[CLOSE] OSVDB ID : 76128 - Disclosed: 2011-10-04

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76129 - Disclosed: 2011-10-04

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76130 - Disclosed: 2011-10-04

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76127 - Disclosed: 2011-10-04

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 76131 - Disclosed: 2011-10-04

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 72410 - Disclosed: 2011-05-19

Description:

Radvision iVIEW SCOPIA Management Suite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to certain unspecified input not being properly sanitized before use in SQL queries. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 57369 - Disclosed: 2009-08-24

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in entry/index.jsp in Radvision Scopia 5.7, and possibly other versions before SD 7.0.100, allows remote attackers to inject arbitrary web script or HTML via the page parameter.

[CLOSE] OSVDB ID : 55601 - Disclosed: 2009-07-01

Description:

(Description Provided by CVE) : The radware AppWall Web Application Firewall (WAF) 1.0.2.6, with Gateway 4.6.0.2, allows remote attackers to read source code via a direct request to (1) funcs.inc, (2) defines.inc, or (3) msg.inc in Management/.

[CLOSE] OSVDB ID : 50411 - Disclosed: 2008-12-03

Description:

Rae Media Contact Management Software contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'asadmin/default.asp' script not properly sanitizing user-supplied input to the Password parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 71084 - Disclosed: 2010-10-18

Description:

Rafe 7 is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically idapi32.dll, idbat32.dll, idr20009.dll, idsql32.dll and odbc32.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 18389 - Disclosed: 2005-08-01

Description:

Ragnarok Online Control Panel contains a flaw in the authentication process that may allow a malicious user to bypass certain security restrictions. The issue is triggered by creating a specially crafted URL with an appended non-restricted page. This flaw may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 45879 - Disclosed: 2007-08-31

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Ragnarok Online Control Panel 4.3.4a, when the Apache HTTP Server is used, allows remote attackers to bypass authentication via directory traversal sequences in a URI that ends with the name of a publicly available page, as demonstrated by a "/...../" sequence and an account_manage.php/login.php final component for reaching the protected account_manage.php page.

[CLOSE] OSVDB ID : 27503 - Disclosed: 2006-06-14

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the osCsid parameter.

[CLOSE] OSVDB ID : 27509 - Disclosed: 2006-06-17

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in page.php in an unspecified RahnemaCo.com product, possibly eShop, allows remote attackers to execute arbitrary PHP code via a URL in the pageid parameter.

[CLOSE] OSVDB ID : 34232 - Disclosed: 2006-11-03

Description:

(Description Provided by CVE) : Rahul Jonna Gmail File Space (GSpace) allows remote attackers to perform virtual filesystem actions via e-mail messages with certain subject lines, as demonstrated by (1) a GSPACE "2174|1|1|1|gs:/ d$" message, which injects a new file into the filesystem; and (2) a GSPACE "|-135|1|1|0|gs:/ d$" message, which creates a folder.

[CLOSE] OSVDB ID : 7729 - Disclosed: 2001-04-26

Description:

(Description Provided by CVE) : Directory traversal vulnerability in RaidenFTPD Server 2.1 before build 952 allows attackers to access files outside the ftp root via dot dot attacks, such as (1) .... in CWD, (2) .. in NLST, or (3) ... in NLST.

[CLOSE] OSVDB ID : 49087 - Disclosed: 2008-10-13

Description:

RaidenFTPD contains a flaw that may allow a remote denial of service. The issue is triggered when a long CWD argument is passed as well as a MLST argument , and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 15713 - Disclosed: 2005-05-02

Description:

RaidenFTPD contains a flaw that allows a remote attacker to access arbitrary files outside of the FTP root. The issue is due to the 'urlget' site command not properly sanitizing user input, specifically traversal style attacks (..\\) resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 35582 - Disclosed: 2007-04-19

Description:

(Description Provided by CVE) : Multiple unspecified vulnerabilities in IXceedCompression in XceddZipLib (RaidenFTPD.dll) in RaidenFTPD 2.4 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving the (1) CalculateCrc, (2) Compress, and (3) Uncompress functions, which result in a NULL pointer dereference.

[CLOSE] OSVDB ID : 13575 - Disclosed: 2005-02-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 23616 - Disclosed: 2006-03-03

Description:

RaidenHTTPD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted request containing dot, space, and slash characters in the filename extention is supplied, which will disclose the source code of script files (e.g. PHP) from the server resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14304 - Disclosed: 2005-03-02

Description:

A remote overflow exists in RaidenHTTPD. The RaidenHTTPD fails to check URI length resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary commands resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14303 - Disclosed: 2005-03-02

Description:

(Description Provided by CVE) : RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows remote attackers to view the PHP source code via an HTTP GET request for a filename with a trailing (1) . (dot) or (2) space.

[CLOSE] OSVDB ID : 56248 - Disclosed: 2009-07-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28746 - Disclosed: 2006-09-08

Description:

RaidenHTTPD contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'raidenhttpd-admin/slice/check.php' script not properly sanitizing user input supplied to the 'SoftParserFileXml' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 39228 - Disclosed: 2007-12-18

Description:

RaidenHTTPD contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'raidenhttpd-admin/workspace.php' not properly sanitizing user input supplied to the 'ulang' variable. This may allow an attacker to include a file from a local host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 56249 - Disclosed: 2009-07-23

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 41112 - Disclosed: 2008-02-05

Description:

RaidenHTTPD contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'ulang' variables upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 36369 - Disclosed: 2007-06-21

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in RaidenHTTPD before 2.0.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 66858 - Disclosed: 2010-08-02

Description:

RaidenTunes 2.1.1 suffers from a Cross-Site Scripting (XSS) vulnerability caused by improper validation of user-supplied input by the music_out.php script thru "p" param. A remote attacker could exploit this vulnerability to execute script in a victim's Web browser within the security context of the hosting Web site, allowing the attacker to steal the victim's cookie-based authentication credentials.