[CLOSE] OSVDB ID : 92629 - Disclosed: 2013-04-19

Description:

I Believe - I Do Not Believe for Android (air.YesNoBotiki) by RoyalGames Ltd has been found to contain the BadNews malware. The BadNews family of malware is designed to look like a standard advertising network SDK and can be found in a variety of applications. Once installed into an application, it has the ability to spoof news messages, prompt users to install arbitrary applications, send sensitive information to a remote server, or push additional malware to the device. In this case, the software was using AlphaSMS malware to send premium-rate SMS messages.

[CLOSE] OSVDB ID : 42396 - Disclosed: 2007-11-20

Description:

(Description Provided by CVE) : I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.

[CLOSE] OSVDB ID : 42395 - Disclosed: 2007-11-20

Description:

(Description Provided by CVE) : I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.

[CLOSE] OSVDB ID : 8105 - Disclosed: 2004-07-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 90746 - Disclosed: 2013-03-01

Description:

i-doit contains a flaw that allows multiple remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 54079 - Disclosed: 2009-02-19

Description:

i-dreams GB Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a direct request to the admin.dat file occurs, which will disclose sensitive system information including the administrator user name and password resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 54080 - Disclosed: 2009-02-19

Description:

i-dreams Guestbook contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a direct request to the admin.dat file occurs, which will disclose sensitive system information including the administrator user name and password resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 54078 - Disclosed: 2009-02-19

Description:

i-dreams Mailer contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a direct request to the admin.dat file occurs, which will disclose sensitive system information including the administrator user name and password resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 1388 - Disclosed: 2000-06-07

Description:

(Description Provided by CVE) : Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.

[CLOSE] OSVDB ID : 56858 - Disclosed: 2009-08-06

Description:

I-Escorts Agency / Directory contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the escorts_search.php script not properly sanitizing user-supplied input to the 'search_name' and 'languages' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 64561 - Disclosed: 2009-08-06

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script allow remote attackers to inject arbitrary web script or HTML via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 61397 - Disclosed: 2009-12-30

Description:

I-Escorts Directory contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'country_escorts.php' script not properly sanitizing user-supplied input to the 'country_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 17400 - Disclosed: 2005-06-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in folderview.asp for Blue-Collar Productions i-Gallery 3.3 allows remote attackers to read arbitrary files and directories via the folder parameter.

[CLOSE] OSVDB ID : 17401 - Disclosed: 2005-06-20

Description:

i-Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'folder' variable upon submission to the 'folderview.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26412 - Disclosed: 2006-06-09

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp.

[CLOSE] OSVDB ID : 43628 - Disclosed: 2007-10-23

Description:

(Description Provided by CVE) : Directory traversal vulnerability in igallery.asp in Blue-Collar Productions i-Gallery 3.4 allows remote attackers to read arbitrary files via encoded backslash sequences in the d parameter, as demonstrated by a "%5c../../%5c" sequence.

[CLOSE] OSVDB ID : 30489 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 43629 - Disclosed: 2007-10-23

Description:

(Description Provided by CVE) : Blue-Collar Productions i-Gallery 3.4 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a file containing a base64-encoded password via a direct request for igallery.mdb.

[CLOSE] OSVDB ID : 26411 - Disclosed: 2006-06-09

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 4.1 PLUS and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) n and (2) d parameters in (a) login.asp and the d parameter in (b) igallery.asp.

[CLOSE] OSVDB ID : 30490 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. NOTE: some of these details are obtained from third party information.

[CLOSE] OSVDB ID : 88772 - Disclosed: 2012-12-27

Description:

i-GEN opLYNX contains a flaw that is triggered when an unspecified error occurs in the Central application. This may allow a remote attacker to bypass authentication and gain access to potentially sensitive information or manipulate arbitrary system settings.

[CLOSE] OSVDB ID : 16968 - Disclosed: 2005-05-31

Description:

(Description Provided by CVE) : I-Man 0.9, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by uploading a file attachment with a .php extension.

[CLOSE] OSVDB ID : 66275 - Disclosed: 2010-07-13

Description:

i-Net Enquiry Management Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'viewaddedenquiry.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 65967 - Disclosed: 2010-06-27

Description:

i-netsolution Job Search Engine contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'show_search_result.php' script not properly sanitizing user-supplied input to the 'keyword' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 50183 - Disclosed: 2008-11-26

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in I-O DATA DEVICE HDL-F160, HDL-F250, HDL-F300, and HDL-F320 firmware before 1.02 allows remote attackers to (1) change a configuration or (2) delete files as an authenticated user via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 50853 - Disclosed: 2008-12-18

Description:

I-Rater Basic contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the messages.php script not properly sanitizing user-supplied input to the idp parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25582 - Disclosed: 2006-04-28

Description:

(Description Provided by CVE) : PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a different vector, and possibly a different vulnerability, than CVE-2006-1929.

[CLOSE] OSVDB ID : 53896 - Disclosed: 2009-04-21

Description:

I-Rater Platinum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admincp/login.php script not properly sanitizing user-supplied input to the txtname variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 24777 - Disclosed: 2006-04-20

Description:

I-RATER Platinum contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'include/common.php' script not properly sanitizing user input supplied to the 'include_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 53895 - Disclosed: 2009-04-21

Description:

I-Rater Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.php script not properly sanitizing user-supplied input to the login_username. This may allow an attacker to inject or manipulate SQL queries in the back-end database.