[CLOSE] OSVDB ID : 9228 - Disclosed: 2002-08-14

Description:

(Description Provided by CVE) : Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when the "Enable HTML in messages" option is on, allows remote attackers to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.

[CLOSE] OSVDB ID : 10113 - Disclosed: 2002-08-13

Description:

L-Forum contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search.php' script not properly sanitizing user-supplied input to the 'search' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 14493 - Disclosed: 2002-08-14

Description:

(Description Provided by CVE) : L-Forum 2.40 and earlier does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote attackers to read arbitrary files.

[CLOSE] OSVDB ID : 17112 - Disclosed: 1997-11-13

Description:

LISTSERV contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends the "lists" command (and possibly others). The list manager will return mail with valid mail lists, as well as other system information including the CPU type and machine load. This may disclose the remote operating system which can assist an attacker in more focused attacks.

[CLOSE] OSVDB ID : 16852 - Disclosed: 2005-05-25

Description:

(Description Provided by CVE) : Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and 1.8d allow remote attackers to execute arbitrary code or cause a denial of service. NOTE: this candidate may be SPLIT in the future when more precise technical details become available.

[CLOSE] OSVDB ID : 11512 - Disclosed: 1994-01-01

Description:

(Description Provided by CVE) : Buffer overflow in listserv allows arbitrary command execution.

[CLOSE] OSVDB ID : 3223 - Disclosed: 2003-12-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23684 - Disclosed: 2006-03-03

Description:

(Description Provided by CVE) : Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. NOTE: technical details will be released after the grace period has ended on 20060603.

[CLOSE] OSVDB ID : 1311 - Disclosed: 2000-05-05

Description:

(Description Provided by CVE) : Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.

[CLOSE] OSVDB ID : 1470 - Disclosed: 2000-07-17

Description:

(Description Provided by CVE) : Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.

[CLOSE] OSVDB ID : 915 - Disclosed: 1999-01-06

Description:

L0phtCrack contains a flaw that may allow a local attacker to obtain password hashes of systems being tested. The issue is due to the program storing information in the /tmp directory, in files accessable to anyone.

[CLOSE] OSVDB ID : 20140 - Disclosed: 2001-11-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 55765 - Disclosed: 2009-01-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6726 - Disclosed: 2004-06-07

Description:

A remote overflow exists in l2tpd. The l2tpd program fails to check the boundary in the write_packet() function in control.c, resulting in a buffer overflow. By establishing an L2TP tunnel and then sending a specially crafted packet, a remote attacker can overflow a buffer, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 55135 - Disclosed: 2003-03-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5062 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.

[CLOSE] OSVDB ID : 5061 - Disclosed: 2004-04-08

Description:

(Description Provided by CVE) : Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.

[CLOSE] OSVDB ID : 31780 - Disclosed: 2006-12-05

Description:

(Description Provided by CVE) : Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet.

[CLOSE] OSVDB ID : 15918 - Disclosed: 2005-04-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7351 - Disclosed: 2003-05-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5119 - Disclosed: 2002-04-19

Description:

LabVIEW contains a flaw that may allow a remote denial of service. The issue is triggered when a client sends a malformed HTTP request, using two new line sequences instead of the traditional <CR><LF> combination, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 25963 - Disclosed: 2006-06-05

Description:

LabWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'help' variable upon submission to the recentchanges.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 26597 - Disclosed: 2006-06-19

Description:

LabWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query' variable upon submission to the search.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45423 - Disclosed: 1997-01-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 17940 - Disclosed: 2004-06-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 17941 - Disclosed: 2005-07-09

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable.

[CLOSE] OSVDB ID : 11382 - Disclosed: 1998-11-09

Description:

(Description Provided by CVE) : LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.

[CLOSE] OSVDB ID : 11381 - Disclosed: 1998-11-09

Description:

(Description Provided by CVE) : LakeWeb Mail List CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address.

[CLOSE] OSVDB ID : 16305 - Disclosed: 2005-04-28

Description:

(Description Provided by CVE) : The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 40446 - Disclosed: 2008-01-21

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Lama Software allow remote attackers to execute arbitrary PHP code via a URL in the MY_CONF[classRoot] parameter to (1) inc.steps.access_error.php, (2) inc.steps.check_login.php, or (3) inc.steps.init_system.php in admin/functions/.