[ Register | Login ]

Home PHP Scripts Contact News Articles RSS Readers Donations

Software Vulnerability

	Enter your search terms Submit search form
	Web www.amigura.co.uk

Main

Software Alerts

Software and Script Bug Exploits
Software Vulnerability
Random Feeds

Archives

| May 2012 | Apr 2012 | Mar 2012 | Feb 2012 | Jan 2012 | Dec 2011 | Nov 2011 | Oct 2011 | Sep 2011 | Aug 2011 | Jul 2011 | Jun 2011 | May 2011 | Apr 2011 | Mar 2011 | Feb 2011 | Jan 2011 | Dec 2010 | Nov 2010 | Oct 2010 | Sep 2010 | Aug 2010 | Jul 2010 | Jun 2010 | May 2010 | Apr 2010 | Mar 2010 | Feb 2010 | Jan 2010 | Dec 2009 | Nov 2009 | Oct 2009 | Sep 2009 | Aug 2009 | Jul 2009 | Jun 2009 | May 2009 | Apr 2009 | Mar 2009 | Feb 2009 | Jan 2009 | Dec 2008 | Nov 2008 | Oct 2008 | Sep 2008 | Aug 2008 | Jul 2008 | Jun 2008 | May 2008 | Apr 2008 | Mar 2008 | Feb 2008 | Jan 2008 | Dec 2007 | Nov 2007 |

Sat, 25 Feb 12
zimbra
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1213
Cross-site scripting (XSS) vulnerability in zimbra/h/calendar in Zimbra Web Client allows remote attackers to inject arbitrary web script or HTML via the view parameter.

Sat, 25 Feb 12
smw+
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1212
Cross-site scripting (XSS) vulnerability in the smwfOnSfSetTargetName function in extensions/SMWHalo/includes/SMW_Initialize.php in Semantic Enterprise Wiki (SMW+) 1.5.6, 1.6.0_2 and earlier allows remote attackers to inject arbitrary web script or HTML via the target parameter to index.php/Special:FormEdit. NOTE: some of these details are obtained from third party information.

Sat, 25 Feb 12
pfile
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1211
Cross-site scripting (XSS) vulnerability in pfile/kommentar.php in Powie pFile 1.02 allows remote attackers to inject arbitrary web script or HTML via the filecat parameter.

Sat, 25 Feb 12
pfile
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1210
SQL injection vulnerability in pfile/file.php in Powie pFile 1.02 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Sat, 25 Feb 12
fork_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1209
Cross-site scripting (XSS) vulnerability in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to inject arbitrary web script or HTML via the highlight parameter.

Sat, 25 Feb 12
fork_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1208
Multiple cross-site scripting (XSS) vulnerabilities in backend/core/engine/base.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) report parameter to blog/settings or (2) error parameter to users/index.

Sat, 25 Feb 12
fork_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1207
Directory traversal vulnerability in frontend/core/engine/javascript.php in Fork CMS 3.2.4 and possibly other versions before 3.2.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the module parameter to frontend/js.php.

Sat, 25 Feb 12
hancom_office_2010_se
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1206
Multiple integer overflows in Hancom Office 2010 SE 8.5.5 allow remote attackers to execute arbitrary code via large dimension values in a (1) JPG image to the ImportGR in the JPG image filter module (HncJpeg10.flt) or (2) PNG image to the PNG image filter module (HncPng10.flt), which triggers a heap-based buffer overflow.

Sat, 25 Feb 12
relocate-upload
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1205
PHP remote file inclusion vulnerability in relocate-upload.php in Relocate Upload plugin before 0.20 for WordPress allows remote attackers to execute arbitrary PHP code via a URL in the abspath parameter.

Sat, 25 Feb 12
lepton
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1000
Multiple cross-site scripting (XSS) vulnerabilities in LEPTON 1.1.3 and other versions before 1.1.4 allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to admins/login/forgot/index.php, or the (2) display_name or (3) email parameter to account/preferences.php.

Sat, 25 Feb 12
lepton
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0999
SQL injection vulnerability in modules/news/rss.php in LEPTON before 1.1.4 allows remote attackers to execute arbitrary SQL commands via the group_id parameter.

Sat, 25 Feb 12
lepton
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0998
Directory traversal vulnerability in account/preferences.php in LEPTON before 1.1.4 allows remote attackers to include and execute arbitrary files via a .. (dot dot) in the language parameter.

Sat, 25 Feb 12
11in1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0997
Cross-site request forgery (CSRF) vulnerability in admin/index.php in 11in1 1.2.1 stable 12-31-2011 allows remote attackers to hijack the authentication of administrators for requests that add new topics via an addTopic action.

Sat, 25 Feb 12
11in1
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0996
Multiple directory traversal vulnerabilities in 11in1 1.2.1 stable 12-31-2011 allow remote attackers to read arbitrary files via a .. (dot dot) in the class parameter to (1) index.php or (2) admin/index.php.

Fri, 24 Feb 12
CVE-2012-1288 (utc_fire_&_security_ge-mc100-ntp/gps-zb_master_clock_device)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1288
The UTC Fire & Security GE-MC100-NTP/GPS-ZB Master Clock device uses hardcoded credentials for an administrative account, which makes it easier for remote attackers to obtain access via an HTTP session.

Fri, 24 Feb 12
blackberry_playbook_os, blackberry_playbook_tablet, samba
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0870
Heap-based buffer overflow in process.c in smbd in Samba 3.0, as used in the file-sharing service on the BlackBerry PlayBook tablet before 2.0.0.7971 and other products, allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a Batched (aka AndX) request that triggers infinite recursion.

Fri, 24 Feb 12
websphere_application_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0707
Cross-site scripting (XSS) vulnerability in IBM WebSphere Lombardi Edition 7.2 allows remote attackers to inject arbitrary web script or HTML via crafted text input to a coach that is configured with a document attachment control section.

Thu, 23 Feb 12
easyvista
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1256
The single sign-on (SSO) implementation in EasyVista before 2010.1.1.89 allows remote attackers to bypass authentication via a modified url_account parameter, in conjunction with a valid login name in the SSPI_HEADER parameter, to index.php.

Thu, 23 Feb 12
alftp
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0315
Untrusted search path vulnerability in ALFTP before 5.31 allows local users to gain privileges via a Trojan horse executable file in a directory that is accessed for reading an extensionless file, as demonstrated by executing the README.exe file when a user attempts to access the README file.

Thu, 23 Feb 12
CVE-2012-0291 (pcanywhere, altiris_client_management_suite_pcanywhere_solution, altiris_deployme...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0291
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) allow remote attackers to cause a denial of service (application crash or hang) via (1) malformed data from a client, (2) malformed data from a server, or (3) an invalid response.

Thu, 23 Feb 12
termis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0223
Untrusted search path vulnerability in 7-Technologies (7T) TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory, a different vulnerability than CVE-2012-0224.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1235
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to hijack the authentication of unspecified victims via unknown vectors. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0235.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1234
SQL injection vulnerability in Advantech/BroadWin WebAccess 7.0 allows remote authenticated users to execute arbitrary SQL commands via a malformed URL. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-0234.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0244
Multiple SQL injection vulnerabilities in Advantech/BroadWin WebAccess before 7.0 allow remote attackers to execute arbitrary SQL commands via crafted string input.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0243
Buffer overflow in an ActiveX control in bwocxrun.ocx in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code by leveraging the ability to write arbitrary content to any pathname.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0242
Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via format string specifiers in a message string.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0241
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to cause a denial of service (memory corruption) via a modified stream identifier to a function.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0240
GbScriptAddUp.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to execute arbitrary code via unspecified vectors.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0239
uaddUpAdmin.asp in Advantech/BroadWin WebAccess before 7.0 does not properly perform authentication, which allows remote attackers to modify an administrative password via a password-change request.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0238
Stack-based buffer overflow in opcImg.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via unspecified vectors.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0237
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to (1) enable date and time syncing or (2) disable date and time syncing via a crafted URL.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0236
Advantech/BroadWin WebAccess 7.0 and earlier allows remote attackers to obtain sensitive information via a direct request to a URL. NOTE: the vendor reportedly "does not consider it to be a security risk."

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0235
Cross-site request forgery (CSRF) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0234
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via a malformed URL.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0233
Cross-site scripting (XSS) vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via a malformed URL.

Wed, 22 Feb 12
soliddb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0200
The server in IBM solidDB 6.5 before Interim Fix 6 does not properly initialize data structures, which allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a redundant WHERE condition.

Wed, 22 Feb 12
soliddb
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4890
The server in IBM solidDB 6.5 before FP9 and 7.0 before FP1 allows remote authenticated users to cause a denial of service (daemon crash) via a SELECT statement with a ROWNUM condition involving a subquery.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4526
Buffer overflow in an ActiveX control in Advantech/BroadWin WebAccess before 7.0 might allow remote attackers to execute arbitrary code via a long string value in unspecified parameters.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4525
Advantech/BroadWin WebAccess before 7.0 allows remote attackers to trigger the extraction of arbitrary web content into a batch file on a client system, and execute this batch file, via unspecified vectors.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4524
Buffer overflow in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary code via a long string value in unspecified parameters.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4523
Cross-site scripting (XSS) vulnerability in bwview.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4522
Cross-site scripting (XSS) vulnerability in bwerrdn.asp in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Wed, 22 Feb 12
advantech_webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4521
SQL injection vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary SQL commands via crafted string input.

Wed, 22 Feb 12
adam_opc_server, modbus_rtu_opc_server, modbus_tcp_opc_server
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-1914
Buffer overflow in the Advantech ADAM OLE for Process Control (OPC) Server ActiveX control in ADAM OPC Server before 3.01.012, Modbus RTU OPC Server before 3.01.010, and Modbus TCP OPC Server before 3.01.010 allows remote attackers to execute arbitrary code via unspecified vectors.

Wed, 22 Feb 12
pluck
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1227
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in pluck 4.7 allow remote attackers to hijack the authentication of admins for requests that (1) modify the admin email address or (2) modify the blog title via a settings action; (3) add a page via an editpage action, or (4) add a categorie via the blog module.

Wed, 22 Feb 12
dolibarr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1226
Multiple directory traversal vulnerabilities in Dolibarr CMS 3.2.0 Alpha allow remote attackers to read arbitrary files and possibly execute arbitrary code via a .. (dot dot) in the (1) file parameter to document.php or (2) backtopage parameter in a create action to comm/action/fiche.php.

Wed, 22 Feb 12
dolibarr
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1225
Multiple SQL injection vulnerabilities in Dolibarr CMS 3.2.0 Alpha and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) memberslist parameter (aka Member List) in list.php or (2) rowid parameter to adherents/fiche.php.

Wed, 22 Feb 12
contentlion_alpha
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1224
Cross-site scripting (XSS) vulnerability in system/classes/login.php in ContentLion Alpha 1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.

Wed, 22 Feb 12
CVE-2012-1223 (r2/extreme)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1223
RabidHamster R2/Extreme 1.65 and earlier uses a small search space of values for the PIN number, which allows remote attackers to obtain the PIN number via a brute force attack.

Wed, 22 Feb 12
CVE-2012-1222 (r2/extreme)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1222
Stack-based buffer overflow in RabidHamster R2/Extreme 1.65 and earlier allows remote authenticated users to execute arbitrary code via a long string to TCP port 23.

Wed, 22 Feb 12
CVE-2012-1221 (r2/)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1221
Directory traversal vulnerability in the telnet server in RabidHamster R2/Extreme 1.65 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the File command.

Wed, 22 Feb 12
gazie
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1220
Cross-site request forgery (CSRF) vulnerability in modules/config/admin_utente.php in GAzie 5.20 and earlier allows remote attackers to hijack the authentication of administrators for requests that change account information via an update action, as demonstrated by changing the password.

Wed, 22 Feb 12
freelancerkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1219
Multiple cross-site scripting (XSS) vulnerabilities in freelancerKit 2.35 allow remote attackers to inject arbitrary web script or HTML via the (1) ticket parameter to tickets.php, (2) title parameter to notes.php, or (3) task parameter to todo.php. NOTE: some of these details are obtained from third party information.

Wed, 22 Feb 12
freelancerkit
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1218
Multiple SQL injection vulnerabilities in freelancerKit 2.35 allow remote attackers to execute arbitrary SQL commands via unspecified vectors to the (1) notes and (2) tickets components.

Wed, 22 Feb 12
zenphoto
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0995
Multiple cross-site scripting (XSS) vulnerabilities in ZENphoto 1.4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter in an external action to zp-core/admin.php, (2) PATH_INTO to an unspecified URL, as demonstrated using /1/, (3) PATH_INFO to zp-core/admin.php, or (4) album parameter to zp-core/admin-edit.php.

Wed, 22 Feb 12
zenphoto
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0994
SQL injection vulnerability in the Manage Albums feature in zp-core/admin-albumsort.php in ZENphoto 1.4.2 allows remote authenticated users to execute arbitrary SQL commands via the sortableList parameter.

Wed, 22 Feb 12
zenphoto
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0993
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via the viewer_size_image_saved cookie.

Wed, 22 Feb 12
cubecart
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0865
Multiple open redirect vulnerabilities in CubeCart 3.0.20 and earlier allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) r parameter to switch.php or (2) goto parameter to admin/login.php.

Wed, 22 Feb 12
aquis, termis
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0224
Untrusted search path vulnerability in 7-Technologies (7T) AQUIS 1.5 and earlier and TERMIS 2.10 and earlier allows local users to gain privileges via a Trojan horse DLL in the current working directory.

Wed, 22 Feb 12
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4187
Buffer overflow in the GetDriverSettings function in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a long realm field, a different vulnerability than CVE-2011-3173.

Wed, 22 Feb 12
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4186
Heap-based buffer overflow in nipplib.dll in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code via a crafted client-file-name parameter in a printer-url, a different vulnerability than CVE-2011-1705.

Wed, 22 Feb 12
iprint
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4185
The GetPrinterURLList2 method in the ActiveX control in Novell iPrint Client before 5.78 on Windows allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2008-2431 and CVE-2008-2436.

Wed, 22 Feb 12
sths_v2_web_portal
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1217
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.php, or (3) team.php.

Wed, 22 Feb 12
pbboard
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1216
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via an add action or (2) change the contents of a file via a dit action.

Wed, 22 Feb 12
yoono_for_firefox
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1215
Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action.

Wed, 22 Feb 12
yoono_desktop
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1214
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a "Create a group" action.

Fri, 17 Feb 12
chrome
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3015
Multiple integer overflows in the PDF codecs in Google Chrome before 17.0.963.56 allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

Wed, 15 Feb 12
irfaq
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5079
Open redirect vulnerability in the Modern FAQ (irfaq) extension 1.1.2 and other versions before 1.1.4 for TYPO3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL, probably in the "return url parameter."

Wed, 15 Feb 12
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0789
Memory leak in the timezone functionality in PHP before 5.3.9 allows remote attackers to cause a denial of service (memory consumption) by triggering many strtotime function calls, which are not properly handled by the php_date_parse_tzfile cache.

Wed, 15 Feb 12
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0788
The PDORow implementation in PHP before 5.3.9 does not properly interact with the session feature, which allows remote attackers to cause a denial of service (application crash) via a crafted application that uses a PDO driver for a fetch and then calls the session_start function, as demonstrated by a crash of the Apache HTTP Server.

Tue, 14 Feb 12
ivanview
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1052
Buffer overflow in IvanView 1.2.15 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

Tue, 14 Feb 12
xnview
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1051
Heap-based buffer overflow in Xjp2.dll in the JPEG2000 plug-in in XnView 1.98.5 allows remote attackers to execute arbitrary code via a JPEG2000 (JP2) file with a crafted Quantization Default (QCD) marker segment.

Tue, 14 Feb 12
mathopd
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1050
Directory traversal vulnerability in Mathopd 1.4.x and 1.5.x before 1.5p7, when configured with the * construct for mass virtual hosting, allows remote attackers to read arbitrary files via a crafted Host header.

Tue, 14 Feb 12
admanager_plus
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1049
Multiple cross-site scripting (XSS) vulnerabilities in ManageEngine ADManager Plus 5.2 Build 5210 allow remote attackers to inject arbitrary web script or HTML via the (1) domainName parameter to jsp/AddDC.jsp or (2) operation parameter to DomainConfig.do.

Thu, 9 Feb 12
episerver_cms
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1034
Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Wed, 8 Feb 12
struts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1007
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-submit.do, or the message parameter to (2) struts-cookbook/processSimple.do or (3) struts-cookbook/processDyna.do.

Wed, 8 Feb 12
struts
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1006
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 2.0.14 and 2.2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) lastName parameter to struts2-showcase/person/editPerson.action, or the (3) clientName parameter to struts2-rest-showcase/orders.

Wed, 8 Feb 12
opera_browser
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-1003
Multiple integer overflows in Opera 11.60 and earlier allow remote attackers to cause a denial of service (application crash) via a large integer argument to the (1) Int32Array, (2) Float32Array, (3) Float64Array, (4) Uint32Array, (5) Int16Array, or (6) ArrayBuffer function. NOTE: the vendor reportedly characterizes this as "a stability issue, not a security issue."

Wed, 8 Feb 12
php
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0830
The php_register_variable_ex function in php_variables.c in PHP 5.3.9 allows remote attackers to execute arbitrary code via a request containing a large number of variables, related to improper handling of array variables. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-4885.

Wed, 8 Feb 12
documentum_xplore
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0396
EMC Documentum xPlore 1.0, 1.1 before P07, and 1.2 does not properly enforce the requirement for BROWSE permission, which allows remote authenticated users to determine the existence of an object, or read object metadata, via a search.

Wed, 8 Feb 12
CVE-2012-0290 (pcanywhere, altiris_client_management_suite_pcanywhere_solution, altiris_deployme...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0290
Symantec pcAnywhere through 12.5.3, Altiris IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), Altiris Client Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), and Altiris Deployment Solution Remote pcAnywhere Solution 7.1 (aka 12.5.x and 12.6.x) do not properly handle the client state after abnormal termination of a remote session, which allows remote attackers to obtain access to the client by leveraging an "open client session."

Wed, 8 Feb 12
aix
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-0194
The TCP implementation in IBM AIX 5.3, 6.1, and 7.1, when the Large Send Offload option is enabled, allows remote attackers to cause a denial of service (assertion failure and panic) via an unspecified series of packets.

Wed, 8 Feb 12
webaccess
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4041
webvrpcs.exe in Advantech/BroadWin WebAccess allows remote attackers to execute arbitrary code or obtain a security-code value via a long string in an RPC request to TCP port 4592.

Wed, 8 Feb 12
CVE-2011-4872 (desire_hd, desire_s, droid_incredible, evo_3d, evo_4g, glacier, sensation_4g, sen...)
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4872
Multiple HTC Android devices including Desire HD FRG83D and GRI40, Glacier FRG83, Droid Incredible FRF91, Thunderbolt 4G FRG83D, Sensation Z710e GRI40, Sensation 4G GRI40, Desire S GRI40, EVO 3D GRI40, and EVO 4G GRI40 allow remote attackers to obtain 802.1X Wi-Fi credentials and SSID via a crafted application that uses the android.permission.ACCESS_WIFI_STATE permission to call the toString method on the WifiConfiguration class.

 

Home | Contact | PHP Scripts | Sitemap | News | Articles | Advertise | Jobs | RSS Readers | Donations | Api Projects

© amigura.co.uk All Rights Reserved.