[CLOSE] OSVDB ID : 35520 - Disclosed: 2007-05-16

Description:

Glossword contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'custom_vars.php' script not properly sanitizing user input supplied to the 'sys[path_addon]' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 37347 - Disclosed: 2007-05-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43599 - Disclosed: 2007-03-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 43597 - Disclosed: 2007-03-09

Description:

(Description Provided by CVE) : GlowWorm FW before 1.5.3b4 allows remote attackers to cause a denial of service (kernel panic) via certain DNS responses that trigger infinite recursion in TrueDNS packet parsing, as originally observed with certain login.yahoo.com responses.

[CLOSE] OSVDB ID : 43598 - Disclosed: 2007-03-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 36719 - Disclosed: 2007-06-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 74151 - Disclosed: 2011-07-20

Description:

(Description Provided by CVE) : The autocompletion functionality in GLPI before 0.80.2 does not blacklist certain username and password fields, which allows remote attackers to obtain sensitive information via a crafted POST request.

[CLOSE] OSVDB ID : 51596 - Disclosed: 2009-01-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63124 - Disclosed: 2010-02-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 67079 - Disclosed: 2010-08-11

Description:

(Description Provided by CVE) : Multiple integer overflows in glpng.c in glpng 1.45 allow context-dependent attackers to execute arbitrary code via a crafted PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF function, leading to heap-based buffer overflows.

[CLOSE] OSVDB ID : 46180 - Disclosed: 2008-06-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the FTP client in Glub Tech Secure FTP before 2.5.16 on Windows allows remote FTP servers to create or overwrite arbitrary files via a ..\ (dot dot backslash) in a response to a LIST command, a related issue to CVE-2002-1345.

[CLOSE] OSVDB ID : 78574 - Disclosed: 2012-01-23

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in glucose 2 before stage 6.2 allows remote attackers to inject arbitrary web script or HTML via an RSS feed.

[CLOSE] OSVDB ID : 72777 - Disclosed: 2011-05-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65460 - Disclosed: 2010-06-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 65459 - Disclosed: 2010-06-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10940 - Disclosed: 2004-10-19

Description:

Gmail Drive contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the program naming the drive based on the Gmail account login name, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 66884 - Disclosed: 2008-03-01

Description:

Gmail-lite lets attackers do Mass Mailing, Mail Bombing, and Spamming. They don’t even need to set up a new Gmail-Lite server, nor write a complicated code for this. They simply can go to a Gmail-Lite web site, compose an abuse email, and send it to a victim thousands of times with just the aid of little extremely simple JavaScript. It creates DOS to other email users where their email systems don’t have smart and intelligent filter option like gmail;hence this vulnerability causes a huge impact to non-gmail users.

[CLOSE] OSVDB ID : 66886 - Disclosed: 2008-03-01

Description:

The gmail-lite doesn't enforce the location and file permission of files uploaded so called attachments. Attacker can exploit this flaw to upload arbitrary PHP files which allow them to execute any functions that PHP can support such as command execution, file access, proxying ..etc/

[CLOSE] OSVDB ID : 66885 - Disclosed: 2008-01-01

Description:

Gmail-Lite contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate every GET/POST parameter upon submission to its scripts. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 16171 - Disclosed: 2005-05-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 47998 - Disclosed: 2008-09-04

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.

[CLOSE] OSVDB ID : 39192 - Disclosed: 2007-07-31

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in the Firestorm Technologies GMaps (com_gmaps) 1.00 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the mapId parameter in a viewmap action.

[CLOSE] OSVDB ID : 76665 - Disclosed: 2011-10-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 62084 - Disclosed: 2010-01-31

Description:

(Description Provided by CVE) : Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h in GMime before 2.4.15 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via input data for a uuencode operation.

[CLOSE] OSVDB ID : 2464 - Disclosed: 2003-08-25

Description:

GBrowse contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the gbrowse script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "help" variable.

[CLOSE] OSVDB ID : 36571 - Disclosed: 2007-05-22

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in showown.php in GMTT Music Distro 1.2 allows remote attackers to inject arbitrary web script or HTML via the st parameter.

[CLOSE] OSVDB ID : 11875 - Disclosed: 2000-05-10

Description:

Gnapster contains a flaw that may allow a malicious user to retrieve arbitrary files from a victim's computer because Gnapster fails to verify the shared status of files before sending them. The issue is triggered when a malicious user specifies the full path in a file request when using the GET command. It is possible that the flaw may allow arbitrary file retrieval resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14341 - Disclosed: 2002-02-12

Description:

(Description Provided by CVE) : Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 63622 - Disclosed: 2010-03-03

Description:

Gnat-TGP contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/tgpinc.php' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.

[CLOSE] OSVDB ID : 17759 - Disclosed: 2005-07-06

Description:

(Description Provided by CVE) : gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when installed setuid, does not properly check files passed to the -o argument and opens the file with write access, which allows local users to overwrite arbitrary files.