[CLOSE] OSVDB ID : 38989 - Disclosed: 2007-07-16

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Ex Libris ALEPH allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to a URL that can be discovered through a keyword search. NOTE: this may be related to the MetaLib XSS issue, CVE-2007-3835.

[CLOSE] OSVDB ID : 56519 - Disclosed: 1997-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29873 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 44244 - Disclosed: 2008-04-08

Description:

(Description Provided by CVE) : Directory traversal vulnerability in modules/threadstop/threadstop.php in ExBB Italia 0.22 and earlier, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the exbb[default_lang] parameter.

[CLOSE] OSVDB ID : 44243 - Disclosed: 2008-04-08

Description:

(Description Provided by CVE) : ExBB Italia 0.22 and earlier only checks GET requests that use the QUERY_STRING for certain path manipulations, which allows remote attackers to bypass this check via (1) POST or (2) COOKIE variables, a different vector than CVE-2006-4488. NOTE: this can be leveraged to conduct PHP remote file inclusion attacks via a URL in the (a) new_exbb[home_path] or (b) exbb[home_path] parameter to modules/threadstop/threadstop.php.

[CLOSE] OSVDB ID : 28251 - Disclosed: 2006-08-29

Description:

ExBB Italia contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to userstop.php not properly sanitizing user input supplied to the 'exbb[home_path]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 13056 - Disclosed: 2005-01-19

Description:

ExBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate style variables when evaulating BBCode. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 29877 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 29876 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 29878 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 29875 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 29874 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 29879 - Disclosed: 2006-08-30

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in ExBB 1.9.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the exbb[home_path] parameter in files in the modules directory including (1) birstday/birst.php (2) birstday/select.php, (3) birstday/profile_show.php, (4) newusergreatings/pm_newreg.php, (5) punish/p_error.php, (6) punish/profile.php, and (7) threadstop/threadstop.php. NOTE: the (8) modules/userstop/userstop.php vector might overlap CVE-2006-4488, although it is for a slightly different product from the same vendor.

[CLOSE] OSVDB ID : 6304 - Disclosed: 2004-05-21

Description:

Hummingbird Exceed contains a flaw that may allow a malicious user to bypass certain restrictions. The issue is triggered due to an unspecified error within Xconfig, which may allow a malicious user to edit settings that are normally disabled through the Mandatory Settings list and bypass security restrictions. No further details have been provided.

[CLOSE] OSVDB ID : 38112 - Disclosed: 2007-05-20

Description:

Excel Parser Pro contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'sample/xls2mysql' script not properly sanitizing user input supplied to the 'parser_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 34333 - Disclosed: 2007-05-02

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the ExcelOCX ActiveX control in ExcelViewer.ocx 3.1.0.6 allow remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long (1) DoOleCommand, (2) FTPDownloadFile, (3) FTPUploadFile, (4) HttpUploadFile, (5) Save, (6) SaveWebFile, (7) HttpDownloadFile, (8) Open, or (9) OpenWebFile property value. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 55650 - Disclosed: 2009-01-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55 - Disclosed: 1998-01-16

Description:

(Description Provided by CVE) : Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.

[CLOSE] OSVDB ID : 9859 - Disclosed: 1998-11-30

Description:

(Description Provided by CVE) : Excite for Web Servers (EWS) 1.1 allows local users to gain privileges by obtaining the encrypted password from the world-readable Architext.conf authentication file and replaying the encrypted password in an HTTP request to AT-generated.cgi or AT-admin.cgi.

[CLOSE] OSVDB ID : 9858 - Disclosed: 1998-11-30

Description:

(Description Provided by CVE) : Excite for Web Servers (EWS) 1.1 installs the Architext.conf authentication file with world-writeable permissions, which allows local users to gain access to Excite accounts by modifying the file.

[CLOSE] OSVDB ID : 9860 - Disclosed: 1998-11-30

Description:

(Description Provided by CVE) : Excite for Web Servers (EWS) 1.1 records the first two characters of a plaintext password in the beginning of the encrypted password, which makes it easier for an attacker to guess passwords via a brute force or dictionary attack.

[CLOSE] OSVDB ID : 86989 - Disclosed: 2012-08-01

Description:

Excluded Users Module for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the 'user name' and 'email address' fields before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 45935 - Disclosed: 2008-05-24

Description:

(Description Provided by CVE) : SQL injection vulnerability in pwd.asp in Excuse Online allows remote attackers to execute arbitrary SQL commands via the pID parameter.

[CLOSE] OSVDB ID : 14627 - Disclosed: 2005-01-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14139 - Disclosed: 2005-02-23

Description:

(Description Provided by CVE) : eXeem 0.21 stores sensitive information such as passwords in plaintext in the Exeem registry key, which allows local users to gain privileges via the proxy_user and proxy_password values.

[CLOSE] OSVDB ID : 46242 - Disclosed: 2008-06-18

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 46243 - Disclosed: 2008-06-18

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 46244 - Disclosed: 2008-06-18

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 46245 - Disclosed: 2008-06-18

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 46246 - Disclosed: 2008-06-18

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in Exero CMS 1.0.0 and 1.0.1 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the theme parameter to (1) custompage.php, (2) errors/404.php, (3) members/memberslist.php, (4) members/profile.php, (5) news/fullview.php, (6) news/index.php, (7) nopermission.php, (8) usercp/avatar.php, or (9) usercp/editpassword.php in themes/Default/. NOTE: some of these details are obtained from third party information.