| OSVDB ID | Disclosure Date | Title |
|---|
|
14781
Description:
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'maintenance-autotargeting.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-03-14
|
phpPgAds / phpAdsNew maintenance-autotargeting.php Path Disclosure
|
|
14782
Description:
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'maintenance-reports.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-03-14
|
phpPgAds / phpAdsNew maintenance-reports.php Path Disclosure
|
|
14783
Description:
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'phpads.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-03-14
|
phpPgAds / phpAdsNew phpads.php Path Disclosure
|
|
14784
Description:
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'remotehtmlview.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-03-14
|
phpPgAds / phpAdsNew remotehtmlview.php Path Disclosure
|
|
14785
Description:
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'click.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-03-14
|
phpPgAds / phpAdsNew click.php Path Disclosure
|
|
14786
Description:
phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'adcontent.php' script, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-03-14
|
phpPgAds / phpAdsNew adcontent.php Path Disclosure
|
|
14787
Description:
phpPgAds and phpAdsNew contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the refresh variable upon submission to the 'adframe.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
phpPgAds / phpAdsNew adframe.php refresh Parameter XSS
|
|
14775
Description:
Unknown / Incomplete
|
2005-03-14
|
paBox pabox.php posticon Parameter XSS
|
|
14769
Description:
Unknown / Incomplete
|
2005-03-14
|
VoteBox votebox.php Remote File Inclusion
|
|
14774
Description:
(Description Provided by CVE) : Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument.
|
2005-03-14
|
LuxMan luxman -f Parameter Local Overflow
|
|
14747
Description:
Unknown / Incomplete
|
2005-03-14
|
Spinworks Web Server Malformed sid Parameter DoS
|
|
14767
Description:
(Description Provided by CVE) : MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.
|
2005-03-14
|
MaxDB/SAP DB Web Agent Multiple Function Remote DoS
|
|
14770
Description:
(Description Provided by CVE) : Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.
|
2005-03-14
|
Apache Tomcat AJP12 Protocol Malformed Packet Remote DoS
|
|
14771
Description:
Unknown / Incomplete
|
2005-03-14
|
Hitachi Cosminexus Server Component Container J2EE Server Remote DoS
|
|
14835
Description:
Unknown / Incomplete
|
2005-03-14
|
PHPBackPage Gallery Function Arbitrary File Access
|
|
14828
Description:
(Description Provided by CVE) : Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords.
|
2005-03-14
|
WINE Temporary File Registry Disclosure
|
|
19713
Description:
Unknown / Incomplete
|
2005-03-14
|
Barracuda Spam Firewall smtp_test.cgi host Parameter Arbitrary Command Execution
|
|
19714
Description:
Unknown / Incomplete
|
2005-03-14
|
Barracuda Spam Firewall web-ui Multiple CGI Unauthenticated Access
|
|
15243
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'show', 'catid' or 'contentid' variables upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS index.php Multiple Parameter XSS
|
|
15244
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'memberid' variable upon submission to the member.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS member.php memberid Parameter XSS
|
|
15245
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'picid' or 'nr' variables upon submission to the show_photo.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS show_photo.php picid Parameter XSS
|
|
15246
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catid' or 'split' variables upon submission to the show_pics.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS show_pics.php Multiple Parameter XSS
|
|
15247
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'poll' variable upon submission to the upload_picture.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS upload_picture.php poll Parameter XSS
|
|
15248
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'outbox', 'inbox', 'pmform', 'ppp' or 'totalPms' variables upon submission to the notes.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS notes.php Multiple Parameter XSS
|
|
15249
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'threadid' variable upon submission to the showthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS showthread.php threadid Parameter XSS
|
|
15250
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'catid' variable upon submission to the threadlist.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS threadlist.php catid Parameter XSS
|
|
15251
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'threadid' variable upon submission to the newreply.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS newreply.php threadid Parameter XSS
|
|
15252
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'threadid' or 'catid' variables upon submission to the newthread.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS newthread.php Multiple Parameter XSS
|
|
15253
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'myforums', 'ppp', 'c', 'favs' or 'typ' variables upon submission to the manager.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS manager.php Multiple Parameter XSS
|
|
15254
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'threadid' or 'catid' variables upon submission to the newpoll.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS newpoll.php Multiple Parameter XSS
|
|
15255
Description:
Spymac WebOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tos' variable upon submission to the network.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-14
|
Spymac WebOS network.php tos Parameter XSS
|
|
57317
Description:
Unknown / Incomplete
|
2005-03-13
|
MoinMoin Custom SecurityPolicy Class Admin Policy Enforcement Weakness
|
|
14773
Description:
SimpGB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'guestbook.php' script not properly sanitizing user-supplied input to the 'quote' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2005-03-13
|
SimpGB guestbook.php quote Parameter SQL Injection
|
|
14768
Description:
(Description Provided by CVE) : Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.
|
2005-03-13
|
rxvt-unicode Terminal Input Escape Sequence Overflow
|
|
14885
Description:
(Description Provided by CVE) : Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
|
2005-03-13
|
Mozilla Firefox Embedded Table Link Status Bar Content Spoofing
|
|
14827
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action.
|
2005-03-13
|
YaBB2 YaBB.pl usersrecentposts Action username Parameter XSS
|
|
17427
Description:
Unknown / Incomplete
|
2005-03-13
|
FusionBB Quoting Mechanism Unspecified Security Issue
|
|
17428
Description:
Unknown / Incomplete
|
2005-03-13
|
FusionBB Javascript Unspecified Security Issue
|
|
17429
Description:
Unknown / Incomplete
|
2005-03-13
|
FusionBB Private Topics Unspecified Security Issue
|
|
16818
Description:
paFileDB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by providing invalid input to the 'tuser' variable of the 'auth.php' script, which will reveal the installation path resulting in a loss of confidentiality.
|
2005-03-12
|
paFileDB auth.php Path Disclosure
|
