[CLOSE] OSVDB ID : 88276 - Disclosed: 2012-12-06

Description:

Red Hat Certificate System (RHCS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'pageStart' and 'pageSize' parameters in a query string upon submission to the displayCRL script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88275 - Disclosed: 2012-12-06

Description:

Red Hat Certificate System (RHCS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'nonce' parameter upon submission to the profileProcess script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88300 - Disclosed: 2012-12-06

Description:

IBM eDiscovery Manager contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88414 - Disclosed: 2012-12-06

Description:

KDE contains a flaw in kde-settings that may allow a local denial of service. The issue is triggered when a specially crafted file is moved to /run, which will cause the tmpfs file system to become overrun. This will cause the disk to become exhausted, which will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 88545 - Disclosed: 2012-12-06

Description:

Fail2Ban contains an unspecified flaw that is triggered during the parsing of <matches> content. No further details have been provided.

[CLOSE] OSVDB ID : 89105 - Disclosed: 2012-12-06

Description:

NetWin SurgeFTP contains functionality that allows an authenticated administrator to execute arbitrary commands on the server. SurgeFTP documentation states that this is intended functionality, as an admin needs to be able to configure all aspects of the server. The documentation emphasizes choosing strong passwords and that admins should be aware of the implications of this functionality. While this is intended functionality, OSVDB is creating an entry to fully explain the issue so that users understand both sides, and that exploits exist to help attackers take advantage of credentials should they be discovered.

[CLOSE] OSVDB ID : 90988 - Disclosed: 2012-12-06

Description:

GNOME GUPnP contains an unspecified flaw in the va_list() function of gupnp-service-proxy.c that may allow an attacker to have an unspecified impact. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 92956 - Disclosed: 2012-12-06

Description:

PostgreSQL contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a saturation of UNION, INTERSET, or EXCEPT clauses within a query. This may allow an attacker to cause a stack overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 88173 - Disclosed: 2012-12-05

Description:

FOOT Gestion contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88193 - Disclosed: 2012-12-05

Description:

Maxthon contains a flaw that allows a remote cross-context scripting attack. This flaw exists because the application does not properly validate the "title" parameter of the "Add to Favorites" form. This may allow a user to create a specially crafted web page that would execute arbitrary script code in context of the privileged "mx://res/*" zone.

[CLOSE] OSVDB ID : 88175 - Disclosed: 2012-12-05

Description:

ClipBucket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /view_channel.php script not properly sanitizing user-supplied input to the 'user' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88176 - Disclosed: 2012-12-05

Description:

ClipBucket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /view_page.php script not properly sanitizing user-supplied input to the 'pid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88177 - Disclosed: 2012-12-05

Description:

ClipBucket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /view_topic.php script not properly sanitizing user-supplied input to the 'tid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88178 - Disclosed: 2012-12-05

Description:

ClipBucket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /watch_video.php script not properly sanitizing user-supplied input to the 'v' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88174 - Disclosed: 2012-12-05

Description:

TVMOBiLi Media Server contains an overflow condition. The issue is triggered when user-supplied input is not properly sanitized when parsing a request for the HttpUtils.dll library. This may allow a remote attacker to cause a stack-based buffer overflow, which will result in a denial of service.

[CLOSE] OSVDB ID : 92075 - Disclosed: 2012-12-05

Description:

CUPS contains a flaw in the load_request_root function in scheduler/job.c that may allow a denial of service. The issue is due to a memory leak, which may allow an attacker to cause the program to crash.

[CLOSE] OSVDB ID : 88172 - Disclosed: 2012-12-05

Description:

CA XCOM Data Transport contains an unspecified flaw that may allow a remote attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 88169 - Disclosed: 2012-12-05

Description:

Nodewords: D6 Meta Tags Module for Drupal contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when input used in meta tags is not properly filtered when generating new tags. This may allow a remote attacker to gain access to potentially sensitive links, file paths, or details.

[CLOSE] OSVDB ID : 88191 - Disclosed: 2012-12-05

Description:

Maxthon contains a flaw that allows a remote cross-context scripting attack. This flaw exists because the application does not properly validate the location.hash property when storing content in the "History" (about:history) page. This may allow a user to create a specially crafted web page that would execute arbitrary script code in context of the privileged "mx://res/*" browser zone.

[CLOSE] OSVDB ID : 88194 - Disclosed: 2012-12-05

Description:

Maxthon contains a flaw in how access to privileged APIs is granted to i.maxthon.com without ensuring the validity of the source. The issue is triggered when i.maxthon.com e.g. is spoofed via DNS poisoning or traffic is intercepted and manipulated via Man-in-the-Middle (MitM) attacks. With a specially crafted request, a context-dependent attacker can access a privileged Maxthon DOM object to e.g. read and write from the file system, execute arbitrary commands, steal stored passwords, or modify the browser configuration.

[CLOSE] OSVDB ID : 88192 - Disclosed: 2012-12-05

Description:

Maxthon contains a flaw that allows bypassing the Same Origin Policy. This flaw exists because the browsers allows execution of script code in context of the privileged "mx://res/*" zone via a window.open() method using the "about:" URI scheme. This may allow a user to create a specially crafted web page that would execute arbitrary privileged code.

[CLOSE] OSVDB ID : 88189 - Disclosed: 2012-12-05

Description:

Avant Browser contains a flaw that allows bypassing the Same Origin Policy. This flaw exists because the browsers allows execution of script code in context of the privileged "browser:home" zone via an <iframe> element. This may allow a user to create a specially crafted web page that would execute arbitrary privileged commands to e.g. to read browser history, bookmarks, or modify the browser configuration.

[CLOSE] OSVDB ID : 88188 - Disclosed: 2012-12-05

Description:

Avant Browser contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the Feed Reader does not validate the <title>, <link>, and <description> RSS feed elements. This may allow a user to create a specially crafted RSS feed that would execute arbitrary script code in a user's browser within the context of the internal browser zone.

[CLOSE] OSVDB ID : 88187 - Disclosed: 2012-12-05

Description:

Avant Browser contains a flaw that allows a remote cross-context scripting attack. This flaw exists because the application does not properly validate HTML <title> elements when displaying content in the "Most Visited" and "History" tabs within the "browser:home" page. This may allow a user to create a specially crafted web page that would execute arbitrary script code in context of the privileged "browser:*" zone.

[CLOSE] OSVDB ID : 88179 - Disclosed: 2012-12-05

Description:

ClipBucket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /ajax.php script not properly sanitizing user-supplied input to the 'uid', 'id', 'cid', and 'ci_id' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88180 - Disclosed: 2012-12-05

Description:

ClipBucket contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /user_contacts.php script not properly sanitizing user-supplied input to the 'user' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88274 - Disclosed: 2012-12-05

Description:

TVMOBiLi Media Server contains an overflow condition. The issue is triggered as user-supplied input is not properly sanitized when a boundary error occurs in the CHTTPServerTransaction::LoadFile() method in HttpUtils.dll. With a specially crafted request, a context-dependent attacker can cause a heap-based buffer overflow to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 92074 - Disclosed: 2012-12-05

Description:

CUPS contains a flaw in the set_time function in scheduler/job.c that may allow a denial of service. The issue is due a missing return value check. This may allow an attacker to cause a NULL pointer dereference that will crash the program.

[CLOSE] OSVDB ID : 92073 - Disclosed: 2012-12-05

Description:

CUPS contains a flaw in the ippReadIO function in cups/ipp.c that may allow a denial of service. The issue is due a missing return value check. This may allow an attacker to cause a NULL pointer dereference that will crash the program.

[CLOSE] OSVDB ID : 92076 - Disclosed: 2012-12-05

Description:

CUPS contains a flaw in the http_resolve_cb function in cups/http-support.c that may allow a remote denial of service. The issue is due to a memory leak, which may allow a remote attacker to cause the program to crash.

[CLOSE] OSVDB ID : 88190 - Disclosed: 2012-12-05

Description:

Maxthon contains a flaw that allows a remote cross-context scripting attack. This flaw exists because the Feed Reader does not validate the <title>, <link>, and <description> RSS feed elements. This may allow a user to create a specially crafted RSS feed that would execute arbitrary script code in context of the privileged "mx://res/*" browser zone.

[CLOSE] OSVDB ID : 88184 - Disclosed: 2012-12-05

Description:

Achievo contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dispatch.php script not properly sanitizing user-supplied input to the 'activityid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 88448 - Disclosed: 2012-12-05

Description:

LogAnalyzer contains an unspecified flaw that is triggered during checking of filenames against allowed folders. No further details have been provided.

[CLOSE] OSVDB ID : 88896 - Disclosed: 2012-12-05

Description:

RuggedCom Rugged Operating System (ROS) contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the config.csv file containing credentials stored in plaintext. A local attacker with access to the config.csv file could gain access to credentials, potentially allowing for horizontal or vertical privilege escalation.

[CLOSE] OSVDB ID : 88895 - Disclosed: 2012-12-05

Description:

RuggedCom Rugged Operating System (ROS) contains a flaw that is due to the device failing to report SNMPv3 failures. This may allow a remote attacker to more easily conduct brute-force attacks without being detected.

[CLOSE] OSVDB ID : 88894 - Disclosed: 2012-12-05

Description:

RuggedCom Rugged Operating System (ROS) contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in the TACACS+ server during the handling of a shared secret that is larger than 26 characters. With an overly large shared secret, a remote attacker can cause a loss of availability for the device.

[CLOSE] OSVDB ID : 89950 - Disclosed: 2012-12-05

Description:

MantisBT contains a flaw in the access_get_status_threshold() function. This issue is due to the program failing to properly restrict users with the 'reporter' permissions. This may allow a remote attacker to change the workflow status of arbitrary issues to 'New'.

[CLOSE] OSVDB ID : 90726 - Disclosed: 2012-12-05

Description:

IP.Gallery Module for IP.Board contains a flaw that is due to the program failing to properly restrict access to images stored within protected categories when using the Gallery Profile tab. This may allow a remote attacker to gain access to images that would otherwise be restricted.

[CLOSE] OSVDB ID : 90811 - Disclosed: 2012-12-05

Description:

Linux Kernel contains a flaw in the ipv6_create_tempaddr function of net/ipv6/addrconf.c that may allow a remote denial of service. The issue is triggered during the generation of IPv6 temporary addresses. With specially crafted ICMPv6 Router Advertisement (RA) messages, a remote attacker can crash the system.

[CLOSE] OSVDB ID : 90987 - Disclosed: 2012-12-05

Description:

Cerberus Helpdesk contains a flaw that may allow a remote attacker to spoof a header of a work ticket. This may allow the attacker to add messages to arbitrary tickets.