[CLOSE] OSVDB ID : 47823 - Disclosed: 2008-08-24

Description:

(Description Provided by CVE) : javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 54835 - Disclosed: 2009-06-01

Description:

(Description Provided by CVE) : R2 Newsletter Lite, Pro, and Stats stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for admin.mdb.

[CLOSE] OSVDB ID : 36015 - Disclosed: 2007-05-11

Description:

(Description Provided by CVE) : Directory traversal vulnerability in galeria.php in R2K Gallery 1.7 allows remote attackers to read arbitrary files via a .. (dot dot) in the lang2 parameter.

[CLOSE] OSVDB ID : 91663 - Disclosed: 2013-03-25

Description:

Ra1NX PHP IRC Bot contains a flaw that is triggered during the handling of the public call feature in private messages. This may allow a remote attacker to bypass the authentication system and potentially execute arbitrary commands.

[CLOSE] OSVDB ID : 64895 - Disclosed: 2010-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64896 - Disclosed: 2010-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 64894 - Disclosed: 2010-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 79093 - Disclosed: 2012-02-10

Description:

RabidHamster R2 is prone to an overflow condition. The 'file' command fails to properly sanitize user-supplied input resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long file parameter, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 79094 - Disclosed: 2012-02-10

Description:

RabidHamster R2 contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the telnet service not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'file' command. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 79095 - Disclosed: 2012-02-11

Description:

RabidHamster R2 contains a flaw related to the telnet service. The issue is due to the service providing only a limited range of PINs. This may allow an attacker to more easily conduct brute-force attacks and to gain access to the service.

[CLOSE] OSVDB ID : 79008 - Disclosed: 2012-02-09

Description:

RabidHamster R4 is prone to an overflow condition. The application fails to perform proper bounds checking resulting in a heap-based buffer overflow. With an overly long web request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 79006 - Disclosed: 2012-02-09

Description:

RabidHamster R4 contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the left_console.html page not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'cmd' parameter. This directory traversal attack would allow the attacker to access arbitrary files.

[CLOSE] OSVDB ID : 79007 - Disclosed: 2012-02-10

Description:

RabidHamster R4 is prone to an overflow condition. The application fails to perform proper bounds checking when creating log entries resulting in a stack-based buffer overflow. With an overly long web request, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 79009 - Disclosed: 2012-02-10

Description:

RabidHamster R4 is prone to an overflow condition. The application fails to perform proper bounds checking when processing the miniscreenshot script function resulting in a stack-based buffer overflow. With a specially crafted web request containing an overly long parameter, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 18067 - Disclosed: 2005-07-19

Description:

(Description Provided by CVE) : Format string vulnerability in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via format string specifiers in a (1) nickname or (2) chat message.

[CLOSE] OSVDB ID : 18068 - Disclosed: 2005-07-19

Description:

(Description Provided by CVE) : Buffer overflow in Race Driver 1.20 and earlier allows remote attackers to cause a denial of service (application crash) via a long (1) nickname or (2) chat message.

[CLOSE] OSVDB ID : 7094 - Disclosed: 2004-06-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7095 - Disclosed: 2004-06-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7093 - Disclosed: 2004-06-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25914 - Disclosed: 2006-05-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25913 - Disclosed: 2006-05-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 39601 - Disclosed: 2007-08-13

Description:

A remote overflow exists in Racer v0.5.3beta5. The game fails to verify buffer lengths resulting in a stack overflow. With a specially crafted request, a remote attacker can execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 78121 - Disclosed: 2011-12-28

Description:

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends multiple crafted parameters which trigger hash collisions, and will result in loss of availability for the program via CPU consumption.

[CLOSE] OSVDB ID : 89320 - Disclosed: 2013-01-07

Description:

Rack contains a flaw that may allow a remote denial of service. The issue is triggered when parsing an overly long string. With a specially crafted string, a remote attacker can cause a consumption of memory. This will result in a loss of availability for the webserver.

[CLOSE] OSVDB ID : 89327 - Disclosed: 2013-01-13

Description:

Rack contains a flaw in the Rack::Auth::AbstractRequest class that may allow a remote denial of service. The issue is triggered when an unspecified error occurs, which will result in a loss of availability for the webserver.

[CLOSE] OSVDB ID : 89938 - Disclosed: 2013-02-07

Description:

Rack contains a flaw as the Rack::File function creates temporary files insecurely. It is possible for a local attacker to use a symlink attack to traverse to an arbitrary file and disclose its contents. No further details are available.

[CLOSE] OSVDB ID : 89939 - Disclosed: 2013-02-07

Description:

Rack contains a flaw that is due to an error in the Rack::Session::Cookie function. Users of the Marshal session cookie encoding (the default), are subject to a timing attack that may lead an attacker to execute arbitrary code. This attack is more practical against 'cloud' users as intra-cloud latencies are sufficiently low to make the attack viable.

[CLOSE] OSVDB ID : 89317 - Disclosed: 2012-05-04

Description:

Rack contains a flaw in the Regular Expressions Engine that may allow a remote denial of service. The issue is triggered when parsing context-disposition headers. With a specially crafted header, a remote attacker can cause an infinite loop, which will result in a loss of availability for the webserver.

[CLOSE] OSVDB ID : 83077 - Disclosed: 2012-06-06

Description:

Rack::Cache (rack-cache) contains a flaw related to the rubygem caching sensitive HTTP headers. This will result in a weakness that may make it easier for an attacker to gain access to a user's session via a specially crafted header.

[CLOSE] OSVDB ID : 87179 - Disclosed: 2012-08-16

Description:

Rackspace Application for iOS contains a flaw related to domain name validation during certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow a man-in-the-middle attacker to spoof SSL servers via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.