[CLOSE] OSVDB ID : 18528 - Disclosed: 2005-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18714 - Disclosed: 2005-07-30

Description:

(Description Provided by CVE) : login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid.

[CLOSE] OSVDB ID : 18715 - Disclosed: 2005-07-30

Description:

PCXP/TOPPE CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate $msg variables upon submission to the 'pm.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18395 - Disclosed: 2005-07-30

Description:

Kayako LiveResponse contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'username' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality

[CLOSE] OSVDB ID : 18396 - Disclosed: 2005-07-30

Description:

Kayako LiveResponse contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'year' or 'date' variables in the calendar feature. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 18397 - Disclosed: 2005-07-30

Description:

Kayako LiveResponse contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue exists because the application does not sanitize the user's input when entering a session or sending a message to the support staff. A malicious user may input arbitrary code which will be executed in the context of the support staff browser. This flaw may lead to a loss of confidentiality, integrity and availability.

[CLOSE] OSVDB ID : 18398 - Disclosed: 2005-07-30

Description:

Kayako LiveResponse contains a flaw that may lead to an unauthorized password exposure. The passwords are sent in plain text in the URL when logging into the application, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 18399 - Disclosed: 2005-07-30

Description:

Kayako LiveResponse contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests any number of include scripts such as 'addressbook.php' directly, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 18475 - Disclosed: 2005-07-30

Description:

OpenBook contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'admin.php' script not properly sanitizing user-supplied input to the 'User ID' and 'Password' fields. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 19590 - Disclosed: 2005-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19591 - Disclosed: 2005-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19592 - Disclosed: 2005-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19217 - Disclosed: 2005-07-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18558 - Disclosed: 2005-07-29

Description:

Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the guestbook.mdb file is stored in the server root by default, which will allow direct access to download the database file.

[CLOSE] OSVDB ID : 18390 - Disclosed: 2005-07-29

Description:

Gopher contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to routines in the 'gopher.c' file creating temporary files insecurely in the /tmp folder. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18440 - Disclosed: 2005-07-29

Description:

Trillian contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to Yahoo Mail passwords when the Check Mail function occurs, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 18391 - Disclosed: 2005-07-29

Description:

nProtect Netizen and nProtect Personal contains a flaw that may allow a remote attacker to execute arbitrary code. The problem is that the 'Npos' ActiveX control does not verify the URL of the update site and the origin of the update configuration file. By creating a malicious web site containing a specially crafted update configuration file and tricking a victim to visit that site, it is possible for a remote attacker to download and execute arbitrary files resulting in a loss of integrity.

[CLOSE] OSVDB ID : 18333 - Disclosed: 2005-07-29

Description:

Easy PX 41 CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by requesting certain directories, which will disclose raw directory listings including files resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 18334 - Disclosed: 2005-07-29

Description:

Easy PX 41 CMS contains a flaw that may allow an attacker to inject or manipulate variables in various scripts. This flaw exists because the application does not validate many variables in various scripts. This could allow a user to create a specially crafted URL that would give access to webpage contents without the need to authenticate or to execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity and confidentiality.

[CLOSE] OSVDB ID : 18335 - Disclosed: 2005-07-29

Description:

Easy PX 41 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'membres' variable upon submission to the viewprofile.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18336 - Disclosed: 2005-07-29

Description:

Easy PX 41 CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forum' variable upon submission to the viewtopic.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18522 - Disclosed: 2005-07-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.

[CLOSE] OSVDB ID : 18523 - Disclosed: 2005-07-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.

[CLOSE] OSVDB ID : 18524 - Disclosed: 2005-07-29

Description:

web content management contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a regular user accesses AddModifyInput.php and is granted permission to create a privileged administrator account.

[CLOSE] OSVDB ID : 18472 - Disclosed: 2005-07-29

Description:

HP NonStop Server contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a specially crafted packet to the DCE Core Services occurs, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 18451 - Disclosed: 2005-07-29

Description:

PHPFreeNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ScriptVersion' variable upon submission to the Footer.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18452 - Disclosed: 2005-07-29

Description:

PHPFreeNews contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'NewsDir', 'PopupWidth', or 'PopupHeight' variables upon submission to the ScriptFunctions.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18453 - Disclosed: 2005-07-29

Description:

PHPFreeNews contains a flaw that may allow a remote attacker to trick a user into visiting an arbitrary site under the apparent trust of a legitimate site. The issue is due to the Logout.php script providing a site redirect to an arbitrary web site. This may give an attacker a way to trick a user into clicking what appears to be a legitimate URL of a valid site, but really leads them to an arbitrary site with malicious content.

[CLOSE] OSVDB ID : 18454 - Disclosed: 2005-07-29

Description:

PHPFreeNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker directly requests any number of scripts in the /inc/ directory, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 18455 - Disclosed: 2005-07-29

Description:

PHPFreeNews contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker visits the admin.php script, which will disclose the PHP and MySQL versions resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

[CLOSE] OSVDB ID : 18456 - Disclosed: 2005-07-29

Description:

By default, PHPFreeNews installs with a default password. The 'Admin' account has a password of 'Admin' which is publicly known and documented. This allows attackers to trivially access the program or system.

[CLOSE] OSVDB ID : 18457 - Disclosed: 2005-07-29

Description:

PHPFreeNews contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the Login routine not properly sanitizing user-supplied input to the 'password' field. This may allow an attacker to inject or manipulate SQL queries in the backend database.

[CLOSE] OSVDB ID : 18662 - Disclosed: 2005-07-29

Description:

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserName' variable upon submission to the 'profile.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18663 - Disclosed: 2005-07-29

Description:

VBZooM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'UserID' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18548 - Disclosed: 2005-07-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19084 - Disclosed: 2005-07-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18315 - Disclosed: 2005-07-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18337 - Disclosed: 2005-07-28

Description:

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' or 'type' variables upon submission to printcal.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18338 - Disclosed: 2005-07-28

Description:

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'func' variable upon submission to task.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18339 - Disclosed: 2005-07-28

Description:

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to compose.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.