[CLOSE] OSVDB ID : 21179 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/domains.php script not properly sanitizing user-supplied input to the 'plan_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21187 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/ftp_users.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21191 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/htaccess.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21184 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/listcharges.php script not properly sanitizing user-supplied input to the 'customerPlanID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21189 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/pass_dirs.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21185 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/pop_accounts.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21182 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/referred_plans.php script not properly sanitizing user-supplied input to the 'ref_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21193 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Domain Availability' field upon submission to the /customers/register_domain.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 21192 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/software.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21180 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/viewinvoice.php script not properly sanitizing user-supplied input to the 'invoiceID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21181 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/viewplan.php script not properly sanitizing user-supplied input to the 'customerPlanID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21183 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/viewusage.php script not properly sanitizing user-supplied input to the 'plan_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21190 - Disclosed: 2005-11-25

Description:

drzes HMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /customers/zone_files.php script not properly sanitizing user-supplied input to the 'plan_id' or 'domain' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21743 - Disclosed: 2005-12-07

Description:

DRZES HMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'customerEmailAddress' variable upon submission to the login.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57336 - Disclosed: 2009-08-14

Description:

DS CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'DetailFile.php' script not properly sanitizing user-supplied input to the 'nFileId' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 49209 - Disclosed: 2008-10-20

Description:

DS-Syndicate Component for Joomla contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index2.php' script not properly sanitizing user-supplied input to the 'feed_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 65358 - Disclosed: 2010-05-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65357 - Disclosed: 2010-05-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65356 - Disclosed: 2010-05-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25735 - Disclosed: 2006-05-24

Description:

DSChat contains a flaw that may allow a malicious user to create a malicious PHP script with arbitrary content. The issue is triggered due to improper sanitization to the "Nickname" field when entering a chat before being used to create a file in the "users" directory. It is possible that the flaw may allow the creation of a malicious PHP script with arbitrary content resulting in a loss of integrity.

[CLOSE] OSVDB ID : 25734 - Disclosed: 2006-05-22

Description:

DSChat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ctext' variable upon submission to the send.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 23882 - Disclosed: 2006-03-12

Description:

DSCounter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the HTTP_X_FORWARDED_FOR variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23887 - Disclosed: 2006-03-12

Description:

DSDownload contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the downloads.php script not properly sanitizing user-supplied input to the 'key' and/or 'category' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23886 - Disclosed: 2006-03-12

Description:

DSDownload contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search.php script not properly sanitizing user-supplied input to the 'key' and/or 'category' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 69261 - Disclosed: 2010-11-11

Description:

DServe contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'dsqField' and 'srch_AnyText' parameters upon submission to the dserve.exe script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 66396 - Disclosed: 2010-07-15

Description:

DSite CMS contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'button_name' parameter upon submission to the 'admin/plugin.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 23896 - Disclosed: 2006-03-12

Description:

DSLogin contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php (or admin/index.php) script not properly sanitizing user-supplied input to the 'log_userid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19022 - Disclosed: 2004-05-18

Description:

(Description Provided by CVE) : Directory traversal vulnerability in explorer.php in DSM Light Web File Browser 2.0 allows remote attackers to read arbitrary files via .. (dot dot) in the wdir parameter.

[CLOSE] OSVDB ID : 23884 - Disclosed: 2006-03-12

Description:

DSNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the include/confirm.php script not properly sanitizing user-supplied input to the 'email' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 23883 - Disclosed: 2006-03-12

Description:

DSNewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the include/sub.php script not properly sanitizing user-supplied input to the 'email' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.