[CLOSE] OSVDB ID : 88596 - Disclosed: 2009-12-28

Description:

kscreensaver contains a flaw that is triggered during the handling of a key process containing Alt, SysRq, and F. This will cause the screen lock process to be terminated, which may allow a physically present attacker to bypass the screen lock feature by terminating the screen lock process.

[CLOSE] OSVDB ID : 44362 - Disclosed: 2008-04-10

Description:

Ksemail contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'lang' and 'language' variable(s).

[CLOSE] OSVDB ID : 43677 - Disclosed: 2008-03-19

Description:

(Description Provided by CVE) : The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols.

[CLOSE] OSVDB ID : 47977 - Disclosed: 2008-09-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28788 - Disclosed: 2006-05-21

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64324 - Disclosed: 2010-03-31

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

[CLOSE] OSVDB ID : 17065 - Disclosed: 1991-07-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 17066 - Disclosed: 1991-07-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47343 - Disclosed: 2008-08-06

Description:

Kshop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' variables upon submission to the 'Kshop_search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 34455 - Disclosed: 2007-04-01

Description:

(Description Provided by CVE) : SQL injection vulnerability in product_details.php in the Kshop 1.17 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 57542 - Disclosed: 2005-07-26

Description:

(Description Provided by CVE) : Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.

[CLOSE] OSVDB ID : 36517 - Disclosed: 2007-05-22

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the KSign KSignSWAT ActiveX Control (AxKSignSWAT.dll) 2.0.3.3 allow remote attackers to execute arbitrary code via long arguments to the (1) SWAT_Init, (2) SWAT_InitEx, (3) SWAT_InitEx2, (4) SWAT_InitEx3, and (5) SWAT_Login functions.

[CLOSE] OSVDB ID : 66686 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Stack-based buffer overflow in KSP 2006 FINAL allows remote attackers to execute arbitrary code via a long string in a .M3U playlist file.

[CLOSE] OSVDB ID : 57983 - Disclosed: 2009-09-10

Description:

(Description Provided by CVE) : Stack-based buffer overflow in KSP Sound Player 2009 R2 and R2.1 allows remote attackers to execute arbitrary code via a long string in a .m3u playlist file.

[CLOSE] OSVDB ID : 55789 - Disclosed: 2009-02-25

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the mt_codec::getHdrHead function in kernel/kls_hdr/fmt_codec_hdr.cpp in ksquirrel-libs 0.8.0 allow context-dependent attackers to execute arbitrary code via a crafted Radiance RGBE image (aka .hdr file).

[CLOSE] OSVDB ID : 18006 - Disclosed: 2002-02-11

Description:

(Description Provided by CVE) : KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not encrypt connections if the server does not support the requested encryption, which allows remote attackers to read communications via a man-in-the-middle attack.

[CLOSE] OSVDB ID : 18007 - Disclosed: 2002-02-11

Description:

(Description Provided by CVE) : The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and Kerberos V (Heimdal), does not encrypt authentication and encryption options sent from the server, which allows remote attackers to downgrade authentication and encryption mechanisms via a man-in-the-middle attack.

[CLOSE] OSVDB ID : 4897 - Disclosed: 2002-04-24

Description:

A remote overflow exists in KTH Kerberos 4 FTP Client. The FTP Client fails to do proper bounds checking while receiving a server response to a client request for passive mode, resulting in a heap overflow. By impersonating an FTP Server, an attacker can trigger the overflow on the FTP Client, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 4888 - Disclosed: 2000-12-08

Description:

(Description Provided by CVE) : KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.

[CLOSE] OSVDB ID : 4889 - Disclosed: 2000-12-08

Description:

(Description Provided by CVE) : KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.

[CLOSE] OSVDB ID : 4890 - Disclosed: 2000-12-08

Description:

When the ticket creating process of Kerberos writes temporary files to the /tmp directory, it uses predictable file names. These file names can be anticipated by an attacker who can create a symbolic link utilizing this name. This could enable the attacker to overwrite system files as root, thus causing a Denial of Service.

[CLOSE] OSVDB ID : 21161 - Disclosed: 2005-11-26

Description:

A local overflow exists in ktools. The 'VGETSTRING()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 33980 - Disclosed: 2007-03-09

Description:

(Description Provided by CVE) : chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.

[CLOSE] OSVDB ID : 33981 - Disclosed: 2007-03-09

Description:

(Description Provided by CVE) : Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.

[CLOSE] OSVDB ID : 49356 - Disclosed: 2008-10-27

Description:

(Description Provided by CVE) : The web interface plugin in KTorrent before 3.1.4 allows remote attackers to bypass intended access restrictions and upload arbitrary torrent files, and trigger the start of downloads and seeding, via a crafted HTTP POST request.

[CLOSE] OSVDB ID : 49357 - Disclosed: 2008-10-27

Description:

(Description Provided by CVE) : Eval injection vulnerability in the web interface plugin in KTorrent before 3.1.4 allows remote attackers to execute arbitrary PHP code via unspecified parameters to this interface's PHP scripts.

[CLOSE] OSVDB ID : 50477 - Disclosed: 2008-12-01

Description:

KTP Computer Customer Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an Unspecified script not properly sanitizing user-supplied input to the 'lname' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 50478 - Disclosed: 2008-11-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the p parameter to the default URI.

[CLOSE] OSVDB ID : 50476 - Disclosed: 2008-12-01

Description:

KTP Computer Customer Database contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an Unspecified script not properly sanitizing user-supplied input to the 'tid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 5132 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.