[CLOSE] OSVDB ID : 22115 - Disclosed: 2005-12-29

Description:

phpDocumentor contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to "docbuilder/file_dialog.php" not properly sanitizing user input supplied to the "root_dir" variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script. However successful exploitation requires that "register_globals" is enabled.

[CLOSE] OSVDB ID : 22040 - Disclosed: 2005-12-24

Description:

DEV web management system contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the openforum.php script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22041 - Disclosed: 2005-12-24

Description:

DEV web management system contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the getfile.php script not properly sanitizing user-supplied input to the 'cat' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22042 - Disclosed: 2005-12-24

Description:

DEV web management system contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the download_now.php script not properly sanitizing user-supplied input to the 'target' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 22043 - Disclosed: 2005-12-24

Description:

DEV web management system contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'language[ENTER_ARTICLE_TITLE]', 'language[SPECIFY_ZONE]', 'language[ENTER_ARTICLE_HEADER]' and 'language[ENTER_ARTICLE_BODY]' variables upon submission to the add.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 22009 - Disclosed: 2005-12-20

Description:

PhpGedView contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the 'help_text_vars.php' not properly sanitizing user-supplied input to the 'PGV_BASE_DIRECTORY' variable. When the register_globals PHP option is set to 'on', a remote attacker can display the contents of local files. In addition, when the magic_quotes_gpc and the allow_url_fopen PHP options are set to 'on', a remote attacker can include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 22010 - Disclosed: 2005-12-20

Description:

PhpGedView contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'login_register.php' script not properly sanitizing user-supplied input to the 'user_language', 'user_email' and 'user_gedcomid' fields before being stored in the 'authenticate.php' script, which may allow a remote attacker to execute arbitrary PHP code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 21753 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the '_SERVER[REMOTE_ADDR]' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21754 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the '_SERVER[REMOTE_ADDR]' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 21755 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'index2.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'option' variable.

[CLOSE] OSVDB ID : 21756 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'index2.php' script not properly sanitizing user input supplied to the '_SERVER[REMOTE_ADDR]' variable, which may allow a remote attacker to execute arbitrary PHP commands resulting in a loss of integrity.

[CLOSE] OSVDB ID : 21757 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'doc.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 21758 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'element.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 21759 - Disclosed: 2005-12-14

Description:

Limbo CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'node.inc.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 21724 - Disclosed: 2005-12-12

Description:

phpCOIN contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'db.php' not properly sanitizing user input supplied to the '_CCFG[_PKG_PATH_DBSE]' variable. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 21725 - Disclosed: 2005-12-12

Description:

phpCOIN contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'mod.php' script not properly sanitizing user-supplied input to the 'phpcoinsessid' cookie. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21726 - Disclosed: 2005-12-12

Description:

phpCOIN contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'config.php' script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 57538 - Disclosed: 2005-12-12

Description:

phpCOIN contains a flaw that allows a remote attacker to read files outside of the web path. The issue is due to the coin_includes/db.php not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the '$_CCFG[_PKG_PATH_DBSE] parameter(s).

[CLOSE] OSVDB ID : 21572 - Disclosed: 2005-12-08

Description:

Website Baker has a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login check script not properly sanitizing user-supplied input to the user field. This may allow an attacker to bypass authentication and upload a malicious php script to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21411 - Disclosed: 2005-12-02

Description:

The Zen Cart Web Shopping Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the password_forgotten.php script not properly sanitizing user-supplied input to the e-mail field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21384 - Disclosed: 2005-11-30

Description:

PHPX contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin login script calling auth.inc.php which does not properly sanitize user-supplied input to the 'username' field. This may allow an attacker to bypass the admin login check and inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21118 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'let' variable upon submission to the titles.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 21119 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the authors.php script not properly sanitizing user-supplied input to the 'let' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21120 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the titles.php script not properly sanitizing user-supplied input to the 'let' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21121 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewstory.php script not properly sanitizing user-supplied input to the 'sid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21122 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewuser.php script not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21123 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login field not properly sanitizing user-supplied input to the 'username' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21124 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue occurs because the image upload functionality does not validate file extensions for user-supplied files. If an authenticated user uploads an executable file, it may be possible to execute arbitrary PHP code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 21125 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the storyblock.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 21126 - Disclosed: 2005-11-25

Description:

eFiction contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user accesses the phpinfo.php script occurs, which will disclose system information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 20951 - Disclosed: 2005-11-18

Description:

Unclassified NewsBoard contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the search function not properly sanitizing user-supplied input to the 'DateFrom' or 'DateUntil' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20852 - Disclosed: 2005-11-12

Description:

WF-Downloads Module contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the viewcat.php script not properly sanitizing user-supplied input to the 'list' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20748 - Disclosed: 2005-11-10

Description:

Moodle contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'get_record()' function in the datalib.php script not properly sanitizing user-supplied input to the 'id' variable in the category.php and info.php scripts. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20749 - Disclosed: 2005-11-10

Description:

Moodle contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the plot.php script not properly sanitizing user-supplied input to the "user" variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20750 - Disclosed: 2005-11-10

Description:

Moodle contains a flaw that may allow a remote attacker to trick a user into visiting an arbitrary site under the apparent trust of a legitimate site. The issue is due to the jumpto.php script providing a site redirect to an arbitrary web site. This may give an attacker a way to trick a user into clicking what appears to be a legitimate URL of a valid site, but really leads them to an arbitrary site with malicious content.

[CLOSE] OSVDB ID : 20851 - Disclosed: 2005-11-08

Description:

ATutor contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the registration.php script not properly sanitizing user-supplied input to the 'email' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20474 - Disclosed: 2005-11-03

Description:

CuteNews contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to showarchives.php not properly sanitizing user input supplied to the 'template' variable. This may allow an attacker to include an arbitrary file. It also allows an attacker to gain administrative privileges by editing files and calling them with arbitrary commands.

[CLOSE] OSVDB ID : 20291 - Disclosed: 2005-10-23

Description:

PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20292 - Disclosed: 2005-10-23

Description:

PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the downloads module (via modules.php) not properly sanitizing user-supplied input to the 'url' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20293 - Disclosed: 2005-10-23

Description:

PHP-Nuke contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the web_links module not properly sanitizing user-supplied input to the 'description' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.