[CLOSE] OSVDB ID : 18965 - Disclosed: 2005-07-12

Description:

A local overflow exists in Linux ifenslave. The utility fails to validate the length of command line options resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code with root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18441 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dc_Categoriesview.asp script not properly sanitizing user-supplied input to the 'key' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18442 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dc_productslist_Clearance.asp script not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18443 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the ratings.asp script not properly sanitizing user-supplied input to the 'PID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18444 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dc_Productsview.asp script not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18445 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the dc_forum_Postslist.asp script not properly sanitizing user-supplied input to the 'start', 'key_mp', 'searchtype', or 'psearch' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18446 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow a remote attacker to manipulate prices without authorization. The issue is due to the dc_Categoriesview.asp script not properly sanitizing user input. By modifying the 'x_DragonflyCartProductPrice' hidden field before submission, it is possible for an attacker to manipulate prices in the system before purchasing an item.

[CLOSE] OSVDB ID : 18447 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow a remote attacker to manipulate prices without authorization. The issue is due to the dc_productslist.asp script not properly sanitizing user input. By modifying the 'x_DragonflyCartProductPrice' hidden field before submission, it is possible for an attacker to manipulate prices in the system before purchasing an item.

[CLOSE] OSVDB ID : 18448 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow a remote attacker to manipulate prices without authorization. The issue is due to the dc_productslist_Clearance.asp script not properly sanitizing user input. By modifying the 'x_DragonflyCartProductPrice' hidden field before submission, it is possible for an attacker to manipulate prices in the system before purchasing an item.

[CLOSE] OSVDB ID : 18449 - Disclosed: 2005-07-12

Description:

Dragonfly Commerce contains a flaw that may allow a remote attacker to manipulate prices without authorization. The issue is due to the dc_Categorieslist.asp script not properly sanitizing user input. By modifying the 'x_DragonflyCartProductPrice' hidden field before submission, it is possible for an attacker to manipulate prices in the system before purchasing an item.

[CLOSE] OSVDB ID : 17972 - Disclosed: 2005-07-07

Description:

Comersus Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'comersus_optAffiliateRegistrationExec.asp' script not properly sanitizing user-supplied input to the 'email' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17973 - Disclosed: 2005-07-07

Description:

Comersus Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'comersus_optReviewReadExec.asp' script not properly sanitizing user-supplied input to the 'idProduct' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17974 - Disclosed: 2005-07-07

Description:

Comersus Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'name' variables upon submission to the 'comersus_backoffice_listAssignedPricesToCustomer.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17975 - Disclosed: 2005-07-07

Description:

Comersus Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'comersus_backoffice_message.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17976 - Disclosed: 2005-07-07

Description:

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'tellAFriend.asp' script not properly sanitizing user-supplied input to the 'idProduct' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17977 - Disclosed: 2005-07-07

Description:

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'viewSupportTickets.asp' script not properly sanitizing user-supplied input to the 'sortType' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17978 - Disclosed: 2005-07-07

Description:

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'updateCreditCards.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17979 - Disclosed: 2005-07-07

Description:

CartWIZ contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'deleteCreditCards.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17980 - Disclosed: 2005-07-07

Description:

CartWIZ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'message' variable upon submission to the 'login.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 17788 - Disclosed: 2005-07-07

Description:

phpWebSite contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'Search' module. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17789 - Disclosed: 2005-07-07

Description:

phpWebSite contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'Search' module 'mod' variable.

[CLOSE] OSVDB ID : 16731 - Disclosed: 2005-05-13

Description:

PhotoPost contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'uid' variable in the 'member.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16179 - Disclosed: 2005-05-03

Description:

ArticleLive contains a flaw that may allow a remote attacker to gain administrative privileges. The issue can be exploited in one of two ways. First, by providing a malformed request to the /admin/ routines, an attacker may bypass the authentication check. Second, by editing the cookie sent to the remote site, it is possible to authenticate as the administrative user.

[CLOSE] OSVDB ID : 16180 - Disclosed: 2005-05-03

Description:

ArticleLive contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when a remote attacker provides a malformed query string to the search routine, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 16181 - Disclosed: 2005-05-03

Description:

ArticleLive contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Query' variable upon submission to the search routine. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16182 - Disclosed: 2005-05-03

Description:

ArticleLive contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Username', 'FirstName', 'LastName', 'Email' or 'Biography' variables upon submission to the registration routine. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16183 - Disclosed: 2005-05-03

Description:

ArticleLive contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'BlogId' variable upon submission to the newcomment routine. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16280 - Disclosed: 2005-05-03

Description:

FishCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'nlst' variable upon submission to the display.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16281 - Disclosed: 2005-05-03

Description:

FishCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'trackingnum', 'reqagree', or 'm' variables upon submission to the upstracking.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16282 - Disclosed: 2005-05-03

Description:

FishCart has been reported to contain a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is supposedly due to the 'psku' variable in the display.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. However, the vendor disputes this claim saying that it is nothing more than a forced SQL error, not a method for injection.

[CLOSE] OSVDB ID : 16283 - Disclosed: 2005-05-03

Description:

FishCart has been reported to contain a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is supposedly due to the 'cartid' variable in the upstnt.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. However, the vendor disputes this claim saying that it is nothing more than a forced SQL error, not a method for injection.

[CLOSE] OSVDB ID : 15964 - Disclosed: 2005-04-29

Description:

enVivo!CMS contains a flaw that may allow a remote attacker to gain administrative privileges. The issue is due to the admin_login.asp script not properly validating cookie data sent from the user. By modifying the cookie username and password values to "a' or 'a' = 'a", the application will authenticate the user as the legitimate administrator.

[CLOSE] OSVDB ID : 15965 - Disclosed: 2005-04-29

Description:

enVivo!CMS contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Username field in the admin_login.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15966 - Disclosed: 2005-04-29

Description:

enVivo!CMS contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'searchstring' or 'ID' variable in the default.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16353 - Disclosed: 2005-04-28

Description:

phpCOIN contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'phpcoinsessid' variable in the 'login.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16354 - Disclosed: 2005-04-28

Description:

phpCOIN contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'topic_id' and 'dcat_id' variable in the Pages module not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15868 - Disclosed: 2005-04-26

Description:

MetaBid contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'Username' and 'Password' fields in the 'login.asp' script are not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15869 - Disclosed: 2005-04-26

Description:

MetaBid contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'intAuctionID' variable in the 'item.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15870 - Disclosed: 2005-04-26

Description:

MetaCart (multiple products) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'intProdID' variable in the product.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15871 - Disclosed: 2005-04-26

Description:

MetaCart (multiple products) contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to multiple variables in the productsByCategory.asp script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.