[CLOSE] OSVDB ID : 22762 - Disclosed: 2006-01-25

Description:

A remote overflow exists in E-Post. The POP3 service fails to check the length of usernames supplied to the APOP command, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 22761 - Disclosed: 2006-01-25

Description:

A remote overflow exists in E-Post. The SMTP service fails to check the length of the username supplied to the AUTH PLAIN and AUTH LOGIN commands, resulting in a stack-based overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 68017 - Disclosed: 2010-09-14

Description:

e-press ONE is prone to a flaw in the way it loads dynamic-link libraries (e.g. E-Press ONE Office Author loading java_msci.dll and msci_java.dll or E-Press ONE Office E-Zip and E-Press ONE Office E-NoteTaker loading mfc71enu.dll and mfc71loc.dll). The program uses a fixed path to look for specific files or libraries. This path includes directories that may not be trusted or under user control. By placing a custom version of the file or library in the path, the program will load it before the legitimate version. This allows an attacker to inject custom code that will be run with the privilege of the program or user executing the program. This can be done by tricking a user into opening a PSW, TXT, RAR, or TAR file from the local file system or a USB drive in some cases. This attack can be leveraged remotely in some cases by placing the malicious file or library on a network share or extracted archive downloaded from a remote source.

[CLOSE] OSVDB ID : 21881 - Disclosed: 2005-12-17

Description:

e-publish CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'printer_friendly.cfm' script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 21882 - Disclosed: 2005-12-17

Description:

e-publish CMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'obcatid' and 'comid' variables upon submission to the 'show.cfm' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20997 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopaddtocart.asp' script not properly sanitizing user-supplied input to the 'productid' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20993 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strgifttoname' variable upon submission to the 'shopgift.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20994 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strfirstname' variable upon submission to the 'shopmaillist.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20998 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shopprojectlogin.asp' script not properly sanitizing user-supplied input to the 'strpemail' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 20995 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'strpid' variable upon submission to the 'shopprojectlogin.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20996 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'Custname' variable upon submission to the 'shoptellafriend.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20999 - Disclosed: 2005-11-18

Description:

e-Quick Cart contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'shoptellafriend.asp' script not properly sanitizing user-supplied input to the 'id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 44565 - Disclosed: 2008-04-23

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in E-RESERV 2.1 allows remote attackers to execute arbitrary SQL commands via the ID_loc parameter.

[CLOSE] OSVDB ID : 24128 - Disclosed: 2006-03-27

Description:

E-School Management System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the default.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 87187 - Disclosed: 2012-03-08

Description:

The PHP API of e-Select Plus contains a flaw related to domain name validation during certificate validation. The issue is due to the server hostname not being verified to match a domain name in the Subject's Common Name (CN) or SubjectAltName field of the X.509 certificate. This may allow a man-in-the-middle attacker to spoof SSL servers via an arbitrary certificate that appears valid. Such an attack would allow for the interception of sensitive traffic, and potentially allow for the injection of content into the SSL stream.

[CLOSE] OSVDB ID : 48001 - Disclosed: 2008-09-07

Description:

E-Shop Module for Masir Camp contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'ordercode' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 47461 - Disclosed: 2008-08-14

Description:

E-Shop Shopping Cart contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'search_results.php' script not properly sanitizing user-supplied input to the 'cid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 38419 - Disclosed: 2007-09-02

Description:

(Description Provided by CVE) : Multiple SQL injection vulnerabilities in embadmin/login.asp in E-SMARTCART 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user and (2) pass fields, different vectors than CVE-2007-0092.

[CLOSE] OSVDB ID : 31679 - Disclosed: 2007-01-04

Description:

(Description Provided by CVE) : SQL injection vulnerability in productdetail.asp in E-SMARTCART 1.0 allows remote attackers to execute arbitrary SQL commands via the product_id parameter.

[CLOSE] OSVDB ID : 46160 - Disclosed: 2008-06-16

Description:

E-SMART CART contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'productsofcat.asp' script not properly sanitizing user-supplied input to the 'category_id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 47331 - Disclosed: 2008-08-02

Description:

E-Store Kit contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'viewdetails.php' script not properly sanitizing user-supplied input to the 'pid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 15085 - Disclosed: 2005-03-25

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code.

[CLOSE] OSVDB ID : 15086 - Disclosed: 2005-03-25

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in downloadform.php in E-Store Kit-2 PayPal Edition allows remote attackers to inject arbitrary web script or HTML via the txn_id parameter.

[CLOSE] OSVDB ID : 51079 - Disclosed: 2003-01-06

Description:

(Description Provided by CVE) : aff_liste_langue.php in E-theni allows remote attackers to execute arbitrary PHP code by modifying the rep_include parameter to reference a URL on a remote web server that contains para_langue.php.

[CLOSE] OSVDB ID : 59690 - Disclosed: 2003-01-06

Description:

(Description Provided by CVE) : find_theni_home.php in E-theni allows remote attackers to obtain sensitive system information via a URL request which executes phpinfo.

[CLOSE] OSVDB ID : 80941 - Disclosed: 2012-04-04

Description:

e-ticketing contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the loginscript.php script not properly sanitizing user-supplied input to the 'user_name' and 'password' parameters. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 49917 - Disclosed: 2008-11-17

Description:

E-topbiz AdManager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'view.php' script not properly sanitizing user-supplied input to the 'group' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 49924 - Disclosed: 2008-11-18

Description:

(Description Provided by CVE) : E-topbiz Link Back Checker 1 allows remote attackers to bypass authentication and gain administrative access by setting the auth cookie to "admin."

[CLOSE] OSVDB ID : 49688 - Disclosed: 2008-11-07

Description:

E-topbiz Number Links 1 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/admin_catalog.php script not properly sanitizing user-supplied input to the id variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 49698 - Disclosed: 2008-11-07

Description:

E-topbiz Online Store 1 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the admin/login.php script not properly sanitizing user-supplied input to the user variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.