[CLOSE] OSVDB ID : 10060 - Disclosed: 1999-11-24

Description:

(Description Provided by CVE) : Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle 200 ARP requests per second allowing a denial of service attack to succeed with a flood of ARP requests exceeding that limit.

[CLOSE] OSVDB ID : 1016 - Disclosed: 1999-06-23

Description:

(Description Provided by CVE) : SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.

[CLOSE] OSVDB ID : 786 - Disclosed: 2002-01-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 37574 - Disclosed: 2007-04-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in services/samples/inclusionService.php in Cabron Connector 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the CabronServiceFolder parameter.

[CLOSE] OSVDB ID : 84576 - Disclosed: 2011-09-18

Description:

CAC Featured Content Plugin for WordPress contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the 'src' parameter in the wp-content/plugins/cac-featured-content/timthumb.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

[CLOSE] OSVDB ID : 57375 - Disclosed: 2008-09-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in analyse.php in CAcert 20080921, and possibly other versions before 20080928, allows remote attackers to inject arbitrary web script or HTML via the CN (CommonName) field in the subject of an X.509 certificate.

[CLOSE] OSVDB ID : 42080 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42084 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42083 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42082 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42079 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 42081 - Disclosed: 2007-04-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the sample Cache' Server Page (CSP) scripts in InterSystems Cache' allow remote attackers to inject arbitrary web script or HTML via (1) the TO parameter to loop.csp, (2) the VALUE parameter to cookie.csp, and (3) the PAGE parameter to showsource.csp in csp/samples/; and allow remote authenticated users to inject arbitrary web script or HTML via (4) the ERROR parameter to csp/samples/xmlclasseserror.csp, and unspecified vectors in (5) object.csp and (6) lotteryhistory.csp in csp/samples/.

[CLOSE] OSVDB ID : 46173 - Disclosed: 2008-06-13

Description:

Cache_Lite Package for Mambo contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/Cache/Lite/Output.php' script not properly sanitizing user input supplied to the 'mosConfig_absolute_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 4989 - Disclosed: 2002-07-24

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.

[CLOSE] OSVDB ID : 4988 - Disclosed: 2002-01-08

Description:

(Description Provided by CVE) : Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

[CLOSE] OSVDB ID : 2020 - Disclosed: 2002-01-08

Description:

(Description Provided by CVE) : Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

[CLOSE] OSVDB ID : 33506 - Disclosed: 2007-03-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 73515 - Disclosed: 2011-03-24

Description:

Cachelogic Expired Domains Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'ncharacter' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 73513 - Disclosed: 2011-03-24

Description:

Cachelogic Expired Domains Script contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends malformed input to the index.php script via the parameters in the testing section, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 73514 - Disclosed: 2011-03-24

Description:

Cachelogic Expired Domains Script contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'name' and 'ext' parameters upon submission to the stats.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 2229 - Disclosed: 2003-07-01

Description:

(Description Provided by CVE) : Caché Database 5.x installs /cachesys/bin/cache with world-writable permissions, which allows local users to gain privileges by modifying cache and executing it via cuxs.

[CLOSE] OSVDB ID : 11916 - Disclosed: 2003-07-01

Description:

(Description Provided by CVE) : Caché Database 5.x installs the /cachesys/csp directory with insecure permissions, which allows local users to execute arbitrary code by adding server-side scripts that are executed with root privileges.

[CLOSE] OSVDB ID : 40178 - Disclosed: 2007-07-18

Description:

(Description Provided by CVE) : Unspecified vulnerability in the login page redirection logic in the Cache' Server Page (CSP) implementation in InterSystems Cache' 2007.1.0.369.0 and 2007.1.1.420.0 allows remote authenticated users to modify data on a server, related to encoding of certain parameter values by this redirection logic, aka MAK2116.

[CLOSE] OSVDB ID : 61539 - Disclosed: 2009-11-25

Description:

Cacti contains a flaw that may allow an attacker to execute arbitrary remote commands. The issue is triggered when a malicious user alters the Input String setting.

[CLOSE] OSVDB ID : 60588 - Disclosed: 2009-11-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8990 - Disclosed: 2004-08-18

Description:

Cacti contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sends a specially crafted URL or tries to access the auth.php script directly, which causes the server to display an error page which discloses path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8992 - Disclosed: 2004-08-18

Description:

A Path Disclosure Vulnerability has been found in Cacti, which can result, if exploited, in the disclosure of Cacti's instalation path.

[CLOSE] OSVDB ID : 77097 - Disclosed: 2011-09-25

Description:

Cacti contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the auth_login.php script not properly sanitizing user-supplied input to the 'login_username' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 8991 - Disclosed: 2004-08-18

Description:

Cacti contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sends specially crafted URL requests or attempts to directly access the auth_login.php script on the web server, which will disclose path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8989 - Disclosed: 2004-08-18

Description:

Cacti contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the username and password variables in the auth_login.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.