[CLOSE] OSVDB ID : 81906 - Disclosed: 2012-04-18

Description:

2 Click Social Media Buttons Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'pinterest-url' parameter upon submission to the wp-content/plugins/2-click-socialmedia-buttons/libs/pinterest.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 81907 - Disclosed: 2012-04-18

Description:

2 Click Social Media Buttons Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'xing-url' parameter upon submission to the wp-content/plugins/2-click-socialmedia-buttons/libs/xing.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 30500 - Disclosed: 2006-11-17

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in vehiclelistings.asp in 20/20 Auto Gallery allow remote attackers to execute arbitrary SQL commands via the (1) vehicleID, (2) categoryID_list, (3) sale_type, (4) stock_number, (5) manufacturer, (6) model, (7) vehicleID, (8) year, (9) vin, and (10) listing_price parameters.

[CLOSE] OSVDB ID : 30434 - Disclosed: 2006-11-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30435 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : SQL injection vulnerability in listings.asp in 20/20 DataShed (aka Real Estate Listing System) allows remote attackers to execute arbitrary SQL commands via the itemID parameter. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 32786 - Disclosed: 2006-11-17

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.

[CLOSE] OSVDB ID : 32785 - Disclosed: 2006-11-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 32787 - Disclosed: 2006-11-17

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in 20/20 DataShed (aka Real Estate Listing System) allow remote attackers to execute arbitrary SQL commands via the (1) itemID parameter to (a) f-email.asp, or the (2) peopleID and (2) sort_order parameters to (b) listings.asp, different vectors than CVE-2006-5955.

[CLOSE] OSVDB ID : 25435 - Disclosed: 2006-05-05

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter.

[CLOSE] OSVDB ID : 49300 - Disclosed: 2008-09-26

Description:

212cafe Board contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view.php' script not properly sanitizing user-supplied input to the 'qID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 33570 - Disclosed: 2007-01-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in show.php in 212cafe Guestbook 4.00 beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

[CLOSE] OSVDB ID : 33562 - Disclosed: 2007-01-20

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in list3.php in 212cafeBoard 6.30 Beta allows remote attackers to inject arbitrary web script or HTML via the user parameter.

[CLOSE] OSVDB ID : 38334 - Disclosed: 2007-09-04

Description:

(Description Provided by CVE) : SQL injection vulnerability in read.php in 212cafeBoard 6.30 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 33563 - Disclosed: 2007-01-20

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in search.php in 212cafeBoard 0.08 Beta allows remote attackers to inject arbitrary web script or HTML via keyword parameter.

[CLOSE] OSVDB ID : 23038 - Disclosed: 2006-02-05

Description:

2200net Calendar System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the adminlogin.php script not properly sanitizing user-supplied input to the 'acc' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23037 - Disclosed: 2006-02-05

Description:

2200net Calendar System contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the calendar.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 10889 - Disclosed: 2000-11-27

Description:

(Description Provided by CVE) : 24Link 1.06 web server allows remote attackers to bypass access restrictions by prepending strings such as "/+/" or "/." to the HTTP GET request.

[CLOSE] OSVDB ID : 36687 - Disclosed: 2007-08-26

Description:

(Description Provided by CVE) : Directory traversal vulnerability in activateuser.php in 2532|Gigs 1.2.1 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the language parameter.

[CLOSE] OSVDB ID : 52116 - Disclosed: 2008-04-18

Description:

(Description Provided by CVE) : 2532designs 2532|Gigs 1.2.2 and earlier allows remote attackers to trigger a backup and obtain sensitive information via a direct request to backup.php, which creates backup.sql under the web root with insufficient access control.

[CLOSE] OSVDB ID : 56818 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the <SCRIPT> script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the 'language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.

[CLOSE] OSVDB ID : 56829 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. This can be used to bypass authentication of the application.

[CLOSE] OSVDB ID : 56821 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the <SCRIPT> script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the 'language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.

[CLOSE] OSVDB ID : 56820 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the <SCRIPT> script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the 'language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.

[CLOSE] OSVDB ID : 56819 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the <SCRIPT> script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the 'language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.

[CLOSE] OSVDB ID : 56817 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the <SCRIPT> script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied to the 'language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands which will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In additin, this flaw can potentially be used to disclose the contents of any file on the system.

[CLOSE] OSVDB ID : 56860 - Disclosed: 2008-12-18

Description:

2532|Gigs contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a malicious user uploads an executable file to upload_flyer.php and then accesses the file from /flyers. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 79204 - Disclosed: 2005-06-22

Description:

27 Tools-in-1 Wichio Browser contains a Javascript flaw that may allow an attacker to open a dialog box in front of a window displaying a trusted web site. This can allow them to make it appear that the dialog box comes from the trusted web site, which may be used to trick users into entering passwords or other sensitive information.

[CLOSE] OSVDB ID : 64603 - Disclosed: 2010-05-10

Description:

29o3 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the lib/layout/layoutHeaderFuncs.php script not properly sanitizing user input supplied to the 'LibDir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 64604 - Disclosed: 2010-05-10

Description:

29o3 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the lib/layout/layoutManager.php script not properly sanitizing user input supplied to the 'LibDir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 64605 - Disclosed: 2010-05-10

Description:

29o3 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the lib/layout/layoutParser.php script not properly sanitizing user input supplied to the 'LibDir' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.