[CLOSE] OSVDB ID : 71082 - Disclosed: 2010-10-18

Description:

Sahar Money Manager is prone to a flaw in the way it loads dynamic-link libraries (DLL), specifically unicows.dll. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening an HTML file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 88926 - Disclosed: 2013-01-01

Description:

Sahifa Theme for WordPress contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a direct request for multiple scripts, which discloses the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 88927 - Disclosed: 2013-01-01

Description:

Sahifa Theme for WordPress contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into resetting a site settings in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 57400 - Disclosed: 2008-11-28

Description:

SailPlanner contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login page not properly sanitizing user-supplied input to the 'username' and 'password' fields. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51879 - Disclosed: 2009-02-10

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the sajax_get_common_js function in php/Sajax.php in Sajax 0.12 allows remote attackers to inject arbitrary web script or HTML via the URL parameter, which is not properly handled when using browsers that do not URL-encode requests, such as Internet Explorer 6. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 37579 - Disclosed: 2007-06-19

Description:

A buffer overflow exists in Altap Salamander 2.5 with Portable Executable Viewer 2.02 (English Trial), and 2.0 with Portable Executable Viewer 1.00 (English Trial), allows local attackers to execute arbitrary code via a long PDB debug filename in a PE (EXE/DLL) file.

[CLOSE] OSVDB ID : 51695 - Disclosed: 2009-01-30

Description:

SalesCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'customer/cmenu.asp' script not properly sanitizing user-supplied input to the 'code' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 51694 - Disclosed: 2009-01-30

Description:

SalesCart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the online/menu.asp script not properly sanitizing user-supplied input to the 'name' and 'code' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 40145 - Disclosed: 2007-05-29

Description:

(Description Provided by CVE) : ** DISPUTED ** Multiple SQL injection vulnerabilities in cgi-bin/reorder2.asp in SalesCart Shopping Cart allow remote attackers to execute arbitrary SQL commands via the password field and other unspecified vectors. NOTE: the vendor disputes this issue, stating "We were able to reproduce this sql injection on an old out-of-date demo on the website but not on the released product."

[CLOSE] OSVDB ID : 11438 - Disclosed: 2000-02-01

Description:

(Description Provided by CVE) : The SalesCart shopping cart application allows remote users to modify sensitive purchase information via hidden form fields.

[CLOSE] OSVDB ID : 10947 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that may allow a malicious user to perform a man-in-the-middle attack. The issue is due to the server not authenticating the client before allowing the client's commands to be executed. It is possible that the flaw may allow the attacker to render all client/server communications insecure and gain complete access to the server, resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 10942 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that may allow a remote attacker to gain administrative privileges. The issue is due to the server not properly authenticating remote users or track sessions. By editing the values of the server set cookie, an attacker can change their privilege from a regular user to administrater and submit it back to the server.

[CLOSE] OSVDB ID : 1273 - Disclosed: 2000-03-31

Description:

(Description Provided by CVE) : The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.

[CLOSE] OSVDB ID : 29135 - Disclosed: 2004-10-18

Description:

(Description Provided by CVE) : SalesLogix 6.1 includes usernames, passwords, and other sensitive information in the headers of an HTTP response, which could allow remote attackers to gain access.

[CLOSE] OSVDB ID : 10943 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that may allow a remote denial of service. The issue is triggered when an invalid HTTP request is issued, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 29134 - Disclosed: 2004-10-18

Description:

(Description Provided by CVE) : SalesLogix 6.1 uses client-specified pathnames for writing certain files, which might allow remote authenticated users to create arbitrary files and execute code via the (1) vMME.AttachmentPath or (2) vMME.LibraryPath variables.

[CLOSE] OSVDB ID : 15984 - Disclosed: 2004-10-18

Description:

(Description Provided by CVE) : Directory traversal vulnerability in SalesLogix 6.1 allows remote attackers to upload arbitrary files via a .. (dot dot) in a ProcessQueueFile request.

[CLOSE] OSVDB ID : 10948 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker issues the 'GetConnection' command (with proper parameters) to the server on TCP port 1707, which will disclose database authentication credentials resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 10949 - Disclosed: 2004-10-18

Description:

The SalesLogix SLX server contains a flaw that allows a remote attacker to write to arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the ProcessQueueFile variable.

[CLOSE] OSVDB ID : 10946 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the slxweb.dll facility returning information such as passwords, usernames, paths and more when a remote attacker requests a connection with the server. The information is contained in the HTML source code of the page returned for such a request.

[CLOSE] OSVDB ID : 10944 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an invalid filename is passed to the component responsible for downloading files from the server to the user, and leads to disclosure of full library and attachment paths resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 10945 - Disclosed: 2004-10-18

Description:

SalesLogix contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id" variable in the slxweb.dll module is not verified properly and will allow an attacker to inject or manipulate SQL queries. Database table and field names may also be disclosed resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 68798 - Disclosed: 2010-09-28

Description:

(Description Provided by CVE) : The (1) runSalome, (2) runTestMedCorba, (3) runLightSalome, and (4) hxx2salome scripts in SALOME 5.1.3 place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory.

[CLOSE] OSVDB ID : 90201 - Disclosed: 2013-02-02

Description:

Salon-Finder for iPhone contains an unspecified flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue may allow the application to gain access to a user's Location, Calendar, and Contacts Book and transmit some of this data in cleartext to a third party.

[CLOSE] OSVDB ID : 84829 - Disclosed: 2012-08-18

Description:

SaltOS contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via the URL upon submission to the lib/phpexcel/PHPExcel/Shared/JAMA/docs/download.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 51730 - Disclosed: 2008-09-18

Description:

Sama Educational Management System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate Message parameters upon submission to the 'Error.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 80609 - Disclosed: 2012-03-12

Description:

Saman Portal contains a flaw related to the cdk module that allows a remote attacker to traverse outside of a restricted path. The issue is due to the index.php not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'sismodule' parameter. This directory traversal attack would allow the attacker to read arbitrary files.

[CLOSE] OSVDB ID : 46436 - Disclosed: 2008-06-19

Description:

Samart-CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'site.php' script not properly sanitizing user-supplied input to the 'contentsid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 57652 - Disclosed: 2009-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12642 - Disclosed: 2003-03-15

Description:

(Description Provided by CVE) : The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.