrict access when browsing directories. This may allow a remote attacker to gain access to source code of templates.

[CLOSE] OSVDB ID : 85070 - Disclosed: 2012-08-30

Description:

Asterisk contains a flaw related to the manager interface. The issue is triggered when the program fails to properly handle originate actions and fails to restrict access. This may allow a remote attacker to execute arbitrary shell commands via the ExternalIVR application action.

[CLOSE] OSVDB ID : 85069 - Disclosed: 2012-08-30

Description:

Asterisk contains a flaw that is triggered when making an IAX2 call on behalf of a peer. This may allow a remote attacker to bypass certain ACL rules.

[CLOSE] OSVDB ID : 85112 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw that is triggered when the program fails to properly restrict access to the vcal_server.php script. This may allow a remote attacker to enumerate a username or email address.