[CLOSE] OSVDB ID : 60907 - Disclosed: 2009-12-10

Description:

(Description Provided by CVE) : Multiple cross-site request forgery (CSRF) vulnerabilities in oBlog allow remote attackers to hijack the authentication of administrators for requests that (1) change the admin password, (2) force an admin logout, (3) change the visibility of posts, (4) remove links, and (5) change the name fields of a blog.

[CLOSE] OSVDB ID : 65821 - Disclosed: 2009-12-10

Description:

oBlog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'blogroll_id' and 'title' parameters upon submission to the 'admin/blogroll.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65820 - Disclosed: 2009-12-10

Description:

oBlog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'category_id' and 'category_name' parameters upon submission to the 'admin/groups.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65823 - Disclosed: 2009-12-10

Description:

(Description Provided by CVE) : admin/index.php in oBlog allows remote attackers to conduct brute-force password guessing attacks via HTTP requests.

[CLOSE] OSVDB ID : 65822 - Disclosed: 2009-12-10

Description:

oBlog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'blog_name' and 'tag_line' parameters upon submission to the 'admin/settings.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65819 - Disclosed: 2009-12-10

Description:

oBlog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'article_id' and 'title' parameters upon submission to the 'admin/write.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65818 - Disclosed: 2009-12-10

Description:

(Description Provided by CVE) : article.php in oBlog does not properly restrict comments, which allows remote attackers to cause a denial of service (blog spam) via a comment=new action.

[CLOSE] OSVDB ID : 60906 - Disclosed: 2009-12-10

Description:

oBlog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'commentName', 'commentEmail', 'commentWeb', and 'commentText' parameters upon submission to the 'article.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 51639 - Disclosed: 2009-01-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in err.asp in Oblog allows remote attackers to inject arbitrary web script or HTML via the message parameter.

[CLOSE] OSVDB ID : 60905 - Disclosed: 2009-12-10

Description:

oBlog contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'search' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 32599 - Disclosed: 2007-01-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 76730 - Disclosed: 2011-09-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57869 - Disclosed: 2009-09-09

Description:

OBOphiX contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'fonctions_racine.php' script not properly sanitizing user input supplied to the 'chemin_lib' parameter. This may allow an attacker to include a file from an arbitrary remote host that contains commands which will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 35278 - Disclosed: 2007-04-06

Description:

(Description Provided by CVE) : Session fixation vulnerability in onelook obo Shop allows remote attackers to hijack web sessions by setting a PHPSESSID cookie.

[CLOSE] OSVDB ID : 48913 - Disclosed: 2008-09-24

Description:

(Description Provided by CVE) : Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.

[CLOSE] OSVDB ID : 48912 - Disclosed: 2008-09-24

Description:

(Description Provided by CVE) : Observer 0.3.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter to (1) whois.php or (2) netcmd.php.

[CLOSE] OSVDB ID : 61605 - Disclosed: 2010-01-02

Description:

Obsession-Design Image-Gallery contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'folder' parameter upon submission to the 'display.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 77157 - Disclosed: 2011-07-31

Description:

obSuggest Component for Joomla! contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the index.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'controller' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 78898 - Disclosed: 2011-12-31

Description:

OCaml contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

[CLOSE] OSVDB ID : 84847 - Disclosed: 2012-08-20

Description:

OCaml Xml-Light Library contains a flaw that may allow a remote denial of service. The issue is triggered when a hash collision occurs between multiple hash functions. This will result in a consumption of CPU resources and a loss of availability for the program.

[CLOSE] OSVDB ID : 12820 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 91490 - Disclosed: 2013-03-19

Description:

Occasions Plugin for WordPress contains a flaw that allows a persistent cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'occ_content1' parameter upon submission to the occasions/occasions.php script, which is called via the wp-admin/options-general.php script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 91489 - Disclosed: 2013-03-19

Description:

Occasions Plugin for WordPress contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into adding or deleting occasions in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 61924 - Disclosed: 2009-07-23

Description:

Ocean CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'css.php' script not properly sanitizing user input supplied to the 'CONFIGS','CAKE' and 'LIBS' parameters. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 14916 - Disclosed: 2005-03-21

Description:

(Description Provided by CVE) : Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections.

[CLOSE] OSVDB ID : 22638 - Disclosed: 2005-11-04

Description:

(Description Provided by CVE) : Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 52975 - Disclosed: 2003-04-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25346 - Disclosed: 2006-05-08

Description:

Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/edit.asp' script not properly sanitizing user-supplied input to the 'ID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 15696 - Disclosed: 2005-04-19

Description:

Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the /admin/index.php script not properly sanitizing user-supplied input to the 'Admin_id' and 'Admin_password' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 25344 - Disclosed: 2006-05-08

Description:

Ocean12 Calendar Manager Pro contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'admin/main.asp' script not properly sanitizing user-supplied input to the 'date' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.