[CLOSE] OSVDB ID : 84247 - Disclosed: 2012-07-25

Description:

The Extension::MobileUI Extension for RT contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 420 - Disclosed: 2000-09-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.

[CLOSE] OSVDB ID : 64762 - Disclosed: 2010-05-20

Description:

External Link Page Module for Drupal contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the input on the module's administration page before being displayed on redirect pages. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 90740 - Disclosed: 2013-01-08

Description:

extlib Gem for Ruby contains a flaw that is triggered when a type casting error occurs during the parsing of parameters. This may allow a context-dependent attacker to potentially execute arbitrary code.

[CLOSE] OSVDB ID : 84687 - Disclosed: 2012-08-02

Description:

eXtplorer contains a flaw that is triggered when the program fails to properly check for permissions in /var/lib/extplorer/ftp_tmp. This may allow a local attacker to delete or overwrite arbitrary files.

[CLOSE] OSVDB ID : 71566 - Disclosed: 2011-04-06

Description:

eXtplorer contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition of an administrative user. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 52303 - Disclosed: 2009-03-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 84050 - Disclosed: 2012-07-09

Description:

eXtplorer contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'lang' parameter upon submission to the index.php script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 49400 - Disclosed: 2008-04-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the eXtplorer module (com_extplorer) 2.0.0 RC2 and earlier in Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the dir parameter in a show_error action.

[CLOSE] OSVDB ID : 88751 - Disclosed: 2012-12-25

Description:

eXtplorer contains a flaw in the ext_find_user() function of the users.php script. This issue may allow a remote attacker to bypass authentication and login as an arbitrary user. No further details have been provided.

[CLOSE] OSVDB ID : 50915 - Disclosed: 2008-12-19

Description:

(Description Provided by CVE) : Directory traversal vulnerability in download.php in eMetrix Extract Website allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.

[CLOSE] OSVDB ID : 52282 - Disclosed: 2008-10-29

Description:

Extrakt Framework contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'plugins[file][id]' variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 41766 - Disclosed: 2007-10-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.

[CLOSE] OSVDB ID : 35583 - Disclosed: 2007-04-20

Description:

(Description Provided by CVE) : Stack-based buffer overflow in eXtremail 2.1.1 and earlier allows remote attackers to execute arbitrary code via a long DNS response. NOTE: this might be related to CVE-2006-6926.

[CLOSE] OSVDB ID : 35584 - Disclosed: 2007-04-20

Description:

(Description Provided by CVE) : eXtremail 2.1.1 and earlier does not verify the ID field (aka transaction id) in DNS responses, which makes it easier for remote attackers to conduct DNS spoofing.

[CLOSE] OSVDB ID : 41767 - Disclosed: 2007-10-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.

[CLOSE] OSVDB ID : 41765 - Disclosed: 2007-10-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.

[CLOSE] OSVDB ID : 41764 - Disclosed: 2007-10-15

Description:

(Description Provided by CVE) : Multiple buffer overflows in eXtremail 2.1.1 and earlier allow remote attackers to (1) have an unknown impact by sending multiple long strings to the IMAP port (143/tcp); (2) execute arbitrary code via a long string in an IMAP AUTHENTICATE PLAIN action, involving the ifParseAuthPlain function; (3) execute arbitrary code via a long LOGIN command to the admin interface port (4501/tcp); or (4) execute arbitrary code via a long string in an IMAP AUTHENTICATE LOGIN (aka CRAM-MD5 authentication) action, involving the ifProcImapAuth1 function.

[CLOSE] OSVDB ID : 14148 - Disclosed: 2001-06-22

Description:

eXtremail contains multiple flaws that may allow a malicious user to execute arbitrary commands. The issue is triggered when a specially formatted string is sent to the fprintfstatement statement of the flog function due to a format string vulnerability in that function. It is possible that the flaw may allow a malicious user to execute arbitrary code as the superuser resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14147 - Disclosed: 2001-06-22

Description:

(Description Provided by CVE) : Format string vulnerability in flog function of eXtremail 1.1.9 and earlier allows remote attackers to gain root privileges via format specifiers in the SMTP commands (1) HELO, (2) EHLO, (3) MAIL FROM, or (4) RCPT TO, and the POP3 commands (5) USER and (6) other commands that can be executed after POP3 authentication.

[CLOSE] OSVDB ID : 4127 - Disclosed: 2004-02-26

Description:

eXtremail contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when a user password consists of a single digit or begins with a digit. It is possible that the flaw may allow an attacker to log in without a password resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 41763 - Disclosed: 2007-10-15

Description:

(Description Provided by CVE) : Integer overflow in eXtremail 2.1.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long USER command containing "%s" sequences to the pop3 port (110/tcp), which are expanded to "%%s" before being used in the memmove function, possibly due to an incomplete fix for CVE-2001-1078.

[CLOSE] OSVDB ID : 30396 - Disclosed: 2006-11-14

Description:

(Description Provided by CVE) : Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 30591 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

[CLOSE] OSVDB ID : 30592 - Disclosed: 2006-11-15

Description:

(Description Provided by CVE) : admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. NOTE: this issue can be combined with another vulnerability to expand the scope of a cross-site scripting (XSS) attack without authentication. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

[CLOSE] OSVDB ID : 33181 - Disclosed: 2007-02-09

Description:

(Description Provided by CVE) : Unrestricted file upload vulnerability in eXtremePow eXtreme File Hosting allows remote attackers to upload arbitrary PHP code via a filename with a double extension such as (1) .rar.php or (2) .zip.php.

[CLOSE] OSVDB ID : 36957 - Disclosed: 2007-02-24

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in functions.php in Extreme phpBB (aka phpBB Extreme) 3.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 35420 - Disclosed: 2007-04-18

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/.

[CLOSE] OSVDB ID : 35421 - Disclosed: 2007-04-18

Description:

(Description Provided by CVE) : Multiple PHP remote file inclusion vulnerabilities in Extreme PHPBB2 3.0 Pre Final allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) functions.php or (2) functions_portal.php in includes/.

[CLOSE] OSVDB ID : 21336 - Disclosed: 2005-12-01

Description:

Extreme Search Corporate Edition contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'search' variable upon submission to the 'extremesearch.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.