[CLOSE] OSVDB ID : 20848 - Disclosed: 2005-11-15

Description:

Pearl Forums contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'forumsId' and 'topicId' variables. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20849 - Disclosed: 2005-11-15

Description:

Pearl Forums contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'mode' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 20523 - Disclosed: 2005-11-04

Description:

Tonio Gallery contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'showGallery.php' script not properly sanitizing user-supplied input to the 'galid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20420 - Disclosed: 2005-10-30

Description:

oaboard contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forum.php' script not properly sanitizing user-supplied input to the 'channel' and 'topic' variables. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20305 - Disclosed: 2005-10-25

Description:

TClanPortal contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20245 - Disclosed: 2005-10-22

Description:

FlatNuke contains a flaw that may allow a remote attacker to include arbitrary files. The issue is due to the 'index.php' script not properly sanitizing user input, specifically traversal style attacks supplied via the 'user' and 'quale' variables, which may allow a remote attacker to disclose the content of arbitrary files resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 20246 - Disclosed: 2005-10-22

Description:

FlatNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' or 'nome' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19404 - Disclosed: 2005-09-15

Description:

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'topic.php' script not properly sanitizing user-supplied input to the 'tid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19405 - Disclosed: 2005-09-15

Description:

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'misc.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19406 - Disclosed: 2005-09-15

Description:

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'forums.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19407 - Disclosed: 2005-09-15

Description:

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'pm.php' script not properly sanitizing user-supplied input to the 'uid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 19408 - Disclosed: 2005-09-15

Description:

DeluxeBB contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'newpost.php' script not properly sanitizing user-supplied input to the 'fid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18685 - Disclosed: 2005-08-04

Description:

PortailPHP contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'read_message.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 18296 - Disclosed: 2005-07-26

Description:

VBZooM contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'show.php' script not properly sanitizing user-supplied input to the 'SubjectID' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17399 - Disclosed: 2005-06-22

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' variable upon submission to the 'cpsrvd.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.