| OSVDB ID | Disclosure Date | Title |
|---|
|
16162
Description:
(Description Provided by CVE) : Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a .. (dot dot) in the print parameter.
|
2005-05-08
|
Easy Message Board easymsgb.pl Traversal Arbitrary File Access
|
|
16163
Description:
(Description Provided by CVE) : easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter.
|
2005-05-08
|
Easy Message Board easymsgb.pl print Parameter Arbitrary Command Execution
|
|
16168
Description:
(Description Provided by CVE) : DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request.
|
2005-05-08
|
DataTrac Application Server Text String Overflow DoS
|
|
16165
Description:
(Description Provided by CVE) : Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
|
2005-05-08
|
Orenosv FTP Server Multiple Commands Input Overflow
|
|
16166
Description:
(Description Provided by CVE) : Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD, RMD, or DELE, which are processed by the (1) ftp_xlate_path, (2) ftp_is_canonical, or (3) os_fn_nativize functions, or (4) a long SSI command that is processed by the parse_cmd function in cgissi.exe.
|
2005-05-08
|
Orenosv HTTP Server cgissi.exe SSI Command Overflow
|
|
17966
Description:
(Description Provided by CVE) : The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla before 1.7.9 allows remote attackers to execute a callback function in the context of another domain by forcing a page navigation after the install method has been called, which causes the callback to be run in the context of the new page and results in a same origin violation.
|
2005-05-08
|
Mozilla Browsers InstallTrigger.install() Callback Same-origin Violation
|
|
28296
Description:
(Description Provided by CVE) : MySQL before 4.1.13 allows local users to cause a denial of service (persistent replication slave crash) via a query with multiupdate and subselects.
|
2005-05-08
|
MySQL Crafted multiupdate / subselects Query Local DoS
|
|
16572
Description:
Advanced Guestbook contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'entry' variable in the 'index.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
|
2005-05-08
|
Advanced Guestbook index.php entry Parameter SQL Injection
|
|
74790
Description:
Unknown / Incomplete
|
2005-05-08
|
Newscoop Admin Interface Template Manipulation Arbitrary File Access
|
|
16186
Description:
(Description Provided by CVE) : The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
|
2005-05-07
|
Mozilla Firefox IFRAME JavaScript URL XSS
|
|
79346
Description:
(Description Provided by CVE) : The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.
|
2005-05-07
|
Netscape IFRAME JavaScript URL XSS
|
|
16228
Description:
PwsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'month' or 'annee' variables upon submission to the News module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
PwsPHP News Module Multiple Parameter XSS
|
|
16229
Description:
PwsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'nbractif' or 'annee' variables upon submission to the Stats module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
PwsPHP Stats Module Multiple Parameter XSS
|
|
16230
Description:
PwsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'chaine_search' or 'auteur_search' variables upon submission to the Recherche module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
PwsPHP Recherche Module Multiple Parameter XSS
|
|
16231
Description:
PwsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the profil.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
PwsPHP profil.php id Parameter XSS
|
|
16232
Description:
PwsPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mb_lettre' or 'lettre' variables upon submission to the memberlist.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
PwsPHP memberlist.php Multiple Parameter XSS
|
|
16233
Description:
PwsPHP contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the profil.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.
|
2005-05-07
|
PwsPHP profil.php id Parameter SQL Injection
|
|
16234
Description:
PwsPHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests the /admin/ directory, which will disclose the full installation path resulting in a loss of confidentiality.
|
2005-05-07
|
PwsPHP Admin Module Path Disclosure
|
|
16235
Description:
(Description Provided by CVE) : PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie.
|
2005-05-07
|
PwsPHP Cookie Injection User Spoofing
|
|
16236
Description:
(Description Provided by CVE) : The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.
|
2005-05-07
|
PwsPHP Admin Panel File Upload Restriction Bypass
|
|
16458
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote HTML injection. This flaw exists because the application does not validate 'query' variables upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS search.php query Variable HTML Injection
|
|
16459
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote HTML injection. This flaw exists because the application does not validate 'order' variables upon submission to the 'pollBooth.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS pollBooth.php order Variable HTML Injection
|
|
16460
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'sdv' variables upon submission to the 'sdv.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS sdv.php sdv Parameter XSS
|
|
16461
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'sortby' variables upon submission to the 'memberslist.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS memberslist.php sortby Parameter XSS
|
|
16462
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uname' variables upon submission to the 'user.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS user.php uname Parameter XSS
|
|
16463
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'to_userid' variables upon submission to the 'powerpack.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS powerpack.php to_userid Parameter XSS
|
|
16464
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'categories' variables upon submission to the 'faq.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS faq.php categories Parameter XSS
|
|
16465
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'Mot-clé' field upon submission to the 'searchbb.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS searchbb.php Mot-clé Field XSS
|
|
16466
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the search box in the Annuaires page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS Annuaires Page Search Box XSS
|
|
16467
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'member' field in the Comments section page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS Comments Section member Field XSS
|
|
16468
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in multiple fields in the Member section page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS Member Section Multiple Field XSS
|
|
16469
Description:
Net Portal Dynamic System (NPDS) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'ID Article' field in the Administrator section page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-05-07
|
NPDS Administration Section ID Article Field XSS
|
|
16470
Description:
Net Portal Dynamic System (NPDS) contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'thold' variable in the 'pollBooth.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
|
2005-05-07
|
NPDS pollBooth.php thold Parameter SQL Injection
|
|
16471
Description:
Net Portal Dynamic System (NPDS) contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate 'thold' variables upon submission to the 'pollBooth.php' script, which will disclose the installation path resulting in a loss of confidentiality.
|
2005-05-07
|
NPDS pollBooth.php thold Variable Path Disclosure
|
|
82580
Description:
Eterm is prone to an overflow condition. This issue is triggered by an error in non-MMX 16bpp shading code that will result in an overflow. This may allow an attacker to potentially cause a denial of service or execute arbitrary code.
|
2005-05-07
|
Eterm non-MMX 16bpp Shading Code Unspecified Overflow
|
|
91769
Description:
Newscoop contains a flaw that allows the injection of PHP tags in to fields that are displayed on the frontend. This may allow a remote attacker to execute arbitrary PHP code.
|
2005-05-07
|
Newscoop Frontend PHP Tag Injection Remote Code Execution
|
|
16184
Description:
Unknown / Incomplete
|
2005-05-06
|
libexif EXIF Tag exif_data_load_data_content Function Parsing DoS
|
|
16154
Description:
A remote overflow exists in 4D WebSTAR. The Tomcat plugin fails to validate URLs resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution or denial of service resulting in a loss of integrity, and/or availability.
|
2005-05-06
|
4D WebSTAR Tomcat Plugin URL Remote Overflow
|
|
16164
Description:
A remote overflow exists in the RSA SecurID Web Agent. The Web Agent fails to large "chunks" of data sent via the chunked-encoding mechanism resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-05-06
|
RSA SecurID Web Agent Remote Overflow
|
|
16160
Description:
(Description Provided by CVE) : PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to upload arbitrary files via filenames containing multiple file extensions, as demonstrated using a filename ending in "php.ns", which allows execution of arbitrary PHP code.
|
2005-05-06
|
PHP Advanced Transfer Manager (phpATM) File Upload Arbitrary Command Execution
|
