TCExam contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'backup_file' parameter upon submission to the /admin/code/tce_edit_backup.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

PHP contains multiple unspecified vulnerabilities. No further details have been provided. As of July 20, 2010, David Litchfield / NGS has not replied to mails asking for details about the vulnerabilities discovered.

MIT Kerberos 5 contains a flaw in the kpasswd service that may allow a remote denial of service. The issue is due to the program responding to all requests contacted via the UDP port. With a malformed spoofed packet sent to multiple machines running the vulnerable service, a remote attacker can cause a saturation of data and cause an exhaustion of system resources

GNU C Library (glibc) contains a flaw in the printf() function that may allow a denial of service. The issue is triggered during the handling of an incomplete multibyte sequence. This may allow a context-dependent attack to cause an infinite loop.

Windows contains a flaw that may allow a malicious remote user to execute arbitrary code. The issue is triggered by a flaw that allows an attacker to replay the NTLM credentials of a client user. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

phpGiftReq contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'messagid', 'shopper', and 'shopfor' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

phpGiftReq contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the item.php script not properly sanitizing user-supplied input to the 'itemid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

IBM WebSphere Application Server (WAS) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because, when returning an error page, the application does not filter script embedded into any area of the server's URL except the rootspace upon submission to the WebContainer script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

HP-UX FTP Server (ftpd) contains a flaw that may lead to an information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command while in passive(PASV) mode. It is possible for a remote attacker to establish a connection between the FTP server and an arbitrary port on a third-party system, essentially conducting a port-scan. This can be used to obscure the the source of the port-scan, as well as scan internal systems ...

Thatware contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'auth.inc.php' script not properly sanitizing user-supplied input to the 'user' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

IBM WebSphere contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the Java Servlet which is in turn passed to the error handler. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Kerio Personal Firewall contains a flaw that may allow a malicious user with access to the victim local system the ability to launch malicious programs to bypass the firewalls rules resulting in a loss of confidentiality.

XMB Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' or 'icons' variables upon submission to the post.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Cross-site scripting (XSS) vulnerability in memcp.php in XMB U2U Instant Messenger allows remote authenticated users to inject arbitrary web script or HTML via the recipient field.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0519" target="_blank">CVE</a>)</span> :

dpkg contains a flaw that is due to the program setting permissions based on the program rather than the user during the extraction of .tar archives. This may allow a context-dependent attacker to write files to a system with arbitrary an arbitrary UID.

Denial of service of inetd on Linux through SYN and RST packets.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0216" target="_blank">CVE</a>)</span> :

SpringSource Hyperic HQ contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an error occurs in the Sybase database plugin monitor when a perl script is running. This may allow a local attacker to gain access to password information.

Mozilla Firefox contains a weakness that could help facilitate remote cross-site scripting (XSS) attacks. This flaw exists because the browser parser does not properly validate malformed quoted src attributes (e.g. no closing quote) in HTML. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server, and bypass XSS filtering mechanisms.

Universal Feed Parser (feedparser) contains a flaw in the handling of DOCTYPE declarations that may allow a denial of service. The issue is due to an error when handling malformed DOCTYPE declarations. With a specially crafted file, a context-dependent attacker can cause the application to crash.

Madirish Webmail contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'lib/addressbook.php' script not properly sanitizing user input supplied to the 'GLOBALS[basedir]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

Digital Unix FTP Server (ftpd) contains a flaw that may lead to an information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command while in passive(PASV) mode. It is possible for a remote attacker to establish a connection between the FTP server and an arbitrary port on a third-party system, essentially conducting a port-scan. This can be used to obscure the the source of the port-scan, as well as scan internal ...

Cerberus Helpdesk contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to an error in the 'customize' ticket worklist that may allow a remote attacker to gain access to custom fields in arbitrary groups.

By default, Siemens SIMATIC installs with a default password for accessing the SQL database. The 'WinCCConnect' and 'WinCCAdmin' accounts have a password of '2WSXcder' which is publicly known and documented. This allows attackers to trivially access the program or system.

UseModWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the user-submitted content upon submission to the 'wiki.pl' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

HP Network Node Manager (NNM) Remote Console 7.50, 7.51, and 7.53 assigns Everyone Full Control permission for the %PROGRAMFILES%\HP OpenView directory tree, which allows local users to gain privileges via a Trojan horse executable file or ActiveX component, or a modified bin\ovtrcsvc.exe for the HP Open View Shared Trace Service.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-0819" target="_blank">CVE</a>)</span> :

Mozilla Firefox contains a weakness that helps facilitate remote cross-site scripting (XSS) attacks. This flaw exists because the browser's HTML5 parser does not properly parse malformed script tags. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Cross-site scripting (XSS) vulnerability in XMB Forum 1.9.5 allows remote attackers to inject arbitrary web script or HTML by uploading a Flash (.SWF) video that contains a getURL function call, which causes the video to be rendered without disabling ActionScript.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1748" target="_blank">CVE</a>)</span> :

A REMOTE overflow exists in BadBlue http Server. The BadBlue http Server fails to validate the mfcisapicommand parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

The in.comsatd daemon on many flavors of unix contains a flaw that may allow a local user or LAN connected user to carry out a denial of service. The issue is triggered when a local attacker sends a huge number of username lines very quickly to the open comsat daemon, which will crash the server, resulting in loss of availability.

The Xerox Phaser 8400 allows remote attackers to cause a denial of service (reboot) via an empty UDP packet to port 1900.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2008-3571" target="_blank">CVE</a>)</span> :

PayProCart contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker uses a cross-site scripting style attack to include the usrauthstamp.php script, which will disclose arbitrary user's IP addresses resulting in a loss of confidentiality.

Apache Axis2 contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the program storing password information in plaintext in the axis2.xml file, which may allow a local attacker to gain access to such information.

phpmyfamily contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'name' variable upon submission to the 'track.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

Cross-site scripting (XSS) vulnerability in track.php in phpmyfamily 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-1425" target="_blank">CVE</a>)</span> :

PHP Live! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/traffic/knowledge_searchm.php' script not properly sanitizing user-supplied input to the 'questid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'loadparser.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'categories_add.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'categories_remove.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'edit.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'editdel.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'ftpfeature.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'login.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'pgRSSnews.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'showcat.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'upload.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'archive_cat.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'archive_nocat.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Podcast Generator contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'recent_list.php' not properly sanitizing user input supplied to the 'absoluteurl' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

Internet Explorer contains a flaw that may allow a malicious user to access documents served from another web site. The issue is caused due to an error in the handling of redirections for URLs with the "mhtml:" URI handler. It is possible that the flaw may allow a malicious website to access properties of a site in an arbitrary external domain in the context of the victim user's browser resulting in a loss of confidentiality.

Universal Feed Parser (feedparser) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate nested CDATA stanzas upon submission to the feedparser.py script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Inkscape contains a flaw that is due to the program insecurely loading EPS files from the /tmp directory rather than the current directory in use. This may allow an attacker to inject a malicious file in the /tmp directory and have it executed by the program.

Facter is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the ...

WebCalendar contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request to multiple scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

A buffer overflow exists in Mac OS X. slpd fails to validate the attr-list field of registration requests resulting in a stack overflow. With a specially crafted request, a local attacker can cause arbitrary code execution resulting in a loss of integrity.

Input passed to the "option" parameter in "index.php" is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in the context of an affected web site.

Adobe Reader and Acrobat 8.1.1 and earlier allows remote attackers to execute arbitrary code via a crafted PDF file that calls an insecure JavaScript method in the EScript.api plug-in. NOTE: this issue might be subsumed by CVE-2008-0655.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-5663" target="_blank">CVE</a>)</span> :

Oracle Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the SYS.LT package not properly sanitizing user-supplied input to the MERGEWORKSPACE procedure. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

GetSimple CMS contains a flaw that allows a reflected cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'path' parameter upon submission to the admin/upload.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-0885" target="_blank">CVE</a>)</span> :

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-4061" target="_blank">CVE</a>)</span> :

Multiple untrusted search path vulnerabilities in (1) db2rspgn and (2) kbbacf1 in IBM DB2 Express Edition 9.7, as used in the IBM Tivoli Monitoring for Databases: DB2 Agent, allow local users to gain privileges via a Trojan horse libkbb.so in the current working directory, related to the DT_RPATH ELF header.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-4061" target="_blank">CVE</a>)</span> :

Room Juice contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'filename' parameter upon submission to the 'display.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Interspire FastFind contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'query' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2006-5758" target="_blank">CVE</a>)</span> :

XNU 1228.9.59 and earlier on Apple Mac OS X 10.5.6 and earlier does not properly restrict interaction between user space and the HFS IOCTL handler, which allows local users to overwrite kernel memory and gain privileges by attaching an HFS+ disk image and performing certain steps involving HFS_GET_BOOT_INFO fcntl calls.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1235" target="_blank">CVE</a>)</span> :

phpMyFAQ versions < 2.5.5 contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the sitemap&lang, search&search, search&tagging_id, artikel&highlight, artikel&artlang, sitemap&letter, show&lang, show&cat, news&newsid=1&newslang, send2friend&artlang, send2friend&cat, send2friend&id, translate&srclang, translate&id, translate&cat, add&cat, add&question parameters upon submission to the index.php?action= script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the ...

Axis2 contains a flaw that may allow a remote attacker to access arbitrary files. The issue is due to the services applet not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the xsd parameter. This flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

A local overflow exists in Excel. The product fails to verify the length of BOOLERR records in the BIFF file format resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbityrary code execution resulting in a loss of integrity.

Directory traversal vulnerability in download_pdf.php in AssetMan 2.4a and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the pdf_file parameter.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2007-1427" target="_blank">CVE</a>)</span> :

ATutor contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the PATH_INFO parameter (URL) upon submission to the multiple scripts listed in the testing notes section. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Apple Mac OS X contains a flaw in the tnftpd server process that may allow a remote denial of service. The issue is triggered during the handling of a specially crafted command pattern. This may allow a remote attacker to crash the system via the GLOB_LIMIT function.

Windows contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when certain DHTML methods are used, leading to a race condition when one thread reads data from memory that has either been overwritten by another thread or has not yet been initialized by another thread. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

UnZip contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when an archived file contains double dot (..) sequences in the file name, which could allow a malicious user to overwrite arbitrary files on the system resulting in a loss of integrity.

UnZip contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when an archived file contains single slash ('/') sequences in the file name, which could allow a malicious user to overwrite arbitrary files on the system resulting in a loss of integrity.

Store Locator Plus Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /wp-content/plugins/store-locator-le/downloadcsv.php script not properly sanitizing user-supplied input to the 'query' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

SunOS contains a flaw in the rpc.mountd daemon. The issue is triggered during the handling of an /etc/exports file contains an -access string larger than 256 bytes, which will cause the string to become world mounted. Additionally, if an -access string is longer than 1024 bytes the program will truncate it, which will not allow the string to be mounted on the file system or directory.

A memory corruption flaw exists in Opera. The program fails to sanitize user-supplied input when handling frameset constructs during page unloading, resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can execute arbitrary code.

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-5067" target="_blank">CVE</a>)</span> :

Local Market Explorer Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'api-key' parameter upon submission to the wp-content/plugins/local-market-explorer/modules/walk-score-iframe.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Tine contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'file' parameter upon submission to the library/vcardphp/vbook.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

IBM WebSphere Application Server (WAS) contains a flaw that is due to the authentication process being performing by using a cached entry. This may allow a remote attacker to bypass account lockout policies when LDAP is in use.

Premier Election Solutions (Diebold) Global Election Management System (GEMS) provides a "Clear" button for the audit log system, which allows operators to delete the audit log without any possibility of restoring it. This violates federal voting system standards requiring indestructible logs to track all system events.

OpenEMR contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'validateUser.php' script not properly sanitizing user-supplied input to the 'u' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

SLiM contains a flaw as /tmp/slim.png creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against an unspecified file to cause the program to unexpectedly overwrite an arbitrary file.

Directory traversal vulnerability in Blue Coat Reporter 9.x before 9.2.4.13, 9.2.5.x before 9.2.5.1, and 9.3 before 9.3.1.2 on Windows allows remote attackers to read arbitrary files, and consequently execute arbitrary code, via an unspecified HTTP request.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=2011-5127" target="_blank">CVE</a>)</span> :

SGI syserr program allows local users to corrupt files.<span style='font-weight:bold;'>(Description Provided by <a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=1999-0327" target="_blank">CVE</a>)</span> :

BookMark4U contains a flaw that may allow an attacker to bypass authentication. The issue is due to the program allowing authentication based on IP address, rather than password. By spoofing an IP address or coming from the same IP as the target (e.g., same ISP, same proxy), an attacker can access the application without providing the password.

phpList contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'testtarget', 'page', 'footer', 'status', 'remote_user', 'remote_database', 'remote_userprefix', 'remote_password', 'remote_prefix' and 'id' parameters upon submission to the admin/index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

HP ArcSight Connector and Logger Appliances contain a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the applications do not validate certain input when handling file host data before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

BIRT contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the '__report' parameter upon submission to the birt-viewer/run script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

PHP contains a flaw in the Zend engine that may allow a remote denial of service. The issue is due to the application not enforcing sanity checks for the depth of nested arrays. With a specially crafted request containing deeply nested arrays that triggers deep recursion in the variable destruction routines, a remote attacker can cause a stack exhaustion.

Multiple Rockwell Automation products contain a flaw that may allow a remote denial of service. The issue is triggered during the parsing of a CIP message that changes the devices network and configuration parameters. This will result in a loss of availability for the device and a loss of communication for any device connected to it.

Multiple Rockwell Automation products contain an overflow condition that is triggered as user-supplied input is not properly validated when parsing a CIP packet sent for the affected ports. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service for the CPU. This will cause a loss of availability for the device.

Multiple Rockwell Automation products contain an overflow condition that is triggered as user-supplied input is not properly validated when parsing a CIP packet sent for the affected ports. This may allow a remote attacker to cause a buffer overflow, resulting in a denial of service for the network interface card (NIC). This will cause a loss of availability for the device.