WebCalendar Pre-Auth PHP Code Execution

Added: 05/18/2012 CVE: CVE-2012-1495 BID: 53207 OSVDB: 80097 Background WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. Problem WebCalendar fails to properly...

WebCalendar Pre-Auth PHP Code Execution

Added: 05/18/2012 CVE: CVE-2012-1495 BID: 53207 OSVDB: 80097 Background WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. Problem WebCalendar fails to properly...

WebCalendar Pre-Auth PHP Code Execution

Added: 05/18/2012 CVE: CVE-2012-1495 BID: 53207 OSVDB: 80097 Background WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. Problem WebCalendar fails to properly...

WebCalendar Pre-Auth PHP Code Execution

Added: 05/18/2012 CVE: CVE-2012-1495 BID: 53207 OSVDB: 80097 Background WebCalendar is a PHP-based calendar application that can be configured as a single-user calendar, a multi-user calendar for groups of users, or as an event calendar viewable by visitors. Problem WebCalendar fails to properly...

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

SolarWinds Storage Manager SQL Injection

Added: 05/17/2012 BID: 51639 OSVDB: 81634 Background SolarWinds Storage Manager is agentless heterogeneous monitoring and reporting of the performance and capacity of physical and virtual storage infrastructure. It delivers visibility and insight into how your storage infrastructure maps to your...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

Netop Remote Control DWS File Stack Buffer Overflow

Added: 05/11/2012 BID: 47631 OSVDB: 72291 Background NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices. Problem NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize...

Netop Remote Control DWS File Stack Buffer Overflow

Added: 05/11/2012 BID: 47631 OSVDB: 72291 Background NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices. Problem NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize...

Netop Remote Control DWS File Stack Buffer Overflow

Added: 05/11/2012 BID: 47631 OSVDB: 72291 Background NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices. Problem NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize...

Netop Remote Control DWS File Stack Buffer Overflow

Added: 05/11/2012 BID: 47631 OSVDB: 72291 Background NetOp Remote Control provides secure remote control and support for workstations, servers, embedded systems, and mobile devices. Problem NetOp Remote Control is vulnerable to stack buffer overflow as a result of failing to properly sanitize...

VideoLAN VLC Media Player MMS URI Stack Overflow

Added: 05/09/2012 CVE: CVE-2012-1775 BID: 53391 OSVDB: 80188 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

VideoLAN VLC Media Player MMS URI Stack Overflow

Added: 05/09/2012 CVE: CVE-2012-1775 BID: 53391 OSVDB: 80188 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long...

VideoLAN VLC Media Player MMS URI Stack Overflow

Added: 05/09/2012 CVE: CVE-2012-1775 BID: 53391 OSVDB: 80188 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

VideoLAN VLC Media Player MMS URI Stack Overflow

Added: 05/09/2012 CVE: CVE-2012-1775 BID: 53391 OSVDB: 80188 Background VLC media player is a media player supporting various audio and video formats for multiple platforms. Problem VLC Player versions 2.0.0 and lower do not properly validate the hostname when accessing MMS URIs. An overly long...

Ricoh DC Software DL-10 FTP Server USER Remote Code Execution

Added: 05/09/2012 BID: 52235 OSVDB: 79691 Background Various cameras e.g. CX1-6, G700, G700SE provided by Ricoh support transfering images to a PC over FTP. Ricoh supplies a small FTP server called SR-10 / Capftpd which enables users to transfer images from camera to computer. Problem The flaw is...

McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...

McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...

McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...

McAfee Virtual Technician MVT.MVTControl ActiveX Control Insecure Method

Added: 05/04/2012 BID: 53304 Background McAfee Virtual Technician is a free automated diagnosis and and problem resolution tool which scans a Windows system to ensure that McAfee products are installed correctly. Problem McAfee Virtual Technician ActiveX control MVT.dll, as provided in McAfee...

FreePBX callmenum Remote Code Execution

Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...

FreePBX callmenum Remote Code Execution

Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

FreePBX callmenum Remote Code Execution

Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

Oracle WebCenter Forms Recognition SSSplitter ActiveX Overwrite

Added: 05/02/2012 CVE: CVE-2012-1710 BID: 53062 OSVDB: 81366 Background Oracle WebCenter Imaging is a combined document management and business process management suite, marketed as a component of the Oracle Fusion Middleware portfolio of products. Oracle Forms Recognition OFR is an intelligent...

FreePBX callmenum Remote Code Execution

Added: 05/02/2012 BID: 52630 OSVDB: 80544 Background FreePBX is an open source telephony front-end, which has an easy to use graphical user interface that controls and manages Asterisk. Problem FreePBX fails to properly sanitize user-supplied input passed to 'callmenum' parameter in...

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

LANDesk ThinkManagement Suite ServerSetup.asmx Directory Traversal

Added: 04/27/2012 CVE: CVE-2012-1195 BID: 52023 OSVDB: 79276 Background LANDesk Lenovo ThinkManagement Console provides hardware discovery, comprehensive inventory, and reporting for Lenovo systems. Problem LANDesk Lenovo ThinkManagement Console runs a web application under the Microsoft IIS web...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Microsoft Expression Design wintab32.dll Library Loading

Added: 04/25/2012 CVE: CVE-2012-0016 BID: 52375 OSVDB: 80001 Background Microsoft Expression Design is a commercial professional illustration vector and raster graphic design tool for web images. Problem Microsoft Expression Design contains a flaw in the way it loads dynamic-link libraries DLL. T...

Cisco Linksys PTZ Internet Video Camera PlayerPT ActiveX Overflow

Added: 04/19/2012 BID: 52673 OSVDB: 80297 Background The Cisco WVC200 Wireless-G PTZ Internet Video Camera sends live video through the Internet to a web browser anywhere in the world. Viewers can access the video stream through an HTTP service, which requires an ActiveX client to be installed in...

Cisco Linksys PTZ Internet Video Camera PlayerPT ActiveX Overflow

Added: 04/19/2012 BID: 52673 OSVDB: 80297 Background The Cisco WVC200 Wireless-G PTZ Internet Video Camera sends live video through the Internet to a web browser anywhere in the world. Viewers can access the video stream through an HTTP service, which requires an ActiveX client to be installed in...