[CLOSE] OSVDB ID : 67161 - Disclosed: 2010-07-21

Description:

coWiki contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'node' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 21481 - Disclosed: 2005-12-05

Description:

coWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'q' parameter upon submission to the 'index.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 60192 - Disclosed: 2009-07-14

Description:

(Description Provided by CVE) : JetAudio 7.5.3 COWON Media Center allows remote attackers to cause a denial of service (memory consumption and application crash) via a long string at the end of a .wav file.

[CLOSE] OSVDB ID : 81300 - Disclosed: 2012-04-22

Description:

Cox Web contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the shop.php script not properly sanitizing user-supplied input to the 'id' and 'maincatid' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 58259 - Disclosed: 2009-09-21

Description:

cP Creator contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'tickets' cookie. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21620 - Disclosed: 2005-11-30

Description:

(Description Provided by CVE) : Unspecified vulnerability in Positive Software Corporation CP+ (cpplus) before 2.5.5 allows attackers to has unknown impact and attack vectors, related to "a possible security flaw caused by a bug in Perl." NOTE: unless CP+ includes its own copy of Perl with CVE-2005-3962, this is a different vulnerability than CVE-2005-3962; however, there is insufficient information to be sure.

[CLOSE] OSVDB ID : 18746 - Disclosed: 2005-08-16

Description:

(Description Provided by CVE) : Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers to execute arbitrary ASP code via the cpaint_argument[] parameter to (1) calculator.asp or (2) cpaintfile.asp, which is directly fed into an eval statement.

[CLOSE] OSVDB ID : 18747 - Disclosed: 2005-08-15

Description:

CPAINT Ajax Toolkit contains a flaw that allows a remote cross site scripting attack. This flaw exists because the "checkBlacklist" function does not sanitize calls to the "ExecuteGlobal" function and "GetRef" statement. This could allow a malicious user to execute code remotely, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18748 - Disclosed: 2005-08-15

Description:

CPAINT Ajax ToolKit contains a flaw that allows a remote cross site scripting attack. The disclosure does not make it clear whether specific scripts or functions are prone to such attacks. This issue could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18745 - Disclosed: 2005-08-15

Description:

(Description Provided by CVE) : Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors.

[CLOSE] OSVDB ID : 19274 - Disclosed: 2005-09-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 22979 - Disclosed: 2006-02-09

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag.

[CLOSE] OSVDB ID : 52250 - Disclosed: 2008-08-05

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the .contactemail local file upon submission to an unspecified script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4530 - Disclosed: 2004-03-24

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "handle" variable upon submission to the "addhandle.html" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 82611 - Disclosed: 2012-05-31

Description:

cPanel contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the program not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to create arbitrary files via an error when handling log messages in the split logs binary.

[CLOSE] OSVDB ID : 10960 - Disclosed: 2004-10-18

Description:

(Description Provided by CVE) : cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users to (1) read arbitrary files via the backup feature or (2) chown arbitrary files via the .htaccess file when Front Page extensions are enabled or disabled.

[CLOSE] OSVDB ID : 32042 - Disclosed: 2006-12-01

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.

[CLOSE] OSVDB ID : 6944 - Disclosed: 2004-06-12

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the bwday.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 6942 - Disclosed: 2004-04-14

Description:

cPanel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL is sent to the "detailbw.html" page, which will disclose private information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 18661 - Disclosed: 2005-08-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 33234 - Disclosed: 2006-12-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 82646 - Disclosed: 2012-05-31

Description:

cPanel contains a flaw that is triggered by cPDAVd not properly sanitizing input when parsing filenames, which may allow a remote attacker to execute arbitrary code.

[CLOSE] OSVDB ID : 17399 - Disclosed: 2005-06-22

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' variable upon submission to the 'cpsrvd.pl' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4243 - Disclosed: 2004-03-13

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "ip" variable upon submission to the "del.html" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 6946 - Disclosed: 2004-06-13

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the detailbw.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 22939 - Disclosed: 2006-02-02

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'target' variable upon submission to the detailbw.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 6941 - Disclosed: 2004-04-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6945 - Disclosed: 2004-06-12

Description:

cPanel contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "mon", "year" and "domain" variables upon submission to the detailsubbw.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 6943 - Disclosed: 2004-06-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 88820 - Disclosed: 2012-12-26

Description:

cPanel contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'dir' parameter upon submission to the dir.html script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.