[CLOSE] OSVDB ID : 45456 - Disclosed: 2005-07-01

Description:

By default, many O'Neill Bluetooth devices contain a default hardcoded PIN. During the bluetooth pairing process, the device uses a PIN with the value of 8761 which is publicly known and documented. This allows attackers to trivially access the device to intercept audio traffic or push audio content.

[CLOSE] OSVDB ID : 12963 - Disclosed: 1999-02-16

Description:

WebSite Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'args.bat' script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12962 - Disclosed: 1999-02-16

Description:

WebSite Pro contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'args.cmd' script not properly sanitizing user-supplied input. It is possible that the flaw may allow a remote attacker to execute arbitrary commands resulting in a loss of integrity.

[CLOSE] OSVDB ID : 375 - Disclosed: 2000-07-19

Description:

(Description Provided by CVE) : Buffer overflow in O'Reilly WebSite Professional web server 2.4 and earlier allows remote attackers to execute arbitrary commands via a long GET request or Referrer header.

[CLOSE] OSVDB ID : 374 - Disclosed: 2000-07-19

Description:

(Description Provided by CVE) : Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.

[CLOSE] OSVDB ID : 1775 - Disclosed: 2000-01-20

Description:

(Description Provided by CVE) : O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.

[CLOSE] OSVDB ID : 229 - Disclosed: 1997-09-04

Description:

(Description Provided by CVE) : The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

[CLOSE] OSVDB ID : 8 - Disclosed: 1997-01-06

Description:

O'Reilly WebSite contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to the 'win-c-sample' program containing a remote overflow. The program fails to validate unspecified user-supplied input resulting in a buffer overflow. With a specially crafted request, an attacker can execute custom code under the privileges of the web server process.

[CLOSE] OSVDB ID : 21268 - Disclosed: 2005-11-29

Description:

O-Kiraku Nikki contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the okiraku.php script not properly sanitizing user-supplied input to the 'day_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 82924 - Disclosed: 2012-06-12

Description:

o0mBBS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the NewTopic.asp script not properly sanitizing user-supplied input to the 'Forum' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 12457 - Disclosed: 2004-12-16

Description:

(Description Provided by CVE) : Buffer overflow in the parse_html function in o3read.c for o3read 0.0.3 allows remote attackers to execute arbitrary code via a crafted SXW file.

[CLOSE] OSVDB ID : 17925 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the a_channels.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17924 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the a_user.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17928 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the admin.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17932 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the channels.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 22219 - Disclosed: 2006-01-01

Description:

(Description Provided by CVE) : PHP remote file include vulnerability in forum.php in oaBoard 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.

[CLOSE] OSVDB ID : 20420 - Disclosed: 2005-10-30

Description:

oaboard contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'channel' and 'topic' variables. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17929 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the info.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17927 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the posting.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17930 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the profil.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17931 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the tickets.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17926 - Disclosed: 2005-07-13

Description:

oaboard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes a direct request to the topics.php script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 21095 - Disclosed: 2005-11-25

Description:

OASYS Lite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keyword' variable upon submission to the 'search.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 53867 - Disclosed: 2009-04-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38263 - Disclosed: 2007-09-18

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the save function in Obedit 3.03 allows user-assisted remote attackers to inject arbitrary web script or HTML via unknown vectors, as demonstrated by a SCRIPT element in an unspecified context when saving a document. NOTE: because the details of the attack are uncertain, it is unclear whether this crosses privilege boundaries.

[CLOSE] OSVDB ID : 88454 - Disclosed: 2012-11-26

Description:

Oberliga Theme for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /wp-content/themes/oberliga_theme/ajax/team.php script not properly sanitizing user-supplied input to the 'team' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 87404 - Disclosed: 2012-11-09

Description:

Oberthur ID-One COSMO Smart Card contains a flaw that is due to the program generating non-compliant public keys. This may allow a remote attacker to more easily bypass cryptographic protection mechanisms.

[CLOSE] OSVDB ID : 70424 - Disclosed: 2011-01-14

Description:

Objectivity/DB contains a flaw related to the some components' allowing multiple administrative operations to be performed without authentication. This may allow a remote attacker to bypass authentication.

[CLOSE] OSVDB ID : 14728 - Disclosed: 1992-01-01

Description:

By default, Oblivion/2 installs with a default password. The SYSOP account has a password of "SYSOP" which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 14411 - Disclosed: 2002-03-14

Description:

(Description Provided by CVE) : The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.