| OSVDB ID | Disclosure Date | Title |
|---|
|
72861
Description:
Unknown / Incomplete
|
2011-06-06
|
1 Click UnZip ZIP File Handling Overflow
|
|
71029
Description:
1 Flash Gallery Plugin for WordPress contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'type' and 'gall_id' parameters upon submission to the wp-content/plugins/1-flash-gallery/folder.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2011-03-08
|
1 Flash Gallery Plugin for WordPress wp-content/plugins/1-flash-gallery/folder.php Multiple Parameter XSS
|
|
71030
Description:
1 Flash Gallery Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-content/plugins/1-flash-gallery/massedit_album.php script not properly sanitizing user-supplied input to the 'gall_id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2011-03-08
|
1 Flash Gallery Plugin for WordPress wp-content/plugins/1-flash-gallery/massedit_album.php gall_id Parameter SQL Injection
|
|
21074
Description:
1-2-3 Music Store contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'process.php' script not properly sanitizing user-supplied input to the 'AlbumID' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-11-23
|
1-2-3 Music Store process.php AlbumID Parameter SQL Injection
|
|
36355
Description:
(Description Provided by CVE) : SQL injection vulnerability in process.php in Easybe 1-2-3 Music Store allows remote attackers to execute arbitrary SQL commands via the CategoryID parameter.
|
2007-07-01
|
1-2-3 Music Store process.php CategoryID Parameter SQL Injection
|
|
89128
Description:
1-Click-Login (oneclicklogin) Extension for TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow an attacker to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2013-01-11
|
1-Click-Login (oneclicklogin) Extension for TYPO3 Unspecified XSS
|
|
21437
Description:
1-Search contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'q' parameter upon submission to the '1search.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-12-05
|
1-Search 1search.cgi q Parameter XSS
|
|
48361
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/lang/fr/reports/default.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'lang' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /admin/lang/fr/reports/default.php lang Parameter Traversal Local File Inclusion
|
|
48365
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/ops/admins/default.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'admin_theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /admin/ops/admins/default.php admin_theme_dir Parameter Traversal Local File Inclusion
|
|
48362
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the /admin/ops/reports/ops/download.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'admin_theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /admin/ops/reports/ops/download.php admin_theme_dir Parameter File Inclusion
|
|
48363
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the /admin/ops/reports/ops/forum.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'admin_theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /admin/ops/reports/ops/forum.php admin_theme_dir Parameter File Inclusion
|
|
48364
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/admin/ops/reports/news.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'admin_theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /admin/ops/reports/ops/news.php admin_theme_dir Parameter Traversal Local File Inclusion
|
|
48368
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/lang/de/moderator/default.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'lang' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /lang/de/moderator/default.php lang Parameter Traversal Local File Inclusion
|
|
48366
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/lang/en/moderator/default.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'lang' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /lang/en/moderator/default.php lang Parameter Traversal Local File Inclusion
|
|
48367
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/lang/fr/moderator/default.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'lang' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /lang/fr/moderator/default.php lang Parameter Traversal Local File Inclusion
|
|
48370
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/pages/download/default/ops/add.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /pages/download/default/ops/add.php theme_dir Parameter Traversal Local File Inclusion
|
|
48369
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/pages/download/default/ops/edit.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /pages/download/default/ops/edit.php theme_dir Parameter File Inclusion
|
|
48373
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the /pages/download/default/ops/newest.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /pages/download/default/ops/newest.php theme_dir Parameter Traversal Local File Inclusion
|
|
48371
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/pages/download/default/ops/search.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /pages/download/default/ops/search.php theme_dir Parameter Traversal Local File Inclusion
|
|
48372
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/pages/donwload/default/ops/top.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /pages/download/default/ops/top.php theme_dir Parameter Traversal Local File Inclusion
|
|
48374
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/pages/forum/default/content.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /pages/forum/default/content.php theme_dir Parameter Traversal Local File Inclusion
|
|
48381
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/blog/layouts/basic_footer.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/blog/layouts/basic_footer.php theme_dir Parameter Traversal Local File Inclusion
|
|
48382
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/blog/layouts/basic_header.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/blog/layouts/basic_header.php theme_dir Parameter Traversal Local File Inclusion
|
|
48383
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/blog/layouts/print.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'page' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/blog/layouts/print.php page Parameter Traversal Local File Inclusion
|
|
48380
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/blog/layouts/standard.php' script not properly sanitizing user input supplied to the 'page_include' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2008-07-04
|
1024 CMS /themes/blog/layouts/standard.php page_include Parameter Remote File Inclusion
|
|
48384
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/blog/layouts/total.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' and 'page' parameters. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/blog/layouts/total.php Multiple Parameter Traversal Local File Inclusion
|
|
48386
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/default/layouts/basic_footer.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/default/layouts/basic_footer.php theme_dir Parameter Traversal Local File Inclusion
|
|
48387
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/default/layouts/basic_header.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/default/layouts/basic_header.php theme_dir Parameter Traversal Local File Inclusion
|
|
48388
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/default/layouts/print.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'page_include' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/default/layouts/print.php page_include Parameter Traversal Local File Inclusion
|
|
48385
Description:
1024 CMS contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the '/themes/default/layouts/standard.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'theme_dir' parameter. This may allow an attacker to include a file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
|
2008-07-04
|
1024 CMS /themes/default/layouts/standard.php theme_dir Parameter Traversal Local File Inclusion
|
