[CLOSE] OSVDB ID : 46172 - Disclosed: 2008-06-12

Description:

gllcTS2 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'login.php' script not properly sanitizing user-supplied input to the 'detail' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.

[CLOSE] OSVDB ID : 74577 - Disclosed: 2011-08-19

Description:

Global Content Blocks Plugin for WordPress contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the wp-content/plugins/global-content-blocks/gcb/gcb_export.php script not properly sanitizing user-supplied input to the 'gcb' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 73663 - Disclosed: 2011-07-01

Description:

Global Flash Galleries Component for Joomla! contains a flaw that allows a remote Cross-site Request Forgery (CSRF / XSRF) attack. The flaw exists because the application does not require multiple steps or explicit confirmation for sensitive transactions for the addition or deletion of galleries. By using a crafted URL (e.g., a crafted GET request inside an "img" tag), an attacker may trick the victim into clicking on the image to take advantage of the trust relationship between the authenticated victim and the application. Such an attack could trick the victim into executing arbitrary commands in the context of their session with the application, without further prompting or verification.

[CLOSE] OSVDB ID : 73662 - Disclosed: 2011-07-01

Description:

Global Flash Galleries Component for Joomla! contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 45886 - Disclosed: 2007-09-05

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll.

[CLOSE] OSVDB ID : 45887 - Disclosed: 2007-09-05

Description:

(Description Provided by CVE) : Multiple heap-based buffer overflows in GlobalLink 2.7.0.8 allow remote attackers to execute arbitrary code via (1) a long eighth argument to the SetInfo method in a certain ActiveX control in glItemCom.dll or (2) a long second argument to the SetClientInfo method in a certain ActiveX control in glitemflat.dll.

[CLOSE] OSVDB ID : 33679 - Disclosed: 2007-02-04

Description:

GlobalMegaCorp contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'dvddb inc/common.php' script not properly sanitizing user input supplied to the 'config' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 33670 - Disclosed: 2007-02-04

Description:

(Description Provided by CVE) : ** DISPUTED ** SQL injection vulnerability in inc/common.php in GlobalMegaCorp dvddb 0.6 allows remote attackers to execute arbitrary SQL commands via the user parameter. NOTE: this issue has been disputed by a reliable third party, who states that inc/common.php only contains function definitions.

[CLOSE] OSVDB ID : 17822 - Disclosed: 2005-07-07

Description:

(Description Provided by CVE) : read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters.

[CLOSE] OSVDB ID : 24452 - Disclosed: 2004-05-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16049 - Disclosed: 2005-05-01

Description:

A remote overflow exists in GlobalSCAPE Secure FTP Server. The Secure FTP Server fails to perform adequate bounds checking of user-supplied input resulting in a buffer overflow. With a specially crafted request in the format "[3000 Bytes] \r\n" , an attacker can overwrite the EIP and SEH registers and execute arbitrary code on the system, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 24451 - Disclosed: 2006-01-10

Description:

Secure FTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified command with a lengthy parameter line is passed to the server, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 4332 - Disclosed: 2004-03-18

Description:

(Description Provided by CVE) : Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 allows remote attackers to cause a denial of service (crash) via a SITE command with a long argument.

[CLOSE] OSVDB ID : 30718 - Disclosed: 2006-04-12

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43676 - Disclosed: 2007-05-15

Description:

(Description Provided by CVE) : The Globe7 soft phone client 7.3 sends username and password information in cleartext, which allows remote attackers to obtain sensitive information by sniffing the HTTP traffic.

[CLOSE] OSVDB ID : 40626 - Disclosed: 2007-10-24

Description:

(Description Provided by CVE) : The Globe7 soft phone client 7.3 uses weak cryptography (reversed sequence of binary values) for the password, which might allow local users to obtain sensitive information.

[CLOSE] OSVDB ID : 42203 - Disclosed: 2008-02-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in globsy_edit.php in Globsy 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

[CLOSE] OSVDB ID : 51607 - Disclosed: 2008-10-12

Description:

(Description Provided by CVE) : globsy_edit.php in Globsy 1.0 and earlier allows remote attackers to create or overwrite arbitrary files via a filename in the file parameter and file contents in the data parameter.

[CLOSE] OSVDB ID : 28014 - Disclosed: 2005-05-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 36094 - Disclosed: 2007-05-17

Description:

(Description Provided by CVE) : Unspecified vulnerability in globus-job-manager in Globus Toolkit 4.1.1 and earlier (globus_nexus-6.6 and earlier) allows remote attackers to cause a denial of service (resource exhaustion and system crash) via certain requests to temporary TCP ports for a GRAM2 job or its MPICH-G2 applications.

[CLOSE] OSVDB ID : 28018 - Disclosed: 2006-08-15

Description:

(Description Provided by CVE) : Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.

[CLOSE] OSVDB ID : 28020 - Disclosed: 2006-08-15

Description:

(Description Provided by CVE) : Race condition in the grid-proxy-init tool in Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allows local users to steal credential data by replacing the proxy credentials file in between file creation and the check for exclusive file access.

[CLOSE] OSVDB ID : 28019 - Disclosed: 2006-08-15

Description:

(Description Provided by CVE) : Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.

[CLOSE] OSVDB ID : 28015 - Disclosed: 2005-05-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28017 - Disclosed: 2006-08-15

Description:

(Description Provided by CVE) : Globus Toolkit 3.2.x, 4.0.x, and 4.1.0 before 20060815 allow local users to obtain sensitive information (proxy certificates) and overwrite arbitrary files via a symlink attack on temporary files in the /tmp directory, as demonstrated by files created by (1) myproxy-admin-adduser, (2) grid-ca-sign, and (3) grid-security-config.

[CLOSE] OSVDB ID : 28016 - Disclosed: 2005-09-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53092 - Disclosed: 2008-04-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in glossaire.php in Glossaire 2.0 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 37921 - Disclosed: 2007-05-15

Description:

(Description Provided by CVE) : SQL injection vulnerability in glossaire-p-f.php in the Glossaire 1.7 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the sid parameter in an ImprDef action.

[CLOSE] OSVDB ID : 34451 - Disclosed: 2006-07-01

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in the Glossaire module 1.7 for Xoops allows remote attackers to execute arbitrary PHP code via a URL in the pa parameter.

[CLOSE] OSVDB ID : 41268 - Disclosed: 2008-01-30

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Glossary (com_glossary) 2.0 component for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter in a display action.