[CLOSE] OSVDB ID : 69870 - Disclosed: 2010-10-08

Description:

Lantern CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'intPassedLocationID' parameter upon submission to the 11-login.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 69871 - Disclosed: 2010-10-08

Description:

Lantern CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'signupemail' parameter upon submission to the 7-home-page.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 18597 - Disclosed: 2005-08-05

Description:

A local buffer overflow exists in the "edituser" comand on Lantronix console servers. The "edituser" command fails to check its command line arguments resulting in a stack overflow. With a specially crafted argument, an attacker can gain administrative privileges resulting in a full compromise.

[CLOSE] OSVDB ID : 18595 - Disclosed: 2005-08-05

Description:

Lantronix Secure Console Server contains a flaw that may allow a malicious local user to modify arbitrary files on the system. Due to insecure permissions set on the /tmp directory, an attacker can exploit a race condition against the creation of the /tmp/listen_fifo_server pipe to modify arbitrary files on the system resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18596 - Disclosed: 2005-08-05

Description:

Lantronix Secure Console Server contains a flaw that allows a local console user to execute system binaries. The issue is due to the console software not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the command line variables. Sysadmin user can abuse this bug to become root user, and gain privileges usally not granted by the console software.

[CLOSE] OSVDB ID : 51003 - Disclosed: 2008-01-15

Description:

(Description Provided by CVE) : Lantronix MSS485-T allows remote attackers to cause a denial of service (unstable performance and service loss) via certain vulnerability scans, as demonstrated using (1) Nessus and (2) nmap.

[CLOSE] OSVDB ID : 39188 - Disclosed: 2007-11-11

Description:

Lantronix SCS3200 contains a flaw in the public-key request handling that may allow a remote denial of service. With a specially crafted keyscan request, a remote attacker can cause the device to stop responding.

[CLOSE] OSVDB ID : 82317 - Disclosed: 2012-03-24

Description:

Laoy8! CMS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'ID' parameter upon submission to the mood.asp script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 71069 - Disclosed: 2010-10-11

Description:

Lara contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the /_ui/changepassword script does not require multiple steps or explicit confirmation for sensitive transactions for the manipulation of passwords. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 13125 - Disclosed: 2001-01-29

Description:

(Description Provided by CVE) : Lars Ellingsen guestserver.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the "email" parameter.

[CLOSE] OSVDB ID : 42902 - Disclosed: 2008-02-11

Description:

(Description Provided by CVE) : Format string vulnerability in the logging function in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier for Windows might allow remote attackers to execute arbitrary code via format string specifiers in a USEP command on TCP port 3114.

[CLOSE] OSVDB ID : 42901 - Disclosed: 2008-02-11

Description:

(Description Provided by CVE) : Stack-based buffer overflow in NPSpcSVR.exe in Larson Network Print Server (LstNPS) 9.4.2 build 105 and earlier allows remote attackers to execute arbitrary code via a long argument in a LICENSE command on TCP port 3114.

[CLOSE] OSVDB ID : 5986 - Disclosed: 1999-01-28

Description:

LaserFiche, when running on Netware, contains a flaw that may lead to an unauthorized password exposure. The Btreive tables that contain usernames, passwords, and group membership information do not require administrative privileges for write access. Additionally, any operations directly on the tables are not logged. This may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 5885 - Disclosed: 1999-01-28

Description:

LaserFiche, when running on Netware, contains a flaw that may lead to an unauthorized password exposure. The Btreive tables that contain usernames, passwords, and group membership information are available for any user to read. The data inside those tables is not encrypted, which exposes the passwords in plaintext to any user. Included in the tables is the password for the administrative account. This may lead to a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 44401 - Disclosed: 2008-04-15

Description:

LASERnet CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'new' variable and that variable is assigned to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18671 - Disclosed: 2005-08-02

Description:

(Description Provided by CVE) : Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags.

[CLOSE] OSVDB ID : 8960 - Disclosed: 2001-12-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 allows remote attackers to read arbitrary files via '..' sequences in the $error_log variable.

[CLOSE] OSVDB ID : 68789 - Disclosed: 2010-09-28

Description:

(Description Provided by CVE) : lastfm 1.5.4 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

[CLOSE] OSVDB ID : 80023 - Disclosed: 2012-03-03

Description:

LastGuru ASP GuestBook contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the View.asp script not properly sanitizing user-supplied input to the 'E_Mail' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 54862 - Disclosed: 2008-07-08

Description:

(Description Provided by CVE) : Mole Group Lastminute Script 4.0 and earlier stores passwords in cleartext, which allows context-dependent attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 46858 - Disclosed: 2008-07-08

Description:

Lastminute Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'cid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 29736 - Disclosed: 2006-10-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in lat2cyr.php in the lat2cyr 1.0.1 and earlier phpbb module allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 90006 - Disclosed: 2013-02-02

Description:

The LAT (Local Area Transport) daemon contains an overflow condition in the LATCP_VERSION function of llogincircuit.cc. The issue is triggered as user-supplied input is not properly validated when parsing version headers or generating an error message. With a specially crafted message or header, a remote attacker can cause a buffer overflow, resulting in a denial of service or potentially executing arbitrary code.

[CLOSE] OSVDB ID : 60648 - Disclosed: 2009-12-02

Description:

Lateral Arts Photobox Uploader ActiveX is prone to an overflow condition. The ActiveX control fails to properly sanitize user-supplied input assigned to various properties (e.g. LogURL, ConnectURL, SkinURL, AlbumCreateURL, ErrorURL, and httpsinglehost), resulting in a stack-based buffer overflow. With a specially crafted web page, a context-dependent attacker can execute arbitrary code on a user's system.

[CLOSE] OSVDB ID : 81350 - Disclosed: 2012-04-14

Description:

latex2man contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program creating temporary files insecurely. It is possible for a local attacker to use a symlink attack to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 10216 - Disclosed: 2004-09-21

Description:

(Description Provided by CVE) : Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other versions, allow remote attackers to execute arbitrary code via (1) the expandmacro function, and possibly (2) Environments and (3) TranslateCommand.

[CLOSE] OSVDB ID : 81998 - Disclosed: 2012-05-16

Description:

Lattice Diamond contains a flaw related to the libbaspd.dll libary. The issue is triggered when a virtual function is called from arbitrary memory when handling PCF files, which may allow a context-dependent attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 81997 - Disclosed: 2012-05-16

Description:

A memory corruption flaw exists in Lattice Diamond. The libbasut.dll library fails to sanitize user-supplied input resulting in memory corruption. With a specially crafted NCD file, a context-dependent attacker can execute arbitrary code.

[CLOSE] OSVDB ID : 83280 - Disclosed: 2012-06-21

Description:

Lattice Diamond is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted XCF file, a context-dependent attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 37790 - Disclosed: 2007-05-08

Description:

LaVague contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'views/print/printbar.php' script not properly sanitizing user input supplied to the 'views_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.