[CLOSE] OSVDB ID : 11919 - Disclosed: 2004-11-08

Description:

Cscope contains a flaw that may allow a malicious user to predict an upcoming temporary filename and use a symlink attack to cause corruption and removal of arbitrary system files. The product utilizes the directory found in the environment variable "TMPDIR" to store it's temporary files. During creation of these temporary files, cscope adheres to a predictable naming scheme for the filenames and does not check for an existing file by the chosen name. This issue may result in a loss of integrity.

[CLOSE] OSVDB ID : 24146 - Disclosed: 2006-03-26

Description:

(Description Provided by CVE) : Format string vulnerability in the PrintString function in c_console.cpp in client/server Doom (csDoom) 0.7 and earlier allows remote attackers cause a denial of service and possibly execute arbitrary commands via format string specifiers in strings passed to the console.

[CLOSE] OSVDB ID : 24144 - Disclosed: 2006-03-26

Description:

(Description Provided by CVE) : Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function.

[CLOSE] OSVDB ID : 24145 - Disclosed: 2006-03-26

Description:

(Description Provided by CVE) : Buffer overflow in client/server Doom (csDoom) 0.7 and earlier allows remote attackers to (1) cause a denial of service via a long nickname or teamname to the SV_SetupUserInfo function or (2) execute arbitrary code via a long string sent when joining a match or a long chat message to the SV_BroadcastPrintf function.

[CLOSE] OSVDB ID : 72868 - Disclosed: 2011-03-22

Description:

CSE-Semaphore TBOX Lite 200 contains a flaw related to the 'tcomm.dll' library. The issue is triggered when a remote attacker supplies a specially crafted VBScript. This may allow an attacker to bypass authentication settings.

[CLOSE] OSVDB ID : 7305 - Disclosed: 2004-05-23

Description:

(Description Provided by CVE) : csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.

[CLOSE] OSVDB ID : 14706 - Disclosed: 2005-02-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43 - Disclosed: 1999-12-29

Description:

(Description Provided by CVE) : Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

[CLOSE] OSVDB ID : 12953 - Disclosed: 1998-07-08

Description:

(Description Provided by CVE) : Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a denial of service (crash) via a long string to the FTP port.

[CLOSE] OSVDB ID : 79491 - Disclosed: 2012-02-24

Description:

Csound is prone to an overflow condition. The getnum() function in util/heti_main.c fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted hetro file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 81015 - Disclosed: 2012-04-04

Description:

Csound is prone to an overflow condition. The main() function in util/lpci_main.c fails to properly sanitize user-supplied input resulting in a heap-based and stack-based buffer overflow. When the user converts a specially craft file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 79492 - Disclosed: 2012-02-23

Description:

Csound is prone to an overflow condition. The getnum() function in util/pv_import.c fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted PVOC file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 81016 - Disclosed: 2012-04-04

Description:

Csound is prone to an overflow condition. The pv_import() function in util/pv_import.c fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. When the user converts a specially crafted file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 49349 - Disclosed: 2008-10-23

Description:

CSPartner contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the gestion.php script not properly sanitizing user-supplied input to the 'pseudo' and 'pass' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 47345 - Disclosed: 2008-07-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter.

[CLOSE] OSVDB ID : 85875 - Disclosed: 2012-09-29

Description:

CSS Plus Plugin for WordPress contains multiple unspecified flaws. No further details have been provided.

[CLOSE] OSVDB ID : 78793 - Disclosed: 2012-02-02

Description:

CSS styled Filelinks Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 62735 - Disclosed: 2010-03-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 761 - Disclosed: 2002-03-25

Description:

(Description Provided by CVE) : csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

[CLOSE] OSVDB ID : 66237 - Disclosed: 2010-07-12

Description:

CSSTidy contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'url' parameter upon submission to the 'css_optimiser.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 88291 - Disclosed: 2012-11-25

Description:

CStar Design Theme for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /wp-content/themes/cstardesign/swf/flashmo/flashmoXML.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 69104 - Disclosed: 2010-10-22

Description:

CSTR Festival contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when 'festival_server' places a zero-length directory name in the LD_LIBRARY_PATH, allowing a local attacker to use a Trojan horse shared library in the current working directory to gain elevated privileges.

[CLOSE] OSVDB ID : 38622 - Disclosed: 2007-03-11

Description:

The Festival server is vulnerable to unauthenticated remote code execution. The Festival server which can be started using festival --server is vulnerable to unauthenticated remote command execution due to the inclusion of a scheme interpreter.

[CLOSE] OSVDB ID : 3452 - Disclosed: 2004-01-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21316 - Disclosed: 2005-11-25

Description:

cSupport contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'tickets.php' script not properly sanitizing user-supplied input to the 'pg' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 12438 - Disclosed: 2004-12-16

Description:

(Description Provided by CVE) : Buffer overflow in the get_field_headers function in csv2xml.cpp for csv2xml 0.5.1 allows remote attackers to execute arbitrary code via a crafted CSV file.

[CLOSE] OSVDB ID : 17604 - Disclosed: 2005-06-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14180 - Disclosed: 2001-12-11

Description:

(Description Provided by CVE) : csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter.

[CLOSE] OSVDB ID : 76777 - Disclosed: 2011-10-27

Description:

(Description Provided by CVE) : The LiveData Service in CSWorks before 2.0.4115.1 allows remote attackers to cause a denial of service (service crash) via crafted TCP packets.

[CLOSE] OSVDB ID : 77497 - Disclosed: 2011-11-29

Description:

(Description Provided by CVE) : apps/a3/cfg_ethping.cgi in the Ctek SkyRouter 4200 and 4300 allows remote attackers to execute arbitrary commands via shell metacharacters in the PINGADDRESS parameter for a "u" action.