[CLOSE] OSVDB ID : 10336 - Disclosed: 2004-09-27

Description:

FreezingCold Broadboard contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "keywords" variable in the search.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 2373 - Disclosed: 2003-08-06

Description:

aspBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "url" variables upon submission to the application. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 85874 - Disclosed: 2012-09-29

Description:

Frei-Chat contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the client/plugins/upload/upload.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script.

[CLOSE] OSVDB ID : 66628 - Disclosed: 2010-07-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the (1) FreiChat component before 2.1.2 for Joomla! and the (2) FreiChatPure component before 1.2.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML by entering it in an unspecified window.

[CLOSE] OSVDB ID : 34308 - Disclosed: 2006-10-16

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in language/lang/lang_contact_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

[CLOSE] OSVDB ID : 29749 - Disclosed: 2006-10-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in language/lang_french/lang_prillian_faq.php in the Prillian French 0.8.0 and earlier module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 38151 - Disclosed: 2007-05-27

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.

[CLOSE] OSVDB ID : 38152 - Disclosed: 2007-05-27

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Frequency Clock 0.1b (Beta 0.1) allow remote attackers to execute arbitrary PHP code via a URL in the securelib parameter to (1) conf.php or (2) cp2.php.

[CLOSE] OSVDB ID : 49849 - Disclosed: 2008-11-10

Description:

Fresh Email Script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the email variable upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57332 - Disclosed: 2008-11-10

Description:

Fresh Email Script contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'url.php' script not properly sanitizing user input supplied to the 'tmp_sid' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 68667 - Disclosed: 2010-10-11

Description:

Fresh FTP contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the filename specifier not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via file names. This directory traversal attack would allow the attacker to create arbitrary files.

[CLOSE] OSVDB ID : 90687 - Disclosed: 2013-02-27

Description:

Fresh Theme for Drupal contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input related to the 3 slide gallery before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 35385 - Disclosed: 2007-04-25

Description:

(Description Provided by CVE) : Buffer overflow in Fresh View 7.15 allows user-assisted remote attackers to execute arbitrary code via a crafted .PSP file.

[CLOSE] OSVDB ID : 49878 - Disclosed: 2008-09-28

Description:

Freshlinks Module for PHP-Fusion contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'linkid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 32923 - Disclosed: 2007-01-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the RSS feed component in FreshReader before 1.0.07010600 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to tag attributes.

[CLOSE] OSVDB ID : 37818 - Disclosed: 2001-02-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55166 - Disclosed: 2009-06-17

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.

[CLOSE] OSVDB ID : 55196 - Disclosed: 2009-06-17

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in FretsWeb 1.2 allow remote attackers to read arbitrary files via directory traversal sequences in the (1) language parameter to charts.php and the (2) fretsweb_language cookie parameter to unspecified vectors, possibly related to admin/common.php.

[CLOSE] OSVDB ID : 55167 - Disclosed: 2009-06-17

Description:

Fretsweb contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'player.php' script not properly sanitizing user-supplied input to the 'name' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 55168 - Disclosed: 2009-06-17

Description:

Fretsweb contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'song.php' script not properly sanitizing user-supplied input to the 'hash' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 53681 - Disclosed: 2009-04-13

Description:

FreznoShop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'product_details.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18686 - Disclosed: 2005-08-09

Description:

FreznoShop contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'product_details.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 3335 - Disclosed: 2004-01-06

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in search.php for FreznoShop 1.3.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

[CLOSE] OSVDB ID : 34464 - Disclosed: 2007-03-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in view.php in the Friendfinder 3.3 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 37658 - Disclosed: 2007-05-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

[CLOSE] OSVDB ID : 37657 - Disclosed: 2007-05-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

[CLOSE] OSVDB ID : 37659 - Disclosed: 2007-05-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

[CLOSE] OSVDB ID : 37660 - Disclosed: 2007-05-06

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Friendly 1.0d1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the friendly_path parameter to (1) core/data/yaml.inc.php, or _load.php in (2) core/data/, (3) core/display/, or (4) core/support/.

[CLOSE] OSVDB ID : 48104 - Disclosed: 2008-08-28

Description:

(Description Provided by CVE) : Heap-based buffer overflow in a certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to execute arbitrary code via a long third argument to the CreateURLShortcut method.

[CLOSE] OSVDB ID : 48142 - Disclosed: 2008-08-28

Description:

(Description Provided by CVE) : A certain ActiveX control in fwRemoteCfg.dll 3.3.3.1 in Friendly Technologies FriendlyPPPoE Client 3.0.0.57 allows remote attackers to (1) create and read arbitrary registry values via the RegistryValue method, and (2) read arbitrary files via the GetTextFile method.