| OSVDB ID | Disclosure Date | Title |
|---|
|
87672
Description:
404 Error Page Handling (error_404_handling) Extension for TYPO3 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input before using it in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2010-04-14
|
404 Error Page Handling (error_404_handling) Extension for TYPO3 Unspecified SQL Injection
|
|
22274
Description:
(Description Provided by CVE) : 427BB 2.2 and 2.2.1 verifies authentication credentials based on the username, authenticated, and usertype cookies, which allows remote attackers to bypass authentication by using a valid username and usertype and setting the authenticated cookie.
|
2006-01-07
|
427BB Crafted Cookie Remote Privilege Escalation
|
|
22276
Description:
427BB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Message Body upon submission to the 'posts.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2006-01-07
|
427BB posts.php Message Body XSS
|
|
14302
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in profile.php in 427BB 2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) user or (2) Avatar parameters.
|
2005-03-01
|
427BB profile.php Avatar Parameter XSS
|
|
45972
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
|
2008-06-05
|
427BB register.php Multiple Parameter XSS
|
|
45973
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
|
2008-06-05
|
427BB reminder.php Multiple Parameter XSS
|
|
45974
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in 427BB 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to (a) register.php, (b) reminder.php, and (c) search.php; the (2) uname, (3) email, and (4) email2 parameters to register.php; the (5) email parameter to reminder.php; and the (6) keywords parameter to search.php.
|
2008-06-05
|
427BB search.php Multiple Parameter XSS
|
|
45971
Description:
427BB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'showpost.php' script not properly sanitizing user-supplied input to the 'post' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2008-06-05
|
427BB showpost.php post Parameter SQL Injection
|
|
22275
Description:
427BB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the showthread.php script not properly sanitizing user-supplied input to the 'ForumID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2006-01-07
|
427BB showthread.php ForumID Parameter SQL Injection
|
|
8072
Description:
By default, 4D Portal installs with a default password. The "super-user" account has a password of "admin" which is publicly known and documented. This allows attackers to trivially access the program or system.
|
2004-07-19
|
4D Portal Admin Default Account
|
|
14477
Description:
(Description Provided by CVE) : Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request.
|
2002-06-18
|
4D Web Server Long HTTP Request Overflow
|
|
59413
Description:
(Description Provided by CVE) : Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.
|
2001-08-20
|
4D Web Server URI Traversal Arbitrary File Access
|
|
14419
Description:
(Description Provided by CVE) : Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP request with Basic Authentication containing a long (1) user name or (2) password.
|
2002-05-03
|
4D WebServer HTTP Basic Authentication Multiple Parameter Overflows
|
|
8085
Description:
WebSTAR Admin Application contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker established and then quickly cancelled a new connection, and will result in loss of availability for the service.
|
1999-12-08
|
4D WebSTAR Admin Application Connection Cancel DoS
|
|
8084
Description:
WebSTAR Admin Application contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker intentionally fails to enter a connection password which disables menu options, and will result in loss of availability for the service.
|
1999-12-08
|
4D WebSTAR Admin Application Connection Password Menu DoS
|
|
8081
Description:
Unknown / Incomplete
|
2001-12-10
|
4D WebSTAR Client Upload Path Overflow DoS
|
|
2542
Description:
Unknown / Incomplete
|
2003-09-12
|
4D WebSTAR FTP Password Parameter Remote Overflow
|
|
8079
Description:
Unknown / Incomplete
|
2002-10-01
|
4D WebSTAR FTP Plug-In Malformed File DoS
|
|
1619
Description:
(Description Provided by CVE) : Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
|
2000-03-21
|
4D WebSTAR GET Overflow DoS
|
|
19729
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2.
|
2005-09-30
|
4D WebSTAR IMAP MacOS Client Unspecified Potential DoS
|
|
30450
Description:
(Description Provided by CVE) : Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory.
|
2006-11-15
|
4D WebSTAR libucache.dylib Path Subversion Privilege Escalation
|
|
8082
Description:
Unknown / Incomplete
|
2000-09-11
|
4D WebSTAR Mail LDAP Port Connection Remote DoS
|
|
8080
Description:
Unknown / Incomplete
|
2002-02-27
|
4D WebSTAR Malformed Query Search DoS
|
|
8083
Description:
Unknown / Incomplete
|
2000-09-11
|
4D WebSTAR Malformed Search String Remote DoS
|
|
8077
Description:
Unknown / Incomplete
|
2003-07-28
|
4D WebSTAR Multiple AppleEvent CGI Hit DoS
|
|
7796
Description:
WebSTAR contains a flaw that may allow a malicious user to access unauthorized information. The issue is due to WebSTAR's inproper file permission on php.ini within the /cgi-bin or /fcgi-bin directories. This flaw may allow a remote attacker to download the php.ini file and obtain sensitive information of the webserver and database server, resulting in a loss of confidentiality.
|
2004-07-13
|
4D WebSTAR php.ini System Information Disclosure
|
|
7794
Description:
A remote overflow exists in 4D WebSTAR. The FTP service fails to peform proper bounds checking on ftp commands resulting in a buffer overflow. With a specially crafted request, an attacker can cause cause arbitrary code execuation prior to authenticating to the server allowing the code to run in the context of "webstar user" and "wheel group", resulting in a loss of integrity.
|
2004-07-13
|
4D WebSTAR Pre-Authentication FTP Overflow
|
|
26329
Description:
Unknown / Incomplete
|
2003-02-23
|
4D WebSTAR Server Log Remote Disclosure
|
|
7795
Description:
WebSTAR contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when calling /cgi-bin/ShellExample.cgi with metacaracters like '*' after the directory name, which will disclose directory listing information resulting in a loss of confidentiality.
|
2004-07-13
|
4D WebSTAR ShellExample.cgi Arbitrary Directory Browsing
|
|
7797
Description:
WebSTAR contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to WebSTAR overwriting other files via symlink. By overwriting the files related to the cron subsystem, a local attacker can obtain administrative privileges, resulting in a loss of integrity.
|
2004-07-13
|
4D WebSTAR Symlink Local Privilege Escalation
|
