[CLOSE] OSVDB ID : 51640 - Disclosed: 2009-01-16

Description:

Walking Club contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login.aspx script not properly sanitizing user-supplied input to the 'username' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 20885 - Disclosed: 2005-11-14

Description:

(Description Provided by CVE) : ts.exe (aka ts.cgi) in Walla TeleSite 3.0 and earlier allows remote attackers to access arbitrary local files via the querystring.

[CLOSE] OSVDB ID : 20884 - Disclosed: 2005-11-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 20883 - Disclosed: 2005-11-14

Description:

Walla TeleSite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ts.exe (also know as ts.cgi) script not properly sanitizing user-supplied input to the 'sug' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20882 - Disclosed: 2005-11-14

Description:

Walla TeleSite contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'sug' parameter upon submission to the 'ts.exe' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 20881 - Disclosed: 2005-11-14

Description:

(Description Provided by CVE) : ts.exe in Walla TeleSite 3.0 and earlier allows remote attackers to access privileged information by entering the article number in tsurl parameter.

[CLOSE] OSVDB ID : 40368 - Disclosed: 2007-12-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.

[CLOSE] OSVDB ID : 40369 - Disclosed: 2007-12-22

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Wallpaper Site 1.0.09 allow remote attackers to execute arbitrary SQL commands via (1) the catid parameter to category.php or (2) the groupid parameter to editadgroup.php.

[CLOSE] OSVDB ID : 35986 - Disclosed: 2006-11-24

Description:

Wallpaper Website contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'dlwallpaper.php' script not properly sanitizing user-supplied input to the 'wallpaperid' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 35985 - Disclosed: 2006-11-24

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in Wallpaper Website (Wallpaper Complete Website) 1.0.09 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameter to (a) process.php, or the (3) wallpaperid parameter to (b) dlwallpaper.php.

[CLOSE] OSVDB ID : 30680 - Disclosed: 2006-11-23

Description:

(Description Provided by CVE) : SQL injection vulnerability in wallpaper.php in Wallpaper Website (Wallpaper Complete Website) 1.0.09 allows remote attackers to execute arbitrary SQL commands via the wallpaperid parameter.

[CLOSE] OSVDB ID : 73217 - Disclosed: 2011-05-26

Description:

(Description Provided by CVE) : WalRack 1.x before 1.1.9 and 2.x before 2.0.7 does not properly restrict file uploads, which allows remote attackers to execute arbitrary PHP code via vectors involving a double extension, as demonstrated by a .php.zzz file.

[CLOSE] OSVDB ID : 73216 - Disclosed: 2011-06-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in WalRack 1.x before 1.1.8 and 2.x before 2.0.6 has unknown impact and attack vectors, possibly related to file deletion and an encoded URL, a different vulnerability than CVE-2011-1329.

[CLOSE] OSVDB ID : 37187 - Disclosed: 2007-06-08

Description:

(Description Provided by CVE) : Unspecified vulnerability in Walter Zorn wz_tooltip.js (aka wz_tooltips) before 4.01, as used by eGroupWare before 1.2.107-2 and other packages, has unknown impact and remote attack vectors.

[CLOSE] OSVDB ID : 62481 - Disclosed: 2010-02-22

Description:

WampServer contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'lang' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 85344 - Disclosed: 2012-08-12

Description:

WanEm contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered by the dosu binary file being installed setuid root, allowing a local attacker to gain root privileges.

[CLOSE] OSVDB ID : 85345 - Disclosed: 2012-08-12

Description:

WanEm contains a flaw related to the result.php script. The issue is triggered when a remote attacker passes an arbitary command via the 'pc' parameter. This may allow an attacker to execute arbitrary commands.

[CLOSE] OSVDB ID : 85346 - Disclosed: 2012-08-12

Description:

WanEM contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate URI input upon submission to multiple scripts. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 21867 - Disclosed: 2005-12-22

Description:

Wandsoft e-Search contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'keywords' variable. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 76230 - Disclosed: 2010-09-23

Description:

WAnewsletter contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 38812 - Disclosed: 2007-05-28

Description:

WAnewsletter contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'newsletter.php' not properly sanitizing user input supplied to the 'waroot' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 83636 - Disclosed: 2012-07-02

Description:

WANGKONGBAO CNS-1000 and 1100 Network Security Platform contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the /src/acloglogin.php not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'landid' and 'lang' cookie parameters. This directory traversal attack would allow the attacker to create or access arbitrary files.

[CLOSE] OSVDB ID : 48840 - Disclosed: 2008-04-18

Description:

(Description Provided by CVE) : Multiple race conditions in WANPIPE before 3.3.6 have unknown impact and attack vectors related to "bri restart logic."

[CLOSE] OSVDB ID : 14392 - Disclosed: 2005-02-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33672 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

[CLOSE] OSVDB ID : 33671 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

[CLOSE] OSVDB ID : 35770 - Disclosed: 2007-02-03

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Wap Portal Server 1.x allow remote attackers to execute arbitrary PHP code via a URL in the language parameter to (1) index.php and (2) admin/index.php.

[CLOSE] OSVDB ID : 85951 - Disclosed: 2012-09-08

Description:

WAP Proof 2008 contains a flaw that may allow a remote denial of service. This issue is triggered during the handling of a malformed table element that contains an incorrect integer value for a column attribute, which will result in a loss of availability for the program.

[CLOSE] OSVDB ID : 57426 - Disclosed: 2009-08-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in gallery/gallery.php in Wap-Motor before 18.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the image parameter.

[CLOSE] OSVDB ID : 90643 - Disclosed: 2013-02-25

Description:

War FTP Daemon contains a flaw that may allow a remote denial of service. The issue is triggered when handling malformed FTP commands. With a specially crafted CDUP command, a remote attacker can cause the program to crash.