[CLOSE] OSVDB ID : 63646 - Disclosed: 2010-01-08

Description:

(Description Provided by CVE) : Array index error in the (1) dtoa implementation in dtoa.c (aka pdtoa.c) and the (2) gdtoa (aka new dtoa) implementation in gdtoa/misc.c in libc, as used in multiple operating systems and products including in FreeBSD 6.4 and 7.2, NetBSD 5.0, OpenBSD 4.5, Mozilla Firefox 3.0.x before 3.0.15 and 3.5.x before 3.5.4, K-Meleon 1.5.3, SeaMonkey 1.1.8, and other products, allows context-dependent attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large precision value in the format argument to a printf function, which triggers incorrect memory allocation and a heap-based buffer overflow during conversion to a floating-point number.

[CLOSE] OSVDB ID : 4927 - Disclosed: 2003-03-20

Description:

J Walk contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the supplied web server not properly sanitizing user input, specifically traversal style attacks (../../) in the URL, when encoded in part as an escaped Unicode string.

[CLOSE] OSVDB ID : 39060 - Disclosed: 2007-08-03

Description:

J! Reactions for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'langset.php' script not properly sanitizing user input supplied to the 'comPath' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 73699 - Disclosed: 2010-12-18

Description:

J!Research Component (com_jresearch) for Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input related to descriptions before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 63147 - Disclosed: 2010-03-24

Description:

J!Research Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) and URL-encoded NULL bytes, supplied to the 'controller' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 63576 - Disclosed: 2010-04-07

Description:

J!WHMCS Integrator Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../)and URL-encoded NULL bytes, supplied to the 'controller' parameter (when "option" is set to "com_jwhmcs"). This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 36993 - Disclosed: 2006-12-08

Description:

(Description Provided by CVE) : execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 31855 - Disclosed: 2006-12-07

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter.

[CLOSE] OSVDB ID : 13794 - Disclosed: 2000-12-14

Description:

(Description Provided by CVE) : The installation of J-Pilot creates the .jpilot directory with the user's umask, which could allow local attackers to read other users' PalmOS backup information if their umasks are not securely set.

[CLOSE] OSVDB ID : 33117 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in jwpn-photos.php in J-Web Pics Navigator 2.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

[CLOSE] OSVDB ID : 33118 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in pn-menu.php in J-Web Pics Navigator 1.0 allows remote attackers to list arbitrary directories via a .. (dot dot) in the dir parameter.

[CLOSE] OSVDB ID : 28584 - Disclosed: 2006-09-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 46543 - Disclosed: 2008-06-23

Description:

(Description Provided by CVE) : Unspecified vulnerability in includes/classes/page.php in j00lean-CMS 1.03 has unknown impact and attack vectors.

[CLOSE] OSVDB ID : 3072 - Disclosed: 2003-12-16

Description:

Sun J2EE Reference Implementation on Windows contains a flaw that may allow a malicious user to execute arbitrary files on the host. The issue is triggered when specially crafted SQL statements are issued. It is possible that the flaw may allow DoS or information disclosure, resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 43211 - Disclosed: 2004-07-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63802 - Disclosed: 2010-04-14

Description:

JA Comment Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'view' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 63724 - Disclosed: 2010-04-11

Description:

JA JobBoard Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the "controller" and "view" parameters (when "option" is set to "com_jajobboard"). This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 62970 - Disclosed: 2010-03-16

Description:

JA News Component for Joomla! contains a flaw that may allow a remote attacker to disclose potentially sensitive information. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) and URL-encoded NULL bytes, supplied to the 'controller' parameter (when "option" is set to "com_janews") . This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 51310 - Disclosed: 2009-01-11

Description:

JA Showcase Component for Joomla! contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the catid parameter when when the option parameter is equal to com_jashowcase and the view parameter is equal to jashowcase. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 62827 - Disclosed: 2010-01-10

Description:

JA Showcase Component for Joomla! contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'controller' parameter (when "option" is set to "com_jashowcase"). This directory traversal attack would allow the attacker to include arbitrary files from local resources.

[CLOSE] OSVDB ID : 81180 - Disclosed: 2012-04-15

Description:

JA T3 Framework Component for Joomla! contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'file' parameter. This directory traversal attack would allow the attacker to view arbitrary files.

[CLOSE] OSVDB ID : 63599 - Disclosed: 2010-04-09

Description:

JA Voice Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) and URL-encoded NULL bytes, supplied to the 'view' parameter (when "option" is set to "com_javoice"). This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 13807 - Disclosed: 2001-02-07

Description:

A local overflow exists in ja-elvis .The ja-elvis contain an exploitable buffer overflow in the elvrec utility.Because elvrec is setuid root,With a specially crafted request unprivileged local users may gain root privileges on the local system ,resulting in a loss of confidentiality, integrity, and availability.

[CLOSE] OSVDB ID : 81282 - Disclosed: 2012-04-20

Description:

JA-Programacao CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the lerNoticia.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 81283 - Disclosed: 2012-04-20

Description:

JA-Programacao CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the lerNoticia.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 81284 - Disclosed: 2012-04-20

Description:

JA-Programacao CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the produtos/ script not properly sanitizing user-supplied input to the 'divisao' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 81285 - Disclosed: 2012-04-20

Description:

JA-Programacao CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'divisao' parameter upon submission to the produtos/ script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 81286 - Disclosed: 2012-04-20

Description:

JA-Programacao CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'txtProcurar' parameter upon submission to the txtProcurar.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 6990 - Disclosed: 2001-02-07

Description:

(Description Provided by CVE) : Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.

[CLOSE] OSVDB ID : 31761 - Disclosed: 2006-12-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in pbguestbook.php in JAB Guest Book allows remote attackers to inject arbitrary web script or HTML via the author parameter.