[CLOSE] OSVDB ID : 34244 - Disclosed: 2006-11-07

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

[CLOSE] OSVDB ID : 90629 - Disclosed: 2013-02-18

Description:

IPMap for iPhone / iPad contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the program does not properly verify or sanitize user-uploaded files. By uploading a .php file with multiple file extensions (e.g. myfile.php.gif), the upload will bypass the sanity check restricting file uploads. Once uploaded, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script with the privileges of the web server.

[CLOSE] OSVDB ID : 11743 - Disclosed: 2003-08-20

Description:

(Description Provided by CVE) : ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.

[CLOSE] OSVDB ID : 5788 - Disclosed: 2004-04-19

Description:

ipmenu contains a flaw that may allow a malicious user to arbirary overwrite files. The problem is that the program creates the ipmenu.log file with insecure permissions. It is possible that the flaw may allow a malicious user to create a symlink from this file and arbitrary overwrite files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 58231 - Disclosed: 2006-10-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58229 - Disclosed: 2006-08-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58232 - Disclosed: 2007-05-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58153 - Disclosed: 2007-08-27

Description:

ipMonitor contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the ipMonitor not properly sanitizing user input, specifically directory traversal style attacks (../../) using the '2f..' sequence.

[CLOSE] OSVDB ID : 58228 - Disclosed: 2005-07-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58230 - Disclosed: 2006-08-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 58227 - Disclosed: 2004-05-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 50671 - Disclosed: 2008-12-07

Description:

(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in admin/settings.php in IPN Pro 3 1.44 and earlier allows remote attackers to change the admin password via a logout action in conjunction with the admin_id, newpass_1, and newpass_2 parameters.

[CLOSE] OSVDB ID : 14837 - Disclosed: 2005-03-16

Description:

(Description Provided by CVE) : ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 368 - Disclosed: 2000-07-14

Description:

ipop2d contains a flaw that may allow a malicious user to retrieve arbitrary files. The issue is triggered when using the 'fold' command, which could allow a malicious user with a POP account to retrieve any world or group readable files resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 39861 - Disclosed: 2007-12-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp.

[CLOSE] OSVDB ID : 39860 - Disclosed: 2007-12-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in IPortalX before Build 033 allow remote attackers to inject arbitrary web script or HTML via the (1) KW and (2) SF parameters to forum/login_user.asp, and (3) the Date parameter to blogs.asp.

[CLOSE] OSVDB ID : 26523 - Disclosed: 2006-06-15

Description:

iPostMX contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'RETURNURL' variable upon submission to the account.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 31846 - Disclosed: 2006-06-15

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determing the cause of the removal.

[CLOSE] OSVDB ID : 31847 - Disclosed: 2006-06-15

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in iPostMX 2005 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) forum parameter in messagepost.cfm and (2) topic parameter in topics.cfm. NOTE: this item was created based on information in a blog entry that was apparently removed after CVE analysis. As of 20060619, CVE is attempting to determing the cause of the removal.

[CLOSE] OSVDB ID : 26522 - Disclosed: 2006-06-15

Description:

iPostMX contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'RETURNURL' variable upon submission to the userlogin.cfm script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 54600 - Disclosed: 2009-05-20

Description:

IPplan contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the grp parameter upon submission to the admin/usermanager script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 54601 - Disclosed: 2009-05-20

Description:

IPplan contains a flaw that allows a remote Cross-Site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps and/or confirmation for sensitive transactions for administrative functions such as changing passwords or adding/deleting users. By using a crafted URL (e.g. a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 11109 - Disclosed: 2004-10-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30227 - Disclosed: 2006-11-06

Description:

(Description Provided by CVE) : admin/index.php in IPrimal Forums as of 20061105 allows remote attackers to bypass authentication and modify user passwords via a direct request, possibly related to an authentication issue in admin/chk_admin.php.

[CLOSE] OSVDB ID : 30228 - Disclosed: 2006-11-06

Description:

iPrimal Forums contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'p' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 9791 - Disclosed: 2002-08-10

Description:

iPROSITE Web Shop Manager contains a flaw that may allow a malicious user to execute arbitrary commands on the server due to a insufficient input filtering. The issue is triggered when a user submits a specially crafted value in Web Shop Manager's search box using the pipe (|) character. It is possible that the flaw may allow arbitrary code execution on the server at the privilege level of the web server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 20272 - Disclosed: 2001-12-05

Description:

(Description Provided by CVE) : IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header.

[CLOSE] OSVDB ID : 12781 - Disclosed: 2005-01-10

Description:

Iproute2 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious attacker creates a symlink between arbitrary files and the temporary files created by the netbug script occurs. This flaw may lead to a loss of Integrity.

[CLOSE] OSVDB ID : 61003 - Disclosed: 2005-11-14

Description:

(Description Provided by CVE) : Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.

[CLOSE] OSVDB ID : 14776 - Disclosed: 2005-03-12

Description:

(Description Provided by CVE) : The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.