[CLOSE] OSVDB ID : 87389 - Disclosed: 2012-06-21

Description:

uploadify-amazon-s3 for Uploadify contains a flaw that allows a remote user to execute arbitrary PHP code. This flaw exists because the uploadify.php script does not properly verify or sanitize user-uploaded files. By uploading a .php file, the remote system will place the file in a user-accessible path. Making a direct request to the uploaded file will allow the user to execute the script, and therefore their own code.

[CLOSE] OSVDB ID : 42617 - Disclosed: 2008-01-09

Description:

(Description Provided by CVE) : admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass (Set Password) action.

[CLOSE] OSVDB ID : 42936 - Disclosed: 2008-01-09

Description:

UploadScript contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when 'admin.php' does not check for the original password before making a change to a new password. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 31850 - Disclosed: 2006-12-06

Description:

(Description Provided by CVE) : Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt.

[CLOSE] OSVDB ID : 66614 - Disclosed: 2010-02-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62134 - Disclosed: 2010-02-05

Description:

UplusFtp Server is prone to an overflow condition. The server fails to properly sanitize user-supplied input resulting in a stack overflow. With a specially crafted command argument, a remote attacker can potentially cause arbitrary code execution.

[CLOSE] OSVDB ID : 66758 - Disclosed: 2010-07-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 77633 - Disclosed: 2011-12-11

Description:

UPM Polls Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-admin/admin-ajax.php script not properly sanitizing user-supplied input to the 'PID' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 74377 - Disclosed: 2011-08-06

Description:

UPM Polls Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-content/plugins/upm-polls/includes/poll_logs.php script not properly sanitizing user-supplied input to the 'qid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 32061 - Disclosed: 2006-12-04

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.

[CLOSE] OSVDB ID : 35830 - Disclosed: 2006-11-13

Description:

(Description Provided by CVE) : SQL injection vulnerability in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the Username parameter in login.asp. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

[CLOSE] OSVDB ID : 32062 - Disclosed: 2006-12-04

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.

[CLOSE] OSVDB ID : 32060 - Disclosed: 2006-12-04

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.

[CLOSE] OSVDB ID : 32059 - Disclosed: 2006-12-04

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Superfreaker Studios UPublisher 1.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors in (a) sendarticle.asp and (b) printarticle.asp, and the ID parameter to (c) index.asp and (d) preferences.asp, different vectors than CVE-2006-5888.

[CLOSE] OSVDB ID : 30331 - Disclosed: 2006-11-12

Description:

(Description Provided by CVE) : SQL injection vulnerability in viewarticle.asp in Superfreaker Studios UPublisher 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

[CLOSE] OSVDB ID : 61396 - Disclosed: 2009-12-31

Description:

UranyumSoft contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a malicious hacker requests the file "database/db.mdb" via browser, which will disclose the whole database to a remote attacker.

[CLOSE] OSVDB ID : 19435 - Disclosed: 2005-09-16

Description:

(Description Provided by CVE) : URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.

[CLOSE] OSVDB ID : 19212 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19213 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19214 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19215 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19434 - Disclosed: 2005-09-16

Description:

(Description Provided by CVE) : URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.

[CLOSE] OSVDB ID : 42334 - Disclosed: 2007-10-10

Description:

(Description Provided by CVE) : report.cgi in Google Urchin allows remote attackers to bypass authentication and obtain sensitive information (web server logs) via certain modified query parameters, as demonstrated using the profile, rid, prefs, n, vid, bd, ed, dt, and gtype parameters, a different vulnerability than CVE-2007-5112.

[CLOSE] OSVDB ID : 38578 - Disclosed: 2007-09-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in session.cgi (aka the login page) in Google Urchin 5 5.7.03 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, a different vulnerability than CVE-2007-4713. NOTE: this can be leveraged to capture login credentials in some browsers that support remembered (auto-completed) passwords.

[CLOSE] OSVDB ID : 36807 - Disclosed: 2007-09-01

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in urchin.cgi in Urchin 5.6.00r2 allow remote attackers to inject arbitrary web script or HTML via the (1) dtc, (2) vid, (3) n, (4) dt, (5) ed, and (6) bd parameters.

[CLOSE] OSVDB ID : 55300 - Disclosed: 2009-06-24

Description:

URD contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate certain variables upon submission to the fatal_error.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20955 - Disclosed: 2005-11-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in the administration interface in Uresk Links 2.0 Lite allows remote attackers to bypass authentication via unspecified vectors in index.php.

[CLOSE] OSVDB ID : 1129 - Disclosed: 1999-10-28

Description:

URL Live! contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

[CLOSE] OSVDB ID : 47571 - Disclosed: 2008-08-20

Description:

URL Rotator Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'tr.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 83885 - Disclosed: 2011-10-07

Description:

URL Shortener Script contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the show.php script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.