[CLOSE] OSVDB ID : 57515 - Disclosed: 2009-08-15

Description:

(Description Provided by CVE) : Microsoft Internet Explorer 6 through 8 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page.

[CLOSE] OSVDB ID : 57754 - Disclosed: 2009-08-15

Description:

(Description Provided by CVE) : K-Meleon 1.5.3 allows context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

[CLOSE] OSVDB ID : 57758 - Disclosed: 2009-08-15

Description:

(Description Provided by CVE) : Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

[CLOSE] OSVDB ID : 57759 - Disclosed: 2009-08-15

Description:

(Description Provided by CVE) : Mozilla Firefox 3.5.1 and SeaMonkey 1.1.17, and Flock 2.5.1, allow context-dependent attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary file: URL after a victim has visited any file: URL, as demonstrated by a visit to a file: document written by the attacker.

[CLOSE] OSVDB ID : 57756 - Disclosed: 2009-08-15

Description:

(Description Provided by CVE) : Lunascape 5.1.3 and 5.1.4 allows remote attackers to spoof the address bar, via window.open with a relative URI, to show an arbitrary URL on the web site visited by the victim, as demonstrated by a visit to an attacker-controlled web page, which triggers a spoofed login form for the site containing that page. NOTE: a related attack was reported in which an arbitrary file: URL is shown.

[CLOSE] OSVDB ID : 57748 - Disclosed: 2009-08-15

Description:

Multiple web browsers contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate and allow the attacker to spoof the URL or content from a non existing file or path. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56651 - Disclosed: 2009-07-30

Description:

Avant Browser contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'Most Visited','History' and 'Recently Bookmarked' sections upon submission to the 'Browser:home' dynamic content. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the 'Browser:home' dynamic content, leading to a loss of integrity.

[CLOSE] OSVDB ID : 56238 - Disclosed: 2009-04-27

Description:

By default, COMTREND HG-536 routers install with multiple default passwords. The 'user' account has a password of 'user', the 'support' account has a password of 'support' and the 'admin' account has a default password of 'admin', which are publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 52491 - Disclosed: 2009-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 52490 - Disclosed: 2009-01-27

Description:

(Description Provided by CVE) : Apple Safari 3.2.1 (aka AppVer 3.525.27.1) on Windows allows remote attackers to cause a denial of service (infinite loop or access violation) via a link to an http URI in which the authority (aka hostname) portion is either a (1) . (dot) or (2) .. (dot dot) sequence.

[CLOSE] OSVDB ID : 49556 - Disclosed: 2008-11-04

Description:

DHCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'domain' and 'd1' variables upon submission to the 'order.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 57065 - Disclosed: 2008-09-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57066 - Disclosed: 2008-09-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49128 - Disclosed: 2008-09-28

Description:

(Description Provided by CVE) : Stack-based buffer overflow in Safer Networking FileAlyzer 1.6.0.0 and 1.6.0.4 beta, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via an executable with malformed version data.

[CLOSE] OSVDB ID : 48265 - Disclosed: 2008-09-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 51685 - Disclosed: 2008-09-05

Description:

Avant Browser contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URI dialog 'about:'. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 51686 - Disclosed: 2008-09-05

Description:

Maxthon Browser contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the URI dialog 'about:'. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship

[CLOSE] OSVDB ID : 47802 - Disclosed: 2008-08-25

Description:

PopnupBlog Module for XOOPS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'cat_id' and 'view' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47560 - Disclosed: 2008-08-15

Description:

PHPizabi contains a flaw that allows a remote attacker to arbitrary file access outside of the web path. The issue is due to the 'index.php' script not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'id' variable(s)wen 'L' param is set to 'admin.templates.edittemplate'.

[CLOSE] OSVDB ID : 47561 - Disclosed: 2008-08-15

Description:

PHPizabi contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'query' variable upon submission to the 'index.php' script, when the 'L' param is set to 'blogs.search'. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47641 - Disclosed: 2008-08-09

Description:

Yogurt Social Network contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uid' variables upon submission to the 'friends.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47642 - Disclosed: 2008-08-09

Description:

Yogurt Social Network contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uid' variables upon submission to the 'seutubo.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47643 - Disclosed: 2008-08-09

Description:

Yogurt Social Network contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uid' variables upon submission to the 'album.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47644 - Disclosed: 2008-08-09

Description:

Yogurt Social Network contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uid' variables upon submission to the 'scrapbook.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47645 - Disclosed: 2008-08-09

Description:

Yogurt Social Network contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uid' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47646 - Disclosed: 2008-08-09

Description:

Yogurt Social Network contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uid' variables upon submission to the 'tribes.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 47647 - Disclosed: 2008-08-09

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the Yogurt Social Network module 3.2 rc1 for XOOPS allow remote attackers to inject arbitrary web script or HTML via the uid parameter to (1) friends.php, (2) seutubo.php, (3) album.php, (4) scrapbook.php, (5) index.php, or (6) tribes.php; or (7) the description field of a new scrap.

[CLOSE] OSVDB ID : 48841 - Disclosed: 2008-08-09

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

[CLOSE] OSVDB ID : 48842 - Disclosed: 2008-08-09

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in the RMSOFT Downloads Plus (rmdp) module 1.5 and 1.7 for Xoops allow remote attackers to inject arbitrary web script or HTML via the (1) key parameter to search.php and the (2) id parameter to down.php.

[CLOSE] OSVDB ID : 48843 - Disclosed: 2008-08-09

Description:

RMSOFT MiniShop Module for XOOPS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search.php' script not properly sanitizing user-supplied input to the 'itemsxpag' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 48849 - Disclosed: 2008-08-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in search.php in the RMSOFT MiniShop module 1.0 for Xoops allows remote attackers to inject arbitrary web script or HTML via the itemsxpag parameter.

[CLOSE] OSVDB ID : 47343 - Disclosed: 2008-08-06

Description:

Kshop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'search' variables upon submission to the 'Kshop_search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 51469 - Disclosed: 2008-06-25

Description:

gTalk contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'mailto:' and 'http:' autolinks upon submission to Message Body. This could allow a user to create a specially crafted Message Body that would execute arbitrary code in a user's gTalk within the trust relationship between the client and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45338 - Disclosed: 2008-05-18

Description:

bcoos contains a flaw that allows a remote attacker to access to all files with extension outside of the web path. The issue is due to the 'highlight.php' not properly sanitizing user input, specifically directory traversal style attacks (../../) or full fisical path supplied via the 'file' variable(s).

[CLOSE] OSVDB ID : 44334 - Disclosed: 2008-02-04

Description:

bcoos contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'order_by' & 'direction' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 44335 - Disclosed: 2008-02-04

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in index.php in DevTracker module 3.0 for bcoos 1.1.11 and earlier, and DevTracker module 0.20 for E-XooPS 1.0.8 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) direction and (2) order_by parameters.

[CLOSE] OSVDB ID : 40190 - Disclosed: 2007-12-28

Description:

PHCDownload contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'string' variables upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 43681 - Disclosed: 2007-12-09

Description:

e-Xoops contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'modules/mylinks/ratelink.php' script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 43679 - Disclosed: 2007-12-09

Description:

e-Xoops contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'modules/adresses/ratefile.php' script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 43680 - Disclosed: 2007-12-09

Description:

e-Xoops contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'modules/mydownloads/ratefile.php' script not properly sanitizing user-supplied input to the 'lid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.