[CLOSE] OSVDB ID : 82160 - Disclosed: 2012-05-22

Description:

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when a malformed packet is processed by the R3 dissector, which will result in an infinite loops and a loss of availability for the program.

[CLOSE] OSVDB ID : 85078 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw related to the logging functionality that may allow a remote attacker to execute arbitrary code. The issue is due to the administrator being able to specify any name for a log file, including one with a .php extension. By renaming the file and injecting log content, the log can be called directly to execute arbitrary PHP code.

[CLOSE] OSVDB ID : 87990 - Disclosed: 2012-11-28

Description:

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in the RTCP dissector during the processing of a malformed packet or when viewing a trace file containing malformed traffic. This will cause an infinite loop, which will result in a loss of availability.

[CLOSE] OSVDB ID : 89939 - Disclosed: 2013-02-07

Description:

Rack contains a flaw that is due to an error in the Rack::Session::Cookie function. Users of the Marshal session cookie encoding (the default), are subject to a timing attack that may lead an attacker to execute arbitrary code. This attack is more practical against 'cloud' users as intra-cloud latencies are sufficiently low to make the attack viable.

[CLOSE] OSVDB ID : 91472 - Disclosed: 2013-03-06

Description:

Oracle Java contains a flaw in the DriverManager system. The issue is due to the doPrivileged block allowing implicit calls to the toString() function. This can be used by an attacker to execute arbitrary code in the context of the running process.

[CLOSE] OSVDB ID : 92224 - Disclosed: 2013-04-08

Description:

Juniper Junos contains a flaw that may allow a remote denial of service. The issue is triggered during the handling of specially crafted GRE packets that are received on a multicast tunnel (mt- or gr-) interface. This may allow a remote attacker to cause the Junos kernel to crash.

[CLOSE] OSVDB ID : 5912 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when sending a specially crafted URL request to the theme.php script using the THEME_DIR variable to specify a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 6499 - Disclosed: 2004-04-29

Description:

Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the ecard.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 34700 - Disclosed: 2007-05-14

Description:

Samba contains a flaw that may allow a malicious user to execute arbitrary shell commands. The issue is triggered due to MS-RPC does not properly check user-supplied input when passing RPC messages from external scripts to '/bin/sh'. It is possible that the flaw may allow code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 33100 - Disclosed: 2007-02-06

Description:

(Description Provided by CVE) : smbd in Samba 3.0.6 through 3.0.23d allows remote authenticated users to cause a denial of service (memory and CPU exhaustion) by renaming a file in a way that prevents a request from being removed from the deferred open queue, which triggers an infinite loop.

[CLOSE] OSVDB ID : 2770 - Disclosed: 2003-11-05

Description:

Tritanium Bulletin Board contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a special crafted URL to the remote server, which will disclose the corresponding user's message, resulting in a loss of confidentiality. In addition, the attacker may be able to reply to the disclosed message.

[CLOSE] OSVDB ID : 6245 - Disclosed: 2002-06-26

Description:

A remote overflow exists in OpenSSH with SSHv2 challenge-response authentication. OpenSSH fails to correctly check integer boundaries in the challenge-response authentication when OpenSSH is using SKEY or BSD_AUTH authentication, resulting in an integer overflow. With a specially crafted request, an attacker can cause the sshd daemon to execute arbitrary code on this host, resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 17019 - Disclosed: 2005-05-31

Description:

MyBulletinBoard (MyBB) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tid' variable in the newreply.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 4078 - Disclosed: 2004-02-27

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious user to bypass certain frame restrictions (aka Cross Frame Scripting aka XFS). The issue is triggered when access validation errors occur within event handling routines. Malicious JavaScript loaded in a parent frame can then record the keyboard events of child frames.

[CLOSE] OSVDB ID : 93395 - Disclosed: 2013-05-14

Description:

Creme Fraiche Gem for Ruby contains a flaw that is due to the program failing to properly sanitize input in file names. With a specially crafted file name that contains shell metacharacters, a context-dependent attacker can execute arbitrary commands

[CLOSE] OSVDB ID : 92754 - Disclosed: 2013-04-24

Description:

Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to the Voting plugin before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 93300 - Disclosed: 2013-05-14

Description:

Microsoft Windows contains a flaw in the HTTP Protocol Stack (HTTP.sys) that may allow a remote denial of service. The issue is triggered during the handling of a specially crafted HTTP header, which may allow a remote attacker to cause an infinite loop and crash the process.

[CLOSE] OSVDB ID : 93318 - Disclosed: 2013-05-14

Description:

Microsoft Windows contains a flaw in the DirectX Graphics Kernel Subsystem (dxgkrnl.sys) that leads to unauthorized privileges being gained. The issue is triggered during the handling of a memory object. This may allow a local attacker to gain elevated privileges.

[CLOSE] OSVDB ID : 93475 - Disclosed: 2013-05-16

Description:

WebKit contains a flaw that is triggered as user-supplied input is not properly sanitized. This may allow a context-dependent attacker to corrupt memory to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 93532 - Disclosed: 2013-05-14

Description:

SAP NetWeaver Gateway contains a flaw in the lockout mechanism used to protect against bruteforce attacks. This issue is due to the default account lockout threshold resetting predictably at 00:01. This may allow a remote attacker to attempt brute force attacks in the window between an expected end of activity for the day (such as the end of the work day) and midnight, so that their attacks are not immediately obvious due to a lockout.

[CLOSE] OSVDB ID : 93535 - Disclosed: 2013-05-14

Description:

SAP NetWeaver Gateway contains a flaw that may lead to the unauthorized disclosure of sensitive information. The issue is due to the RFC_READ_TABLE RFC extracting information from SAP tables. This may allow a remote authenticated attacker to gain access to arbitrary data stored within SAP tables.

[CLOSE] OSVDB ID : 93534 - Disclosed: 2013-05-14

Description:

SAP NetWeaver Gateway contains a flaw in the RFC_ABAP_INSTALL_AND_RUN RFC. This issue is due to the fact that this RFC is intended to execute ABAP source line code, allowing a remote authenticated attacker to use it to execute arbitrary commands.

[CLOSE] OSVDB ID : 52073 - Disclosed: 2009-02-20

Description:

A buffer overflow exists in Acrobat and Acrobat Reader. They fail to validate PDF files which use JBIG2 compression routines resulting in a buffer overflow. With a specially crafted file, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 57806 - Disclosed: 2009-09-09

Description:

The vulnerability is caused due to an unspecified error in the Wireless LAN AutoConfig Service (wlansvc) when parsing certain wireless network frames. This can be exploited to cause a heap-based buffer overflow via a specially crafted frame received on the wireless network interface.

[CLOSE] OSVDB ID : 70122 - Disclosed: 2010-12-17

Description:

TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input upon submission to the FORM content object. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 70281 - Disclosed: 2011-01-03

Description:

GIMP is prone to an overflow condition. The 'loadit()' function in 'plug-ins/common/sphere-designer.c' of the 'Sphere Designer' plugin fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted file for the plugin, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70571 - Disclosed: 2011-01-18

Description:

Oracle Fusion Middleware contains a flaw related to the 'Servlet Container' sub-component in the 'Oracle WebLogic Server' component that may allow a remote attacker to gain update, insert, or delete access to certain data. No further details have been provided.

[CLOSE] OSVDB ID : 71780 - Disclosed: 2011-04-12

Description:

Microsoft Windows contains a flaw related to the DNSAPI.dll component in the DNS client failing to properly process DNS queries. This may allow a remote attacker to use a crafted LLMNR broadcast query to TCP/UDP port 5355, or a crafted application to execute arbitrary code.

[CLOSE] OSVDB ID : 75230 - Disclosed: 2011-09-06

Description:

(Description Provided by CVE) : The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.

[CLOSE] OSVDB ID : 75811 - Disclosed: 2011-04-05

Description:

By default, Ducati Diavel motorcycles install with a default ignition password. The bike can be started using a manufacturer default PIN, set to the last 4 numbers of the Vehicle Identification Number (VIN), which is publicly known and documented. This allows attackers to trivially access the bicycle and enjoy the 162 horsepower and wind blowing through your hair.

[CLOSE] OSVDB ID : 76079 - Disclosed: 2011-10-06

Description:

(Description Provided by CVE) : The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

[CLOSE] OSVDB ID : 83490 - Disclosed: 2012-07-01

Description:

Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary HTML and script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85081 - Disclosed: 2012-08-30

Description:

SugarCRM contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when ical_server.php has an open key, which will disclose schedule information to a remote attacker.

[CLOSE] OSVDB ID : 87995 - Disclosed: 2012-11-28

Description:

Wireshark contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in the SCTP dissector during the processing of a malformed packet or when viewing a trace file containing malformed traffic. This will cause an infinite loop, which will result in a loss of availability.

[CLOSE] OSVDB ID : 25479 - Disclosed: 2006-05-15

Description:

RealVNC contains a flaw that may allow a malicious user to bypass authentication and allows access to the remote system without requiring knowledge of the VNC password. The issue is triggered due to an error within the handling of VNC password authentication requests. This flaw may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 839 - Disclosed: 2002-06-26

Description:

A remote overflow exists in OpenSSH when using PAM modules that use interactive keyboard authentication such as PAMAuthenticationViaKbdInt. OpenSSH fails to limit a buffer of the number of responses received in its challenge-response authentication code, resulting in a pre-authentication buffer overflow. With a specially crafted request, an attacker can cause the sshd daemon to execute arbitrary code on this host, resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 16866 - Disclosed: 2005-05-26

Description:

A remote overflow exists in Terminator 3: War of the Machines. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long CD-key hash, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23257 - Disclosed: 1966-01-01

Description:

Multics CTSS on IBM 7094 contains a flaw that may disclose the contents of the password file. The issue occured when multiple instances of the system text editor were invoked, causing the editor to create temporary files with a constant name. This would unexplicably cause the contents of the system CTSS password file to display to any user logging into the system.

[CLOSE] OSVDB ID : 27559 - Disclosed: 2006-07-25

Description:

A code execution flaw exists in multiple Mozilla browsers. Firefox and SeaMonkey fail to validate values assigned to window.navigator objects. With a specially crafted website, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 17613 - Disclosed: 2005-06-28

Description:

phpbb contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the viewtopic.php script not properly sanitizing user input supplied to the preg_replace() function. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.