[CLOSE] OSVDB ID : 2138 - Disclosed: 2003-06-11

Description:

The ArGoSoft Mail Server's HTTP daemon is vulnerable to a denial of service attack if multiple GET requests are sent in rapid succession. This could allow a remote attacker to disable the ArGoSoft Mail Server's HTTP service.

[CLOSE] OSVDB ID : 4965 - Disclosed: 2004-04-02

Description:

FTGatePro Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specially crafted URL request to the 'message.fts' page, which will disclose the installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 19649 - Disclosed: 2005-09-22

Description:

(Description Provided by CVE) : Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks.

[CLOSE] OSVDB ID : 9938 - Disclosed: 2004-09-09

Description:

getIntranet contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'id' variable in the content_display.asp script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 38705 - Disclosed: 2007-11-09

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in the AOL AmpX ActiveX control in AmpX.dll 2.6.1.11 in AOL Radio allow remote attackers to execute arbitrary code via long arguments to unspecified methods.

[CLOSE] OSVDB ID : 19193 - Disclosed: 2004-10-01

Description:

WowBB Web Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'q' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 31064 - Disclosed: 2006-05-23

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3 allow remote attackers to execute arbitrary SQL commands via the (1) CalendarDetailsID parameter in (a) month.php, (b) day.php, and (c) delCalendar.php; (2) ID parameter in (d) event.php; (3) AdminUserID parameter in (e) delAdmin.php; (4) EventLocationID parameter in (f) delAddress.php; and (5) LocationID parameter in (g) delCategory.php.

[CLOSE] OSVDB ID : 3658 - Disclosed: 2004-01-20

Description:

DUfaq contains a flaw that allows a remote attacker to gain administrative privileges. The issue is due to improper authentication verification when accessing different include files. While the program will require authentication for inc_edit.asp include file, it fails to authenticate on requests to the inc_menu.asp include file. This allows an attacker to directly request the file with administrative priveleges.

[CLOSE] OSVDB ID : 11397 - Disclosed: 2004-10-25

Description:

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from MRF image headers in readmrf.c. Using a specially crafted MRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 11399 - Disclosed: 2004-10-25

Description:

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from PRF image headers in readprf.c. Using a specially crafted PRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 19152 - Disclosed: 2005-09-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.

[CLOSE] OSVDB ID : 23428 - Disclosed: 2006-02-14

Description:

(Description Provided by CVE) : Multiple unspecified injection vulnerabilities in unspecified Auth Container back ends for PEAR::Auth before 1.2.4, and 1.3.x before 1.3.0r4, allow remote attackers to "falsify authentication credentials," related to the "underlying storage containers."

[CLOSE] OSVDB ID : 26366 - Disclosed: 2006-06-09

Description:

ePhotos contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the photos.asp script not properly sanitizing user-supplied input to the 'AL_ID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 33508 - Disclosed: 2007-03-07

Description:

(Description Provided by CVE) : Unspecified vulnerability in OpenSolution Quick.Cart before 2.1 has unknown impact and attack vectors, related to a "low critical exploit."

[CLOSE] OSVDB ID : 4964 - Disclosed: 2004-04-02

Description:

FTGate Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input in the 'Display name' field of the 'individual.fts' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25596 - Disclosed: 2006-05-08

Description:

A local overflow exists in Mac OS X. Preview fails to validate deep directory hierarchies resulting in a stack buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28322 - Disclosed: 2006-08-28

Description:

ezContents contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the calendar.php script not properly sanitizing user input supplied to the 'GLOBALS[language_home]' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 28359 - Disclosed: 2006-08-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28360 - Disclosed: 2006-08-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12431 - Disclosed: 2004-12-16

Description:

A remote overflow exists in abcm2ps. Abcm2ps fails to properly validate data in the put_words() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 27083 - Disclosed: 2006-07-06

Description:

(Description Provided by CVE) : Trac before 0.9.6 does not disable the "raw" or "include" commands when providing untrusted users with restructured text (reStructuredText) functionality from docutils, which allows remote attackers to read arbitrary files, perform cross-site scripting (XSS) attacks, or cause a denial of service via unspecified vectors. NOTE: this might be related to CVE-2006-3458.

[CLOSE] OSVDB ID : 1416 - Disclosed: 2000-06-01

Description:

(Description Provided by CVE) : Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.

[CLOSE] OSVDB ID : 12005 - Disclosed: 2004-11-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 29660 - Disclosed: 2006-10-09

Description:

Webyep contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to WYLongTextElement.php not properly sanitizing user input supplied to the webyep_sIncludePath variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 3406 - Disclosed: 2003-12-22

Description:

BES-CMS contains a flaw that allows a malicious user to force a script to include arbitrary PHP code. This flaw exists because the application does not validate "$inc_path" and "$PATH_Includes" variables upon submission to the Members/index.inc.php script. This allows a user to create a specially crafted URL specifying a malicious file from a remote system, allowing the attacker to execute code on the vulnerable system, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4278 - Disclosed: 2003-06-16

Description:

phpBB contains a flaw that allows a remote attacker to include an arbitrary file which can be used to execute commands on the vulnerable host. The issue is due to the admin_styles.php script not validating the path to the theme_info.cfg file. If an attacker specifices an arbitrary file, admin_styles.php will process it along with any arbitrary commands or configuration settings contained in it.

[CLOSE] OSVDB ID : 33275 - Disclosed: 2007-02-10

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in an admin feature in WebAPP before 20070209 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 14566 - Disclosed: 2005-03-06

Description:

HashCash contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a format string in the way HashCash handles the "From:" Email header occurs. It is possible that the flaw may allow remote system access resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 14784 - Disclosed: 2005-03-14

Description:

phpPgAds and phpAdsNew contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker sends a specially-crafted URL directly to the 'remotehtmlview.php' script, which will disclose the full installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 29401 - Disclosed: 2006-10-01

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in BasiliX 1.1.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) BSX_LIBDIR parameter in scripts in /files/ including (a) abook.php3, (b) compose-attach.php3, (c) compose-menu.php3, (d) compose-new.php3, (e) compose-send.php3, (f) folder-create.php3, (g) folder-delete.php3, (h) folder-empty.php3, (i) folder-rename.php3, (j) folders.php3, (k) mbox-action.php3, (l) mbox-list.php3, (m) message-delete.php3, (n) message-forward.php3, (o) message-header.php3, (p) message-print.php3, (q) message-read.php3, (r) message-reply.php3, (s) message-replyall.php3, (t) message-search.php3, or (u) settings.php3; and the (2) BSX_HTXDIR parameter in (v) files/login.php3.

[CLOSE] OSVDB ID : 8642 - Disclosed: 2002-05-21

Description:

CVSTrac contains a flaw related to the CVSROOT/passwd which will be overwritten by the program that may allow an attacker to delete arbitrary user accounts. No further details have been provided.

[CLOSE] OSVDB ID : 24518 - Disclosed: 2006-04-11

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in _vti_bin/_vti_adm/fpadmdll.dll in Microsoft FrontPage Server Extensions 2002 and SharePoint Team Services allows remote attackers to inject arbitrary web script or HTML, then leverage the attack to execute arbitrary programs or create new accounts, via the (1) operation, (2) command, and (3) name parameters.

[CLOSE] OSVDB ID : 39207 - Disclosed: 2007-08-07

Description:

VietPHP contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to '_functions.php' not properly sanitizing user input supplied to the 'dirpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 9561 - Disclosed: 2004-09-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 24452 - Disclosed: 2004-05-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35574 - Disclosed: 2007-05-10

Description:

A heap corruption overflow exists in Quicktime. It fails to validate Sample Table Sample Descriptor (STSD) atoms resulting in heap corruption. With a specially crafted file, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 17194 - Disclosed: 2005-06-01

Description:

Liberum Help Desk contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the 'view.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 39505 - Disclosed: 2007-12-05

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in ezContents 1.4.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the link parameter.

[CLOSE] OSVDB ID : 32203 - Disclosed: 2006-09-13

Description:

SignKorn Guestbook contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the help.php script not properly sanitizing user input supplied to the 'dir_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 39211 - Disclosed: 2007-07-29

Description:

EQdkp contains a multiple flaws. No further details have been provided.