[CLOSE] OSVDB ID : 33868 - Disclosed: 2007-02-28

Description:

HyperBook Guestbook contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting data/gbconfiguration.dat directly, which will disclose the administrator's MD5 password hash to a remote attacker.

[CLOSE] OSVDB ID : 81355 - Disclosed: 2012-04-19

Description:

DokuWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'target' parameter upon submission to the doku.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 89337 - Disclosed: 2013-01-17

Description:

IP.Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'img' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 79640 - Disclosed: 2012-02-20

Description:

OxWall contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'tag' parameter upon submission to the '/blogs/browse-by-tag' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 32774 - Disclosed: 2007-03-03

Description:

PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not escape the content of user supplied arrays in GET, POST or COOKIE variables upon submission to phpinfo(). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20954 - Disclosed: 2005-11-18

Description:

VP-ASP Shopping Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "UserName" variable upon submission to the shopadmin.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 31612 - Disclosed: 2007-01-17

Description:

(Description Provided by CVE) : SQL injection vulnerability in email.php in MGB OpenSource Guestbook 0.5.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 32781 - Disclosed: 2007-03-08

Description:

PHP contains a flaw that may allow a malicious user to access arbitrary memory addresses. The issue is due to the shared memory (shmop) function failing to verify if the type of resource supplied is a shmop resource. By using other types of resources it is possible to read and write to shared memory addresses resulting in a loss of integrity and/or availability.

[CLOSE] OSVDB ID : 21221 - Disclosed: 2005-11-29

Description:

Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the remote image url upon submission to the "Add Image From Web" feature. This could allow a user to create a specially crafted page that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 27920 - Disclosed: 2006-01-18

Description:

XMB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate data posted in the forum. Especially the <IMG SRC> tag. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 65465 - Disclosed: 2010-06-06

Description:

WMS-CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'printpage.asp' script not properly sanitizing user-supplied input to the 'psPrice', 'pr' and 'sbr' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 72005 - Disclosed: 2011-01-08

Description:

Joostina contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the com_search component does not validate the 'ordering' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 3606 - Disclosed: 2003-09-09

Description:

b2evolution contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "s" variable upon submission to the noskin_b.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 3601 - Disclosed: 2003-09-09

Description:

b2evolution contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "s" variable in the noskin_a.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 3604 - Disclosed: 2003-09-09

Description:

b2evolution contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "s" variable upon submission to the noskin_all.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 2526 - Disclosed: 2003-09-09

Description:

b2evolution contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "s" variable upon submission to the noskin_a.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 3607 - Disclosed: 2003-09-09

Description:

b2evolution contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "s" variable in the noskin_roll.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 67580 - Disclosed: 2010-08-27

Description:

PHP Gästebuch Script contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'guestbook/gbook.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'script_pfad' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.

[CLOSE] OSVDB ID : 37432 - Disclosed: 2007-04-09

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in games.php in Sam Crew MyBlog, possibly 1.0 through 1.6, allows remote attackers to execute arbitrary PHP code via a URL in the id parameter, a different vector than CVE-2007-1968. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 69546 - Disclosed: 2010-11-30

Description:

Pandora FMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the ajax.php script not properly sanitizing user input supplied to the 'page' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 33370 - Disclosed: 2007-01-02

Description:

(Description Provided by CVE) : Multiple directory traversal vulnerabilities in openmedia allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) src parameter to page.php or the (2) format parameter to search_form.php.

[CLOSE] OSVDB ID : 36568 - Disclosed: 2007-04-25

Description:

Ahhp-Portal contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the page.php script not properly sanitizing user input supplied to the 'fp' or the 'sc' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 24987 - Disclosed: 2006-04-26

Description:

Instant Photo Gallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the portfolio_photo_popup.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 70954 - Disclosed: 2011-02-15

Description:

Photopad contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'id' parameter upon submission to the gallery.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 65994 - Disclosed: 2010-07-04

Description:

phpaaCMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'show.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 28364 - Disclosed: 2006-08-28

Description:

Cybozu Garoon contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the phonemessage Facility not properly sanitizing user-supplied input to the 'uid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 17563 - Disclosed: 2005-06-20

Description:

paFAQ contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'id' variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 24986 - Disclosed: 2006-04-25

Description:

Instant Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the portfolio_photo_popup.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25275 - Disclosed: 2006-05-02

Description:

Fast Click SQL Lite contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to show.php not properly sanitizing user input supplied to the 'path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 21696 - Disclosed: 2005-12-13

Description:

EncapsGallery contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'gallery.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 94023 - Disclosed: 2013-06-07

Description:

ownCloud contains multiple flaws that allow persistent cross-site scripting (XSS) attacks. These flaw exists because the application does not validate certain unspecified input upon submission to the core/js/oc-dialogs.js script. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 94127 - Disclosed: 2013-06-11

Description:

Microsoft Office contains an overflow condition that is triggered as user-supplied input is not properly validated when handling a specially crafted PNG file. This PNG file may be embedded in another office file, such as a .doc, .ppt, etc. This may allow a context-dependent attacker to cause a buffer overflow, resulting in a denial of service or potentially allowing the execution of arbitrary code.

[CLOSE] OSVDB ID : 94128 - Disclosed: 2013-06-11

Description:

Adobe Flash Player and AIR contain an unspecified flaw that is triggered as user-supplied input is not properly sanitized. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 4030 - Disclosed: 2004-04-20

Description:

The TCP stack implementation of numerous vendors contains a flaw that may allow a remote denial of service. The issue is triggered when spoofed TCP Reset packets are received by the targeted TCP stack, and will result in loss of availability for the attacked TCP services.

[CLOSE] OSVDB ID : 12184 - Disclosed: 2004-11-28

Description:

PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes certain HTTP requests with crafted arguments, which will disclose PHP version and another sensitive information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 90582 - Disclosed: 2013-02-21

Description:

Nagios Remote Plugin Executor (NRPE) contains a flaw that is triggered when input passed via $() is not properly sanitized before being used in plugins/scripts. When used under bash this will cause the injected shell command to be executed under a subprocess.

[CLOSE] OSVDB ID : 94105 - Disclosed: 2013-06-11

Description:

Microsoft Internet Explorer contains an unspecified flaw that is triggered as user-supplied input is not properly sanitized. This may allow a context-dependent attacker to corrupt memory and cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 23597 - Disclosed: 2006-03-02

Description:

Gallery contains a flaw that allows a remote attacker to delete files outside of the web path. The issue is due to the GallerySession.class not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the sessionId variable(s).

[CLOSE] OSVDB ID : 94193 - Disclosed: 2013-06-12

Description:

Juniper Junos Pulse Secure Access Service and Pulse Access Control Service contains a flaw related to certificate validation. The issue is due to the program placing a test Certification Authority (CA) in the Trusted Server CA list. This may allow an attacker with access to network traffic (e.g. MiTM, DNS cache poisoning) to spoof the SSL server via this certificate. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.

[CLOSE] OSVDB ID : 70 - Disclosed: 1990-01-01

Description:

(Description Provided by CVE) : A service or application has a backdoor password that was placed there by the developer.