[CLOSE] OSVDB ID : 29342 - Disclosed: 2006-08-15

Description:

(Description Provided by CVE) : Directory traversal vulnerability in autohtml.php in the AutoHTML module for PHP-Nuke allows local users to include arbitrary files via a .. (dot dot) in the name parameter for a modload operation.

[CLOSE] OSVDB ID : 45282 - Disclosed: 2007-11-12

Description:

(Description Provided by CVE) : classes/Url.php in Justin Hagstrom AutoIndex PHP Script before 2.2.4 allows remote attackers to cause a denial of service (CPU and memory consumption) via a %00 sequence in the dir parameter to index.php, which triggers an erroneous "recursive calculation."

[CLOSE] OSVDB ID : 17753 - Disclosed: 2005-07-05

Description:

Autoindex PHP script contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "search" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 38664 - Disclosed: 2007-11-13

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in index.php in Justin Hagstrom AutoIndex PHP Script before 2.2.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO (PHP_SELF).

[CLOSE] OSVDB ID : 45303 - Disclosed: 2007-07-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 92853 - Disclosed: 2013-04-10

Description:

autojump is prone to a flaw in the way it loads dynamic-link libraries (DLL). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows a local attacker to create arbitrary files containing custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. This can be done by tricking a user into opening the etc/profile.d/autojump.sh file from the local file system or a USB drive in some cases. This attack scenario is certainly possible, but rare.

[CLOSE] OSVDB ID : 19066 - Disclosed: 2005-08-28

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in al_initialize.php for AutoLinks Pro 2.1 allows remote attackers to execute arbitrary PHP code via an "ftp://" URL in the alpath parameter, which bypasses the incomplete blacklist that only checks for "http" and "https" URLs.

[CLOSE] OSVDB ID : 71926 - Disclosed: 2011-04-21

Description:

Automagick Tube Script contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'module' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 45151 - Disclosed: 2008-05-13

Description:

Automated Link Exchange Portal contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'linking.page.php' script not properly sanitizing user-supplied input to the 'cat_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 61295 - Disclosed: 2009-12-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the Automated Logout module 6.x-1.x before 6.x-1.7 and 6.x-2.x before 6.x-2.3 for Drupal allows remote authenticated users with administer autologout privileges to inject arbitrary web script or HTML via unspecified vectors.

[CLOSE] OSVDB ID : 38259 - Disclosed: 2007-09-18

Description:

Automated Solutions Modbus TCP Slave ActiveX contains an overflow condition in MiniHMI.exe. The issue is triggered as user-supplied input is not properly sanitized by the Modbus/TCP Diagnostic function (FC8). With a specially crafted ModBus request to TCP port 502, a remote attacker can cause a heap-based buffer overflow to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 70637 - Disclosed: 2010-10-30

Description:

Modbus/TCP Master OPC Server is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in a heap-based buffer overflow. With a specially crafted packet, a local attacker can potentially execute arbitrary code.

[CLOSE] OSVDB ID : 49360 - Disclosed: 2003-04-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49359 - Disclosed: 2003-04-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49361 - Disclosed: 2003-04-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 49362 - Disclosed: 2003-04-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60626 - Disclosed: 2009-12-01

Description:

(Description Provided by CVE) : Unspecified vulnerability in the Automatic Base Tags for RealUrl (lt_basetag) extension 1.0.0 for TYPO3 allows remote attackers to conduct "Cache spoofing" attacks via unspecified vectors.

[CLOSE] OSVDB ID : 91265 - Disclosed: 2012-12-17

Description:

Automatic Bug Reporting Tool (ABRT) contains a flaw as abrt-action-install-debuginfo creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against directories used to store crash information to cause the program to unexpectedly grant elevated privileges to the attacker.

[CLOSE] OSVDB ID : 83775 - Disclosed: 2012-02-06

Description:

Automatic Bug Reporting Tool (ABRT) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the program fails to set permissions on a core dump file, which will disclose potentially sensitive dump file information to a local attacker.

[CLOSE] OSVDB ID : 91261 - Disclosed: 2012-09-03

Description:

Automatic Bug Reporting Tool (ABRT) is prone to a flaw in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in the way it loads Python modules. The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path and setting the PYTHONPATH environment variable, the program will load it before the legitimate version. This allows a local attacker to inject custom code that will be run with the privilege of the program or user executing the program. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source. This can be done by tricking a user into opening a file from the local file system or a USB drive in some cases. This attack scenario is certainly possible, but rare.

[CLOSE] OSVDB ID : 83776 - Disclosed: 2012-06-20

Description:

Automatic Bug Reporting Tool (ABRT) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the program not properly scrubbing sensitive data in crash reportss before submitting them to the vendor. An attacker with access to the network between the submitting system and vendor may be able to obtain sensitive information in transit (e.g. via sniffing).

[CLOSE] OSVDB ID : 85859 - Disclosed: 2011-06-01

Description:

The Automatic Dependent Surveillance-Broadcast (ADS-B) protocol is used by airplanes to broadcast information such as the "aircraft’s position, velocity, identification, and other ATC/ATM-related information". The message protocol suffers from several issues that make it prone to abuse. These include lack of entity authentication, lack of message signatures, lack of authentication codes, lack of message encryption, lack of a challenge-response mechanism, and lack of ephemeral identifiers. This may allow an attacker to inject unauthorized messages, impersonate airplanes, eavesdrop on traffic, conduct replay attacks, and more.

[CLOSE] OSVDB ID : 14542 - Disclosed: 2002-09-04

Description:

(Description Provided by CVE) : Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.

[CLOSE] OSVDB ID : 84276 - Disclosed: 2006-04-20

Description:

Automatic File Distributor (AFD) contains a flaw that may allow an attacker to gain access to unauthorized privileges. This issue is triggered when a user cannot read the afd.users file, which will result in the program failing to give proper permissions to users. This may allow an attacker to gain escalated privileges.

[CLOSE] OSVDB ID : 14544 - Disclosed: 2002-09-04

Description:

(Description Provided by CVE) : Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.

[CLOSE] OSVDB ID : 14543 - Disclosed: 2002-09-04

Description:

(Description Provided by CVE) : Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.

[CLOSE] OSVDB ID : 84263 - Disclosed: 2012-06-05

Description:

Automatic File Distributor (AFD) contains a flaw that may allow a denial of service. The issue is triggered when an unspecified error occurs in the afdd service, which will result in an infinite loop. This will cause a loss of availability for the program. No further details have been provided.

[CLOSE] OSVDB ID : 14545 - Disclosed: 2002-09-04

Description:

(Description Provided by CVE) : Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.

[CLOSE] OSVDB ID : 84283 - Disclosed: 2011-01-28

Description:

Automatic File Distributor (AFD) is prone to an overflow condition. This issue is triggerd when init_afd fails to properly sanitize user-supplied input resulting in a buffer overflow. No further details have been provided.

[CLOSE] OSVDB ID : 14546 - Disclosed: 2002-09-04

Description:

(Description Provided by CVE) : Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.