[CLOSE] OSVDB ID : 73088 - Disclosed: 2011-06-15

Description:

N-13 News contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the modules/editcomments.php script does not validate the 'id' and 'pid' parameters upon submission to the admin.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 73087 - Disclosed: 2011-06-15

Description:

N-13 News contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' and 'catid' parameters upon submission to the admin.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 21247 - Disclosed: 2005-11-29

Description:

News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 73086 - Disclosed: 2011-06-15

Description:

N-13 News contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' and 'parent' parameters upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 63281 - Disclosed: 2010-03-29

Description:

N-13 News contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'modules/login.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'default_login_language' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 70593 - Disclosed: 2011-01-18

Description:

N-13 News contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition of an administrator user. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 45103 - Disclosed: 1991-04-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19153 - Disclosed: 2005-09-01

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.

[CLOSE] OSVDB ID : 63687 - Disclosed: 2010-01-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 24397 - Disclosed: 2006-04-05

Description:

N.T. contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in an administrator's browser when the "Login Log" page is viewed, leading to a loss of integrity.

[CLOSE] OSVDB ID : 24398 - Disclosed: 2006-04-05

Description:

N.T. contains a flaw that may allow a malicious user to run arbitrary code. The issue is triggered due to ticker.db.php not properly sanitizing unspecified or unknown values. Arbitrary PHP code may be injected, which will be executed when the file is included. It is possible that the flaw may allow the execution of arbitrary commands resulting in a loss of integrity.

[CLOSE] OSVDB ID : 30099 - Disclosed: 2006-10-27

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter.

[CLOSE] OSVDB ID : 56395 - Disclosed: 2003-01-02

Description:

(Description Provided by CVE) : The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.

[CLOSE] OSVDB ID : 56396 - Disclosed: 2003-01-02

Description:

(Description Provided by CVE) : The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.

[CLOSE] OSVDB ID : 56394 - Disclosed: 2003-01-02

Description:

(Description Provided by CVE) : The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php (mistakenly referred to as mass_opeations.inc.php) scripts in N/X 2002 allow remote attackers to execute arbitrary PHP code via a c_path that references a URL on a remote web server that contains the code.

[CLOSE] OSVDB ID : 68929 - Disclosed: 2010-10-28

Description:

n2 n2view contains a flaw related to the processing of logins. This may allow a remote attacker to bypass authentication by via an empty 'username' parameter.

[CLOSE] OSVDB ID : 23551 - Disclosed: 2006-02-27

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) dir and (2) page_id parameter to index.php.

[CLOSE] OSVDB ID : 23552 - Disclosed: 2006-02-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.

[CLOSE] OSVDB ID : 23553 - Disclosed: 2006-02-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. NOTE: it is possible that issues 1 and 2 are resultant from SQL injection.

[CLOSE] OSVDB ID : 29692 - Disclosed: 2006-10-12

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in naboard_pnr.php in n@board 3.1.9e and earlier allows remote attackers to execute arbitrary PHP code via a URL in the skin parameter.

[CLOSE] OSVDB ID : 33692 - Disclosed: 2007-02-10

Description:

(Description Provided by CVE) : nabopoll 1.1.2 allows remote attackers to bypass authentication and access certain administrative functionality via a direct request for (1) config_edit.php, (2) template_edit.php, or (3) survey_edit.php in admin/.

[CLOSE] OSVDB ID : 33753 - Disclosed: 2007-02-21

Description:

(Description Provided by CVE) : SQL injection vulnerability in result.php in Nabopoll 1.2 allows remote attackers to execute arbitrary SQL commands via the surv parameter.

[CLOSE] OSVDB ID : 17706 - Disclosed: 2005-07-01

Description:

Nabopoll contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to survey.inc.php not properly sanitizing user input supplied to the path variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 13582 - Disclosed: 1999-10-14

Description:

(Description Provided by CVE) : Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm.

[CLOSE] OSVDB ID : 34372 - Disclosed: 2004-02-08

Description:

(Description Provided by CVE) : Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 allows remote attackers to cause a denial of service (server crash) via malformed data to TCP port 2350, possibly due to long values or incorrect size fields.

[CLOSE] OSVDB ID : 38071 - Disclosed: 2007-10-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Nagios 2.x before 2.10 allows remote attackers to inject arbitrary web script or HTML via unknown vectors to unspecified CGI scripts.

[CLOSE] OSVDB ID : 71059 - Disclosed: 2011-03-09

Description:

Nagios contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'layer' parameter upon submission to the cgi-bin/statusmap.cgi script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 49678 - Disclosed: 2008-11-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 74122 - Disclosed: 2011-06-01

Description:

Nagios contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'expand' parameter upon submission to the 'config.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 25543 - Disclosed: 2006-05-16

Description:

(Description Provided by CVE) : Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. NOTE: this is a different vulnerability than CVE-2006-2162.