[CLOSE] OSVDB ID : 75733 - Disclosed: 2011-01-30

Description:

(Description Provided by CVE) : 111WebCalendar 1.2.3 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by footer.php and certain other files.

[CLOSE] OSVDB ID : 2126 - Disclosed: 2003-08-06

Description:

121 WAM! Server contains a flaw that allows malicious users to conduct unauthorized directory traversals. This is possible because the "CWD" command doesn't validate the character sequence "/../". A malicious user can use this to access information outside the FTP root.

[CLOSE] OSVDB ID : 67267 - Disclosed: 2010-08-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67269 - Disclosed: 2010-08-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 42849 - Disclosed: 2008-02-28

Description:

(Description Provided by CVE) : ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123flashchat.php and (2) phpbb_login_chat.php. NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs.

[CLOSE] OSVDB ID : 22930 - Disclosed: 2006-01-24

Description:

(Description Provided by CVE) : Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username.

[CLOSE] OSVDB ID : 22440 - Disclosed: 2006-01-13

Description:

123 Flash Chat Server contains a flaw that allows a remote attacker to write to files outside of the web path. The issue is due to the server not properly sanitizing user input when creating new users, specifically traversal style attacks (../../) supplied via the "user" variable. This flaw may allow a malicious user to gain access to unauthorized privileges and files.

[CLOSE] OSVDB ID : 67268 - Disclosed: 2010-08-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59363 - Disclosed: 2002-07-15

Description:

123tkShop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'function_describe_item1.inc.php' script not properly sanitizing user-supplied input to the unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 59364 - Disclosed: 2002-07-15

Description:

(Description Provided by CVE) : Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call.

[CLOSE] OSVDB ID : 43706 - Disclosed: 2007-12-14

Description:

(Description Provided by CVE) : SQL injection vulnerability in shop/mainfile.php in 123tkShop 0.9.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded value of the admin parameter to shop/admin.php.

[CLOSE] OSVDB ID : 50429 - Disclosed: 2003-04-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 50428 - Disclosed: 2003-04-11

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7464 - Disclosed: 2004-07-05

Description:

12Planet Chat Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate page variables upon submission to the one2planet.infolet.InfoServlet CGI applet. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 46011 - Disclosed: 2008-06-03

Description:

(Description Provided by CVE) : Static code injection vulnerability in guestbook.php in 1Book 1.0.1 and earlier allows remote attackers to upload arbitrary PHP code via the message parameter in an HTML webform, which is written to data.php.

[CLOSE] OSVDB ID : 53815 - Disclosed: 2009-04-20

Description:

A buffer overflow flaw exists in 1by1. 1by1 fails to check boundaries in the processing of m3u files resulting in a stack overflow. With a specially crafted file, a context-dependent attacker can cause execution of arbitary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 77648 - Disclosed: 2011-11-30

Description:

1pluginjquery contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'page' parameter upon submission to the wp-content/plugins/1-jquery-photo-gallery-slideshow-flash/wp-1pluginjquery.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 5016 - Disclosed: 2004-04-08

Description:

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the advanced.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4129 - Disclosed: 2004-02-25

Description:

1st Class Mail Server contains a flaw that may allow a remote denial of service. The issue is triggered when a long string is sent to the second parameter of the APOP USER command, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 5011 - Disclosed: 2004-04-08

Description:

1st Class Internet Solutions 1st Class Mail Server contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../).

[CLOSE] OSVDB ID : 5015 - Disclosed: 2004-04-08

Description:

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the general.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 5013 - Disclosed: 2004-04-08

Description:

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the index script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 5017 - Disclosed: 2004-04-08

Description:

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the list.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 5014 - Disclosed: 2004-04-08

Description:

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the Mailbox variable upon submission to the members.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 5012 - Disclosed: 2004-04-08

Description:

1st Class Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the MessageIndex variable upon submission to the viewmail.tagz script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 49534 - Disclosed: 2008-11-02

Description:

1st News contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'products.php' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 13795 - Disclosed: 2000-12-26

Description:

(Description Provided by CVE) : Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long MAIL FROM command.

[CLOSE] OSVDB ID : 17322 - Disclosed: 2005-05-17

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.

[CLOSE] OSVDB ID : 17321 - Disclosed: 2005-05-17

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.

[CLOSE] OSVDB ID : 16717 - Disclosed: 2005-05-10

Description:

1Two Livre d'Or contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'livreornom', 'livreoremail', and 'livreormessage' variables upon submission to the 'guestbook.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.