[CLOSE] OSVDB ID : 36279 - Disclosed: 2007-07-18

Description:

BBS E-Market contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'postscript/postscript.php' script not properly sanitizing user input supplied to the 'p_mode' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 37369 - Disclosed: 2007-06-16

Description:

(Description Provided by CVE) : Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors.

[CLOSE] OSVDB ID : 38090 - Disclosed: 2007-07-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38405 - Disclosed: 2007-10-29

Description:

(Description Provided by CVE) : SQL injection vulnerability in articles.php in E-Vendejo 0.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

[CLOSE] OSVDB ID : 38824 - Disclosed: 2007-11-24

Description:

E-Lite POS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'default.asp' script not properly sanitizing user-supplied input to the 'username' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 38825 - Disclosed: 2007-11-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 38827 - Disclosed: 2007-11-26

Description:

JAF CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'show' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 39317 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/message_delete.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39299 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/user_delete.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39300 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/template_modify.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39302 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/template_manager.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39319 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/link_edit.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39320 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/link_premium_sponsored.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39303 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/template_import.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39304 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/template_rename.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39306 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/template_duplicate.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39307 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'admin/template_delete_file.php' not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 2750 - Disclosed: 2003-10-22

Description:

X.25 contains a flaw that may allow a remote denial of service. The issue is triggered when malformed SNMP Requests are mishandled by the snmpx25d daemon, and will result in loss of availability for the X.25 service.

[CLOSE] OSVDB ID : 8449 - Disclosed: 1995-03-03

Description:

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user can use the /usr/lib/desktop/permissions tool to modify the permissions of any file on the system. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11160 - Disclosed: 2004-09-29

Description:

IRIX contains a networking flaw related to its bsd.a kernel that may allow t_unbind to change the behavior of t_bind. No further details have been provided.

[CLOSE] OSVDB ID : 35100 - Disclosed: 2007-03-10

Description:

(Description Provided by CVE) : Grayscale Blog 0.8.0, and possibly earlier versions, allows remote attackers to gain privileges via direct requests with modified arguments in (1) the user_permissions parameter to add_users.php, and unspecified parameters to (2) addblog.php, (3) editblog.php, (4) editlinks.php, (5) edit_users.php, and (6) add_links.php.

[CLOSE] OSVDB ID : 39339 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/head.php not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39340 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/db_backup.php not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39342 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/editor_add.php not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39344 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/db_import.php not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39345 - Disclosed: 2006-06-16

Description:

Indexu contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to admin/db_export.php not properly sanitizing user input supplied to the 'admin_template_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39356 - Disclosed: 2002-06-05

Description:

My Postcards Platinum contains a flaw that allows a remote attacker to read contents outside of the web path. The issue is due to the 'magiccard.cgi' not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via unspecified variables.

[CLOSE] OSVDB ID : 6148 - Disclosed: 2000-03-03

Description:

(Description Provided by CVE) : Trend Micro OfficeScan allows remote attackers to replay administrative commands and modify the configuration of OfficeScan clients.

[CLOSE] OSVDB ID : 26557 - Disclosed: 2006-05-17

Description:

(Description Provided by CVE) : CRLF injection vulnerability in (1) index.php and (2) admin.php in myWebland MyBloggie 2.1.3 allows remote attackers to hijack sessions and conduct cross-site scripting (XSS) attacks via a cookie.

[CLOSE] OSVDB ID : 29362 - Disclosed: 2006-06-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30503 - Disclosed: 2006-11-18

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter.

[CLOSE] OSVDB ID : 33964 - Disclosed: 2007-03-09

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in miniBB 2.0.2 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter to (1) bb_func_forums.php, (2) bb_functions.php, or (3) the RSS plugin.

[CLOSE] OSVDB ID : 38182 - Disclosed: 2007-07-17

Description:

MailMarshal contains a flaw that may allow an attacker to modify arbitrary accounts via the Spam Quarantine interface. The issue is due to the password reset feature in the HTTP interface not properly sanitizing user supplied input. By sending a crafted string in the UserID variable with a large amount of trailing whitespace characters, an attacker can trigger an SQL buffer truncation and modify arbitrary accounts.

[CLOSE] OSVDB ID : 39251 - Disclosed: 2006-05-22

Description:

(Description Provided by CVE) : Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions.

[CLOSE] OSVDB ID : 19239 - Disclosed: 2005-09-07

Description:

Unclassified NewsBoard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Description" variable when posting a message. This could allow a user to inject arbitrary HTML and script code that would execute in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 35497 - Disclosed: 2007-05-01

Description:

(Description Provided by CVE) : ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-2893. Reason: this candidate was intended for one issue, but some sources used this identifier for a separate issue, and a duplicate identifier had also been created by the time dual use was detected. Notes: All CVE users should consult CVE-2007-2893 to determine if it is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage.

[CLOSE] OSVDB ID : 18046 - Disclosed: 2005-07-12

Description:

Oracle E-Business Suite contain an unspecified flaw related to the Oracle Net component that may allow an attacker connected with a valid session to compromise the confidentiality and/or integrity of a server via SQL injection or parameter manipulation. No further details have been provided.

[CLOSE] OSVDB ID : 31940 - Disclosed: 2006-11-19

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/.