[CLOSE] OSVDB ID : 3445 - Disclosed: 2004-01-02

Description:

DansGuardian Webmin Module contains a flaw that allows a remote attacker to read arbitrary files outside of the web path. The issue is due to the edit.cgi script not properly sanitizing user input, supplied via the "file" variable.

[CLOSE] OSVDB ID : 40258 - Disclosed: 2008-01-15

Description:

Dansie Photo Album contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "search" variable upon submission to the photo_album.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 40246 - Disclosed: 2008-01-14

Description:

Dansie Search Engine contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "keywords" variables upon submission to the search.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 38367 - Disclosed: 2000-04-11

Description:

(Description Provided by CVE) : The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.

[CLOSE] OSVDB ID : 2686 - Disclosed: 2003-10-20

Description:

(Description Provided by CVE) : cart.pl in Dansie shopping cart allows remote attackers to obtain the installation path via an invalid db parameter, which leaks the path in an error message.

[CLOSE] OSVDB ID : 281 - Disclosed: 2000-04-11

Description:

(Description Provided by CVE) : The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.

[CLOSE] OSVDB ID : 38368 - Disclosed: 2000-04-11

Description:

(Description Provided by CVE) : The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.

[CLOSE] OSVDB ID : 38369 - Disclosed: 2000-04-11

Description:

(Description Provided by CVE) : Privacy leak in Dansie Shopping Cart 3.04, and probably earlier versions, sends sensitive information such as user credentials to an e-mail address controlled by the product developers.

[CLOSE] OSVDB ID : 17857 - Disclosed: 2005-07-06

Description:

(Description Provided by CVE) : Dansie Shopping Cart stores the vars.dat file under the web root with insufficient access control, which might allow remote attackers to obtain sensitive information such as program variables.

[CLOSE] OSVDB ID : 53715 - Disclosed: 2009-04-16

Description:

Danske Bank e-Sec Control Module ActiveX (DanskeSikker.ocx) is prone to an overflow condition. The ActiveX control fails to properly sanitize user-supplied input passed to an error logging function via certain methods, resulting in a stack-based buffer overflow. With a specially crafted web page instantiating the ActiveX control in a particular manner, a context-dependent attacker can execute arbitrary code on a user's system.

[CLOSE] OSVDB ID : 13275 - Disclosed: 2005-01-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2097 - Disclosed: 2003-06-16

Description:

The installion procedure for the Dantz Retrospect Client creates a new StartupItems subdirectory with world-writable permissions. A malicious local user could modify this script to perform any action they want with the privileges of the operating system.

[CLOSE] OSVDB ID : 11993 - Disclosed: 2004-11-19

Description:

(Description Provided by CVE) : NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO request.

[CLOSE] OSVDB ID : 1359 - Disclosed: 2000-04-12

Description:

(Description Provided by CVE) : The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.

[CLOSE] OSVDB ID : 21315 - Disclosed: 2005-11-25

Description:

DapperDesk contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'news.php' script not properly sanitizing user-supplied input to the 'page' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 38190 - Disclosed: 2007-05-20

Description:

(Description Provided by CVE) : The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.

[CLOSE] OSVDB ID : 38189 - Disclosed: 2007-05-20

Description:

(Description Provided by CVE) : The blowfish mode in DAR before 2.3.4 uses weak Blowfish-CBC cryptography by (1) discarding random bits by the blowfish::make_ivec function in libdar/crypto.cpp that results in predictable and repeating IV values, and (2) direct use of a password for keying, which makes it easier for context-dependent attackers to decrypt files.

[CLOSE] OSVDB ID : 51673 - Disclosed: 2009-01-13

Description:

Dark Age CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 16859 - Disclosed: 2005-04-23

Description:

(Description Provided by CVE) : Dark Age of Camelot before 1.68 live patch does not sign the RSA public key, which could allow remote malicious servers to gain sensitive information via a man-in-the-middle attack.

[CLOSE] OSVDB ID : 3014 - Disclosed: 2003-12-11

Description:

Mythic Entertainment's Dark Age of Camelot contains a weak encryption scheme that may lead to an unauthorized information disclosure. The issue is triggered when a malicous user sniffs and decrypts network traffic between the client and the server during login or registration. Billing information and login can be accessed by a third party with access to the http stream between the client and the server.

[CLOSE] OSVDB ID : 13060 - Disclosed: 2001-10-02

Description:

(Description Provided by CVE) : Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

[CLOSE] OSVDB ID : 86838 - Disclosed: 2012-10-12

Description:

DarkComet contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the program not properly sanitizing user-supplied input when performing a handshake with a new client. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation of arbitrary data.

[CLOSE] OSVDB ID : 86837 - Disclosed: 2012-10-12

Description:

DarkComet contains a flaw that is triggered during the handling of a QUICKUP request, which will allow a remote attacker specify an absolute path. The program fails to check the origin of the QUICKUP request, which will allow the attacker to gain read access to arbitrary files on the system that DarkComet has access to.

[CLOSE] OSVDB ID : 34723 - Disclosed: 2007-01-26

Description:

(Description Provided by CVE) : Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 34724 - Disclosed: 2007-01-26

Description:

(Description Provided by CVE) : Cross-zone scripting vulnerability in Darksky RSS bar for Internet Explorer before 1.29, RSS bar for Sleipnir before 1.29, and RSS bar for unDonut before 1.29 allows remote attackers to bypass Web content zone restrictions via certain script contained in RSS data. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 92149 - Disclosed: 2013-04-08

Description:

Dart Communications DartWebserver.Dll contains a flaw that may allow a remote denial of service. The issue is triggered during the parsing of a malformed HTTP request, which will result in a NULL pointer dereference. This may allow a remote attacker to crash the server.

[CLOSE] OSVDB ID : 85922 - Disclosed: 2012-09-28

Description:

Dart Comunications DartWebserver.Dll contains a flaw that may allow a remote denial of service. This issue is triggered when all usable stack space is exhausted during the parsing of an overly long web request. This will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 49254 - Disclosed: 2008-10-20

Description:

(Description Provided by CVE) : Buffer overflow in the ActiveX control (DartFtp.dll) in Dart Communications PowerTCP FTP for ActiveX 2.0.2 0 allows remote attackers to execute arbitrary code via a long SecretKey property.

[CLOSE] OSVDB ID : 38111 - Disclosed: 2007-05-24

Description:

(Description Provided by CVE) : Buffer overflow in the Dart Communications PowerTCP ZIP Compression ActiveX control in DartZip.dll 1.8.5.3, when Internet Explorer 6 is used, allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2855.

[CLOSE] OSVDB ID : 38110 - Disclosed: 2007-05-22

Description:

(Description Provided by CVE) : Buffer overflow in a certain ActiveX control in DartZipLite.dll 1.8.5.3 in Dart ZipLite Compression for ActiveX allows user-assisted remote attackers to execute arbitrary code via a long first argument to the QuickZip function, a related issue to CVE-2007-2856.