[CLOSE] OSVDB ID : 81526 - Disclosed: 2012-04-24

Description:

Multiple Mozilla products contain a flaw that may allow an attacker to bypass the cross-origin policy, which would lead to an unauthorized information disclosure. This issue will disclose error message information to a remote attacker.

[CLOSE] OSVDB ID : 76139 - Disclosed: 2011-10-05

Description:

(Description Provided by CVE) : PHPMailer 1.7, when configured to use sendmail, allows remote attackers to execute arbitrary shell commands via shell metacharacters in the SendmailSend function in class.phpmailer.php.

[CLOSE] OSVDB ID : 74807 - Disclosed: 2011-08-10

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in Check Point SSL Network Extender (SNX), SecureWorkSpace, and Endpoint Security On-Demand, as distributed by SecurePlatform, IPSO6, Connectra, and VSX, allow remote attackers to execute arbitrary code via vectors involving a (1) ActiveX control or (2) Java applet.

[CLOSE] OSVDB ID : 72578 - Disclosed: 2011-05-31

Description:

(Description Provided by CVE) : FFmpeg before 0.5.4, as used in MPlayer and other products, allows remote attackers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via a malformed RealMedia file.

[CLOSE] OSVDB ID : 72553 - Disclosed: 2011-05-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 72554 - Disclosed: 2011-05-18

Description:

(Description Provided by CVE) : Session fixation vulnerability in TIBCO iProcess Engine before 11.1.3 and iProcess Workspace before 11.3.1 allows remote attackers to hijack web sessions via unspecified vectors.

[CLOSE] OSVDB ID : 72400 - Disclosed: 2011-05-18

Description:

TWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'origurl' parameter upon submission to the 'bin/login/Sandbox/WebHome' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73383 - Disclosed: 2011-05-18

Description:

(Description Provided by CVE) : The fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library 1.4.3 and 1.4.4, and the Apache HTTP Server 2.2.18, allows remote attackers to cause a denial of service (infinite loop) via a URI that does not match unspecified types of wildcard patterns, as demonstrated by attacks against mod_autoindex in httpd when a /*/WEB-INF/ configuration pattern is used. NOTE: this issue exists because of an incorrect fix for CVE-2011-0419.

[CLOSE] OSVDB ID : 72407 - Disclosed: 2011-05-17

Description:

Apache Tomcat contains a flaw related to the @ServletSecurity annotation security restraints. The issue is triggered when the servlet is loaded for the first time, and may allow an attacker to bypass security restraints and gain unauthorized access to certain information.

[CLOSE] OSVDB ID : 72326 - Disclosed: 2011-05-12

Description:

Adobe Audition is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted SES Session file (.ses), a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 72332 - Disclosed: 2011-05-12

Description:

Adobe Flash Player is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in an integer overflow. Through unspecified vectors, an attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 72333 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified flaw that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72334 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified flaw that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72335 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified flaw that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72336 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified flaw that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72337 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified boundary error that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72341 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified boundary error that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72342 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified boundary error that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72343 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified boundary error that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72344 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified flaw that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 73097 - Disclosed: 2011-05-12

Description:

Adobe Flash Player contains an unspecified flaw that may result in memory corruption, allowing an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 72238 - Disclosed: 2011-05-11

Description:

Apache Struts contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because XWork does not validate action and method names passed via the '<s:submit>' tag using bash syntax before returning them to the user via error pages. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 72232 - Disclosed: 2011-05-09

Description:

Skype for Mac contains an unspecified flaw related to processing messages that may allow a remote attacker to execute arbitrary script.

[CLOSE] OSVDB ID : 72468 - Disclosed: 2011-05-09

Description:

(Description Provided by CVE) : Unspecified vulnerability in Virtualization Manager 1.2.2 in IBM Systems Director 1.2.2 has unknown impact and attack vectors.

[CLOSE] OSVDB ID : 72177 - Disclosed: 2011-05-06

Description:

MuPDF Plugin for Firefox is prone to an overflow condition. The 'pdfmoz_onmouse()' function in apps/mozilla/moz_main.c contains a boundary error, resulting in a stack-based buffer overflow. With a specially crafted web site, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 72172 - Disclosed: 2011-05-05

Description:

ISC BIND contains a flaw that may allow a remote denial of service. The issue is triggered when an assertion failure occurs when processing RRSIG queries when using the Response Policy Zone mechanism for RRset replacement, allowing an attacker to use RRSIG queries to cause a denial of service.

[CLOSE] OSVDB ID : 72185 - Disclosed: 2011-05-03

Description:

Adobe Photoshop contains multiple unspecified flaws that may allow an attacker to have an unspecified impact. No further details have been provided.

[CLOSE] OSVDB ID : 72381 - Disclosed: 2011-05-02

Description:

(Description Provided by CVE) : usb-creator-helper in usb-creator before 0.2.28.3 does not enforce intended PolicyKit restrictions, which allows local users to perform arbitrary unmount operations via the UnmountFile method in a dbus-send command.

[CLOSE] OSVDB ID : 72176 - Disclosed: 2011-05-01

Description:

NetBSD contains a flaw that may allow a remote denial of service. The issue is triggered when an insufficient GLOB_LIMIT implementation is exploited with a crafted command pattern to the ftpd or sftp server processes to exhaust memory and cause a denial of service.

[CLOSE] OSVDB ID : 89994 - Disclosed: 2011-05-01

Description:

Pure-FTPd contains a flaw that may allow a remote denial of service. The issue is triggered when an insufficient GLOB_LIMIT implementation is exploited with a crafted command pattern to the ftpd or sftp server processes to exhaust memory and cause a denial of service.

[CLOSE] OSVDB ID : 72136 - Disclosed: 2011-04-29

Description:

Data Dynamics ActiveBar ActiveBar1 ActiveX contains a flaw related to the SetLayoutData() method. The issue is triggered when a remote attacker uses a specially crafted 'Data' argument to send a virtual function call to an arbitrary memory location. This may allow an attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 72135 - Disclosed: 2011-04-28

Description:

ICONICS WebHMI VersionInfo ActiveX is prone to an overflow condition. The 'SetActiveXGUID()' method, GenVersion.dll, suffers from a boundary error, resulting in a stack-based buffer overflow. With a specially crafted overly long string to the 'Ax_GUID' parameter, a remote attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 72093 - Disclosed: 2011-04-28

Description:

ANGLE WebGLES graphics library contains an off-by-three overflow condition in the 'Program::getActiveUniformMaxLength' function [libGLESv2/Program.cpp]. With a specially crafted web page, a context-dependent attacker can cause a limited buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.

[CLOSE] OSVDB ID : 72865 - Disclosed: 2011-04-28

Description:

(Description Provided by CVE) : Multiple buffer overflows in the ISSymbol ActiveX control in ISSymbol.ocx 61.6.0.0 and 301.1009.2904.0 in the ISSymbol virtual machine, as distributed in Advantech Studio 6.1 SP6 61.6.01.05, InduSoft Web Studio before 7.0+SP1, and InduSoft Thin Client 7.0, allow remote attackers to execute arbitrary code via a long (1) InternationalOrder, (2) InternationalSeparator, or (3) LogFileName property value; or (4) a long bstrFileName argument to the OpenScreen method.

[CLOSE] OSVDB ID : 72616 - Disclosed: 2011-04-27

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco Wireless LAN Controller (WLC) software 6.0 before 6.0.200.0, 7.0 before 7.0.98.216, and 7.0.1xx before 7.0.112.0 allows remote attackers to cause a denial of service (device reload) via a sequence of ICMP packets, aka Bug ID CSCth74426.

[CLOSE] OSVDB ID : 72610 - Disclosed: 2011-04-27

Description:

(Description Provided by CVE) : Memory leak in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su2, and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (memory consumption and process failure) via a malformed SIP message, aka Bug ID CSCti42904.

[CLOSE] OSVDB ID : 72611 - Disclosed: 2011-04-27

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5b)su2, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCth39586.

[CLOSE] OSVDB ID : 72612 - Disclosed: 2011-04-27

Description:

(Description Provided by CVE) : Unspecified vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote attackers to cause a denial of service (process failure) via a malformed SIP message, aka Bug ID CSCtg62855.

[CLOSE] OSVDB ID : 72613 - Disclosed: 2011-04-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su3, 7.x before 7.1(5b)su3, 8.0 before 8.0(3a)su1, and 8.5 before 8.5(1) allows remote authenticated users to upload files to arbitrary directories via a modified pathname in an upload request, aka Bug ID CSCti81603.

[CLOSE] OSVDB ID : 72614 - Disclosed: 2011-04-27

Description:

(Description Provided by CVE) : SQL injection vulnerability in Cisco Unified Communications Manager (aka CUCM, formerly CallManager) 6.x before 6.1(5)su2, 7.x before 7.1(5)su1, 8.0 before 8.0(3), and 8.5 before 8.5(1) allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCtg85647.